[BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As Dominick stated. I prefer to think in terms of two different roles. Login Roles, and Roles to execute in when you have privileges (IE Root). Login Roles/Types staff_t, user_t, unconfined_t, xguest_t, guest_t Three interfaces can be used to create confined login users. userdom_restricted_user_template(guest) userdom_restricted_xwindows_user_template(xguest) userdom_unpriv_user_template(staff) Admin Roles/Types logadm_t, webadm_t, secadm_t, auditadm_t The following interface can be used to create an Admin ROle userdom_base_user_template(logadm) sysadm_t is sort of a hybrid, most people use it as an Admin Role. I imagine that you login as a confined user and then use sudo/newrole to switch roles to one of the admin roles. Of course you are free to design your own system creating fully login admin roles. Or creating addinitional non admin user roles. -- selinux mailing list selinux(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux