On Fri, 2013-11-08 at 14:07 +0100, Dominick Grift wrote: > > That does not make sense to me. sewebadm_u has no place in this example. > > Its staff_u/staff_r/staff_t manually changing to > staff_u/webadm_r/webadm_t via sudo if i read your code correctly > > The problem is that if you associate more than a single admin role to > staff_u, that all the users associated with staff_u will have access to > all those roles from a SELinux point of view > > This seems to me undesirable > > Sorry, i think i misunderstood the code -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
