On Tue, 2006-05-16 at 08:43 -0400, Steve Grubb wrote: > On Tuesday 16 May 2006 08:21, Daniel J Walsh wrote: > > I want to open up discussion of removal of the secadm_t policy and > > roling it into sysadm_t and make auditadm_r match what Michael and Casey > > have defined. > > I really think the original intent of the secadm role was to separate audit > use/control from admin role. I think the role name may have lead to confusion > and people then wanted an audit admin role because that *was* needed. Then > the problem became "what is the definition of the security admin?" > > So, I vote for combining secadm with sysadm.
People often ask for a security officer / administrator role in SELinux separate from the system administrator role. We've often explained that truly separating the two in a way that prevents subversion of one from the other is difficult without greatly impairing the ability of either to work normally, but they seem to just want the basic separation of function between policy administration and normal system administration without necessarily preventing a malicious sysadmin from gaining access to secadm. So you may want to retain a separate secadm, with a tunable to fold it into sysadm for common use. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
