[PATCH 1/5] adding seadmin support
Dominick Grift
dominick.grift at gmail.com
Fri Nov 8 15:37:57 UTC 2013
On Fri, 2013-11-08 at 14:07 +0100, Dominick Grift wrote:
>
> That does not make sense to me. sewebadm_u has no place in this example.
>
> Its staff_u/staff_r/staff_t manually changing to
> staff_u/webadm_r/webadm_t via sudo if i read your code correctly
>
> The problem is that if you associate more than a single admin role to
> staff_u, that all the users associated with staff_u will have access to
> all those roles from a SELinux point of view
>
> This seems to me undesirable
>
>
Sorry, i think i misunderstood the code
More information about the selinux
mailing list