sudo avc denies: was Re: Upgrading to policy-strict RPM's

Stephen Smalley sds at epoch.ncsc.mil
Mon Jul 12 14:55:09 UTC 2004


One other note on this topic:  Most Fedora SELinux users are not
maintaining policy/users at present for individual users (beyond
system_u/user_u/root distinctions) due to the lack of integrated user
management, so they cannot take full advantage of the SELinux user
identity and user-role authorizations.  setools and setools-gui provide
some help in this area, but not if you are using a distributed user
database like NIS or LDAP.  As a consequence, the typical approach among
older SELinux users of individually authorizing staff users for staff_r
and sysadm_r is problematic for the typical Fedora SELinux user.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the selinux mailing list