• 1

On an MLS machine you would not want to have an unconfined domain

You would want to control all domains to as close to least privilege as possible.

But in general I think it is a good idea to run with the unconfined.pp and permissivedomains.pp file disable.

I tend to leave the unconfineduser domain, although I have setup my own user to login as staff_t and become sysadm_t when I am root.

  • 1

Log in