SELinux and the Desktop
Stephen Smalley
sds at epoch.ncsc.mil
Wed Oct 13 18:58:58 UTC 2004
On Wed, 2004-10-13 at 14:57, Kodungallur Varma wrote:
> I dont know if this makes any sense but can any one tell me if
> we can set up a policy where a user_r has more previleges than the
> staff_r (not the sys admin). thanx in advance..
Why? The current policy is set up so that staff_r is more privileged
than user_r (if the user_canbe_sysadm tunable is disabled); otherwise,
user_r and staff_r are essentially equivalent. I'd suggest disabling
user_canbe_sysadm and optionally adding further permissions to staff_r,
not the other way around.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list