On 04/22/2016 08:37 PM, Robin Lee Powell wrote: > > Does tranisitioning to unconfined_r/unconfined_t mean "I give up > selinux go away" or does it mean "I'm about to do root-ish things"? > > I guess what I'm wondering is, is this: > > rlpowell ALL=(ALL) TYPE=unconfined_t ROLE=unconfined_r ALL > > really what's wanted for a system that's trying to use selinux to > the fullest, or is there some other role that more-accurately means > "I'm doing root-ish things now"? > -- > selinux mailing list > selinux(a)lists.fedoraproject.org > http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org > > Hi, unconfined_t domain can do almost anything on your system. In fedora we don't use confined users by default, so you need to configure this SELinux feature. If you would like to use confined users, you can find some information here: http://danwalsh.livejournal.com/66587.html For users which can run sudo, you could use staff_u SELinux user.