I don't know very much about SELinux so I need your tips how to achieve what I want to do. I don't need a solution but hints where to start and what to read.
I want to have an application which is allowed to read/write a config file, update the system (using yum) and updating itself and has access to some of the hardware. Nothing
else should be possible. The application will be started on bootup and closing it will shutdown the hole system. There should be no user or at least not more users then needed to boot the system and run the app.
How do I know which system services (e.g. log) need which permissions and how can I make sure that nothing else has access to anything except of the few things my app needs?
Please send me any kind of links and ideas you have.