On 05/19/14 22:24, Christopher J. PeBenito wrote:
On 05/19/2014 01:13 AM, dE wrote:
RBAC is completely optional in SELinux; however there appears to be no way to specify the allowed types for a particular user without specifying roles.
Without this, there'll be no enforcement.
You still need to have user->role and role->type associations, but you can simply have one role and remove any constraints related to roles. You cannot completely disable the RBAC mechanism like you can disable MLS.
Ok, thanks for clarifying that.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
