Stephen Smalley wrote:
On Tue, 2006-05-16 at 08:43 -0400, Steve Grubb wrote:
On Tuesday 16 May 2006 08:21, Daniel J Walsh wrote:
I want to open up discussion of removal of the secadm_t policy and
roling it into sysadm_t and make auditadm_r match what Michael and Casey
have defined.
I really think the original intent of the secadm role was to separate audit
use/control from admin role. I think the role name may have lead to confusion
and people then wanted an audit admin role because that *was* needed. Then
the problem became "what is the definition of the security admin?"
So, I vote for combining secadm with sysadm.
People often ask for a security officer / administrator role in SELinux
separate from the system administrator role. We've often explained that
truly separating the two in a way that prevents subversion of one from
the other is difficult without greatly impairing the ability of either
to work normally, but they seem to just want the basic separation of
function between policy administration and normal system administration
without necessarily preventing a malicious sysadmin from gaining access
to secadm. So you may want to retain a separate secadm, with a tunable
to fold it into sysadm for common use.
I'm not totally up on creating policy , but wouldn't leaving the secadm
tunable keep the problem of expressing exactly what his role is around?
I'll be happy with what we go with, but it would make testing a lot
easier if we had only two admin roles which were clearly defined.
Mike
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
