Re: How do I make sudo "trusted"?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-03-18 at 13:43, Aleksey Nogin wrote:
> So what is the difference between the sysadm_r and system_r? How does it 
> relate to the
> 
> # sample for administrative user
> ifdef(`direct_sysadm_daemon', `
> #user jadmin roles { staff_r sysadm_r system_r };
> ', `
> #user jadmin roles { staff_r sysadm_r };
> ')
> 
> in the /etc/security/selinux/src/policy/users? Thanks!

sysadm_r is intended for administrative sessions. system_r is intended
for system processes; it is the initial role for /sbin/init and its
descendants.  Including system_r in the set of role authorizations for
administrators is a temporary workaround to support direct restarting of
daemons from an admin shell; the daemon should then automatically
transition into system_r:<daemon domain>, assuming it has a domain.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux