On Thu, 14 Oct 2004, Stephen Smalley wrote: > On Thu, 2004-10-14 at 11:13, James Morris wrote: > > On Thu, 14 Oct 2004, Colin Walters wrote: > > > > > It's been that way as long as I can remember; you also need to do: > > > full_user_role(jmorris) > > > > Thanks, that worked, but I can't recall doing it before. > > That only makes sense if you are going to do: > user jmorris roles jmorris_r; > role jmorris_r types jmorris_t; > > Otherwise, full_user_role(jmorris) is just going to define some types > and rules that aren't ever going to be useable. > > But why do you want a per-user role/domain? I don't know, I just wanted to restore what I thought was normal behavior. So even in strict policy now, all normal users are user_u:user_r:user_t ? - James -- James Morris <jmorris@xxxxxxxxxx>
