On Thu, 2006-10-19 at 10:09 -0400, Daniel J Walsh wrote: > Gene Czarcinski wrote: > > I have been fooling around with RBAC and roles to see how it works and could > > be used. > > > > If I understand correctly, either > > ` > > 1. In order to add a new roles, you need to modify the source in the src.rpm > > and create a "new" policy: gop or "Gene'c Own Policy". > > > > or > > > > 2. I do not know the correct "magic dance" to perform to add a new role > > definition to an existing policy. > > > > Comment? > > > > > You should be able to add a new role through a loadable policy module > and then use semanage > to assign the role to SELinux Users. It isn't quite that simple (at least not yet). Full integration of a role requires too pervasive of a change to work well from a loadable module. Role additions in the current refpolicy have all gone into userdomain in the policy sources. There is also the rolemap file. There is a role-infra branch that Chris is working on to improve infrastructure for adding roles. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
