4

Before I have tried to do this using a phony user and iptables to execute commands that needs to be restricted. However now the commands need to read configuration set by each user's environment vars so it seems this way no longer works.

The OS is a RedHat and seems like the only solid alternative is SELinux. There is little about the best practises to configure SElinux policies beyond basic documentation and tutorial on the web. What is a recommended way to implement this functionality?

Disenchanted Toad
  • 141
  • 1
  • Start here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html – Michael Hampton Oct 28 '15 at 12:00
  • 1
    Yes I am aware there is documentation for SElinux on redhat website. Yet my question was about restricting specific applications' **Internet** access, not confining the actions of a set of users. – Disenchanted Toad Oct 28 '15 at 19:59

0 Answers0