On Mon, 2013-11-11 at 14:06 +0100, Dominick Grift wrote: > On Fri, 2013-11-08 at 14:35 -0200, Leonidas Da Silva Barbosa wrote: > > On Fri, Nov 08, 2013 at 02:07:14PM +0100, Dominick Grift wrote: > > > On Fri, 2013-11-08 at 09:28 -0200, Leonidas Da Silva Barbosa wrote: > > > > > > > > > > > > The idea is nice, but a admin could script this up in a heartbeat > > > > > > > > > I agree, but the idea is make this more visible. Today we know we have > > > > admin role, but to reach that some steps are need. Put into in a tool give > > > > some highlight to the use of admin roles and user admins IMHO. > > > > > > There are probably more effective way's to make it visible > > > > > > > I can agree, but it's also about have a tool/supporting it. Anyway, I'm > > trying to understand if it is a good idea to keep with this efforts to > > support it or no. I still believe it a good aproach to support admin roles > > creation, also to implements an 'isolation admins' environment, but I'm > > totally open for thoughts and ideas about why don't put it or better > > approaches to put it. > > > > I wrote a simple bash script that creates SELinux confined admins. > > I didnt bother to add any sanity checking or call commands with paths or > anything like that. > > Was just playing: Theres a few bugs in this script though (needless to say) I should probably also add sepermit support Also the policy API's have some rough edges, but generally things seem to work -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
