Matthew Miller (mattdm@mattdm.org) said:
This all may sound complicated, but it's not. Usermode already implements 99% of what was needed -- the core patch is about a dozen lines! (There's also is_group_member and is_grouplist_member helper functions, but those are very simple too.)
And, it's a very non-evasive change, because if the config files aren't changed, it defaults to acting exactly like it does now.
See the patch, and the request, at:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=86188
Any comments/suggestions are very welcome.
SELinux roles! :)
Bill