On Thu, 2004-03-18 at 13:43, Aleksey Nogin wrote:
> So what is the difference between the sysadm_r and system_r? How does it
> relate to the
>
> # sample for administrative user
> ifdef(`direct_sysadm_daemon', `
> #user jadmin roles { staff_r sysadm_r system_r };
> ', `
> #user jadmin roles { staff_r sysadm_r };
> ')
>
> in the /etc/security/selinux/src/policy/users? Thanks!
sysadm_r is intended for administrative sessions. system_r is intended
for system processes; it is the initial role for /sbin/init and its
descendants. Including system_r in the set of role authorizations for
administrators is a temporary workaround to support direct restarting of
daemons from an admin shell; the daemon should then automatically
transition into system_r:<daemon domain>, assuming it has a domain.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
