Hello List,
dont have experience with selinux, but i want to know if it would be a practicable way to secure sshd with selinux. i have some webservers and want to grant ssh-access to some users. my plan ist to make new server where users are able to log in. the homes from webserver are mounted in by nfs etc. i dont like chroot-env for ssh, a lot of disadvantages... also i dont like if users would scrabble folders that doesn't concern them. so i thought it would be possible to restrict users by selinux so they dont are able to see too much... objective is to restrict users to there home (as far as possible) and run some typical programms like perl, php, some binaries and hide all other... is this a useful scenario for selinux? If not, are there alternatives?
Thanks, Hajo