On Mon, Mar 29, 2004 at 09:09:39AM -0500, Daniel J Walsh wrote: > Date: Mon, 29 Mar 2004 09:09:39 -0500 > From: Daniel J Walsh <dwalsh@xxxxxxxxxx> > To: "Fedora SELinux support list for users & developers." <fedora-selinux-list@xxxxxxxxxx> > Subject: Re: Should Yum and up2date understand SELinux roles > Reply-To: "Fedora SELinux support list for users & developers." <fedora-selinux-list@xxxxxxxxxx> > > Tom Mitchell wrote: > > >Should yum check "id" for sysadm_r role? > > .... > No if unlimitedUsers tunable is set the following rule needs to be added > to rpm.te > > ifdef(`unlimitedUsers', ` > domain_auto_trans(staff_t, rpm_exec_t, rpm_t) > ') > Thank you unlimitedUsers was set (will make the change and retest soon). Will your small snip of policy be in a future version of rpm.te? -- T o m M i t c h e l l /dev/null the ultimate in secure storage.