On Tue, 2008-12-09 at 09:52 -0800, Rahul Jain wrote: > Hi All, > > I am currently developing a Role Based Access Solution on Montavista > linux using SELiunx. I started my implementaion with the reference > policy from Tresys. In this implementation I had assigned a role of > security officer to one of my non root Linux user. This user is > resposible for maintaining SELinux related tasks such as creation, > building of policy etc. But this user of mine, being a non root user > is not able to execute some priviledged commands such as semodule and > semanage. > Is there any in which I can permit a non root user execute these > commands. > > Thanks and Regards > Rahul Jain Not directly, no. SELinux only further restricts what can be done; it does not completely override the normal Linux checks. You could invoke semodule/semanage via sudo in order to enable a non-root user to use them, with suitable policy configuration and sudoers configuration. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
