dbadm.pp is not available in selinux-policy package
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 8 12:15:33 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As Dominick stated. I prefer to think in terms of two different roles.
Login Roles, and Roles to execute in when you have privileges (IE Root).
Login Roles/Types
staff_t, user_t, unconfined_t, xguest_t, guest_t
Three interfaces can be used to create confined login users.
userdom_restricted_user_template(guest)
userdom_restricted_xwindows_user_template(xguest)
userdom_unpriv_user_template(staff)
Admin Roles/Types
logadm_t, webadm_t, secadm_t, auditadm_t
The following interface can be used to create an Admin ROle
userdom_base_user_template(logadm)
sysadm_t is sort of a hybrid, most people use it as an Admin Role.
I imagine that you login as a confined user and then use sudo/newrole to
switch roles to one of the admin roles.
Of course you are free to design your own system creating fully login
admin roles. Or creating addinitional non admin user roles.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAku9yOUACgkQrlYvE4MpobNZBQCgh5RdBRm1ZPjtHNqI5Jf3UHRs
Bw0An3cao7Jw/TJUiS6LqB5C6C5ajyhd
=q1nL
-----END PGP SIGNATURE-----
More information about the selinux
mailing list