-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/28/2010 02:54 PM, Michal Svoboda wrote: > Daniel J Walsh wrote: >> Admin installs a third party app that requires setuid/setgid or some >> other priv, now he needs to write policy to transition his staff_t to >> thirdparty_t. In my scenario, unconfined_t will be able to run the >> third party app, and will be able to becom confinedadmin_t for some sudo >> jobs. > > The admin will have a choice to either write that policy or keep the > users unconfined while sacrificing some security (that setuid example > AND a lot of others) or to give users two roles for this n that. > > Isn't this feasible? > > > Michal Svoboda > Feasable yes and for those uses we have staff_t. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvYhkMACgkQrlYvE4MpobOSJACgtibXHeEjgLkYwn7CdAxVcZbb Sb4AoJkMtbz7/q4PTjZlBGG1MeIwhJIs =uaA/ -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
