default user context on fedorapeople.org
icon at fedoraproject.org
Wed Mar 28 00:51:46 UTC 2012
On Tue, 2012-03-27 at 17:28 -0600, Kevin Fenzi wrote:
> Note that folks who need to sudo need to still be unconfined right?
No, you want them to be staff_u and add the following to your sudoers:
%wheel ALL=(ALL) TYPE=unconfined_t ROLE=unconfined_r ALL
This will transition to unconfined upon sudo.
BTW, I just found out that guest_u (and, by extension, my testguest_u)
still allows sshd forwarding -- I guess it's hard to restrict that on
the SELinux level. It can be disallowed in sshd config, though,
including by group:
Match Group wheel
Systems Administrator, Kernel.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 665 bytes
Desc: This is a digitally signed message part
More information about the infrastructure