Michael C Thompson wrote:
Daniel J Walsh wrote:
Michael C Thompson wrote:
Daniel J Walsh wrote:
Michael C Thompson wrote:
Hey all,
I'm preempting the minutes from the call to begin a nice
solidified list of things that constitute the permissions of the
administrative users (and staff) on the system. As this gets
developed, I will add it to the Fedora Wiki [
http://fedoraproject.org/wiki/SELinux ].
I would like to focus more on talking about how the policy should
work, and less about how the policy does work.
There are 3 administrative roles and 2 user roles:
sysadm_r
secadm_r
auditadm_r
staff_r
user_r
Who should be capable of doing doing setenforce 1 ? secadm_r should
(and is) be the only one who can do setenforce 0, but should
setenforce 1 be equally restricted?
Well I can't stop anyone else from setenforce 1 if getenforce == 0.
Thanks,
Mike
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
