On Thu, 2004-03-18 at 13:43, Aleksey Nogin wrote:
So what is the difference between the sysadm_r and system_r? How does it relate to the
# sample for administrative user ifdef(`direct_sysadm_daemon', ` #user jadmin roles { staff_r sysadm_r system_r }; ', ` #user jadmin roles { staff_r sysadm_r }; ')
in the /etc/security/selinux/src/policy/users? Thanks!
sysadm_r is intended for administrative sessions. system_r is intended for system processes; it is the initial role for /sbin/init and its descendants. Including system_r in the set of role authorizations for administrators is a temporary workaround to support direct restarting of daemons from an admin shell; the daemon should then automatically transition into system_r:<daemon domain>, assuming it has a domain.