I want to control some accesses of root in Linux- fedora, for example, I want to run a process and I want root not to be able to kill it.
I use SELinux and I changed root mapping from unconfined to guest_u:
Login Name SELinux User MLS/MCS Range Service root guest_u s0 *
also, I changed my current account to root SELinux User mode. like this:
Login Name SELinux User MLS/MCS Range Service my_user root s0-s0:c0.c1023 * root guest_u s0 *
theoretically, after registering changes by rebooting, my user must have grant root privileges and the root must be unable to do many actions and activities.
but this not happened. and my root still can do everything (enabled by sudo su – from current account) and my current account can’t do what I want.
could someone explain to me what’s happened there, after I registering changes? and why I cannot reach what I want here??
thank you for any feedback!