On 04/22/2016 08:37 PM, Robin Lee Powell wrote:
Does tranisitioning to unconfined_r/unconfined_t mean "I give up
selinux go away" or does it mean "I'm about to do root-ish things"?
I guess what I'm wondering is, is this:
rlpowell ALL=(ALL) TYPE=unconfined_t ROLE=unconfined_r ALL
really what's wanted for a system that's trying to use selinux to
the fullest, or is there some other role that more-accurately means
"I'm doing root-ish things now"?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
unconfined_t domain can do almost anything on your system.
In fedora we don't use confined users by default, so you need to
configure this SELinux feature.
If you would like to use confined users, you can find some information
here:
http://danwalsh.livejournal.com/66587.html
For users which can run sudo, you could use staff_u SELinux user.
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
