Daniel J Walsh wrote:
Michael C Thompson wrote:
Daniel J Walsh wrote:
Michael C Thompson wrote:
Hey all,
I'm preempting the minutes from the call to begin a nice solidified
list of things that constitute the permissions of the administrative
users (and staff) on the system. As this gets developed, I will add
it to the Fedora Wiki [ http://fedoraproject.org/wiki/SELinux ].
I would like to focus more on talking about how the policy should
work, and less about how the policy does work.
There are 3 administrative roles and 2 user roles:
sysadm_r
secadm_r
auditadm_r
staff_r
user_r
Who should be capable of doing doing setenforce 1 ? secadm_r should (and
is) be the only one who can do setenforce 0, but should setenforce 1 be
equally restricted?
Thanks,
Mike
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
