sudo avc denies: was Re: Upgrading to policy-strict RPM's
Stephen Smalley
sds at epoch.ncsc.mil
Mon Jul 12 14:55:09 UTC 2004
One other note on this topic: Most Fedora SELinux users are not
maintaining policy/users at present for individual users (beyond
system_u/user_u/root distinctions) due to the lack of integrated user
management, so they cannot take full advantage of the SELinux user
identity and user-role authorizations. setools and setools-gui provide
some help in this area, but not if you are using a distributed user
database like NIS or LDAP. As a consequence, the typical approach among
older SELinux users of individually authorizing staff users for staff_r
and sysadm_r is problematic for the typical Fedora SELinux user.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list