On Sat, 2004-03-13 at 15:53, Aleksey Nogin wrote: > On 11.03.2004 07:36, Stephen Smalley wrote: > > > Hence, if you add yourself to policy/users and authorize > > yourself for staff_r and sysadm_r and reload your policy, then you > > should be able to do sudo -r sysadm_r <command>. > > What is the difference between the sysadm_r and system_r? When should I > be using > > sudo -r sysadm_r > > and when > > sudo -r system_r -t sysadm_t You shouldn't need to do the latter ever. I suspect that sudo should default to switching to sysadm_r, as that will be the expected behavior. It can use get_default_context to obtain a default context for the user and /etc/security/default_contexts can be set up to make it default to sysadm_r:sysadm_t. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
