selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Stopping COTS from accessing root directory

Stopping COTS from accessing root directory

From: Gregg Tomas <java_gregg_at_nospam>
Date: Fri Jan 29 2010 - 00:28:37 GMT
To: selinux@tycho.nsa.gov


Hello Everyone,

Bare with me, I am fairly new to SELinux policy writing.

How do you write a rule to stop an application from accessing the root (/) directory? I am running Open Office (openoffice_exec_t) and whenever I open the open dialog (From the menubar, File
-> Open) , on the top right of the open dialog, there are 3 buttons.
The left most button is the "up one level" button. If you click and hold your mouse left button down on it, a sub menu appears and display a menu item called Workplace. If I click on it, it will bring you to root directory (/). I am trying to prevent that. I have a neverallow rule in my test.te: neverallow openoffice_exec_t root_t:dir { search }; However, it still transitions there after I touch /.autorelabel and reboot.

Thanks.        -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.