I want to restrict access to files in
/proc as much as possible using SELinux. When I try to chcon a directory in /proc, it fails:
$ chcon -t staff_proc_t /proc/acpi
chcon: failed to change context of '/proc/acpi' to ‘system_u:object_r:staff_proc_t’: Operation not supported/proc filesystem does not allow changing the context directly. How can I set SELinux contexts on /proc entries?
If that is not possible, I would like to prohibit access to these files by other means. I would like to hide mountpoint information, ACPI directory, /proc/config.gz etc.
Asked by jiwopene
(1091 rep)
Nov 19, 2022, 04:09 PM
Last activity: Nov 19, 2022, 04:10 PM
Last activity: Nov 19, 2022, 04:10 PM