Problems creating a user

Ivan Gyurdiev ivg2 at
Mon Sep 26 18:06:17 UTC 2005

>>...and the boundaries between the types are pretty much set in stone at 
>>this time - you can't
>>easily change what roles can do - there's staff_r, sysadm_r, secadm_r, 
>>user_r, system_r,
>>and that's it.
>...unless you modify policy sources.
You're right. The problem isn't that RBAC isn't flexible - it's _too_ 
flexible. I think it would be confusing to admins to write policy. Maybe 
if we could create some sort of friendly app with the most-common macros 
an admin could want to use, and their descriptions...  I guess we're 
moving in the right direction with those management apis...hmm

More information about the fedora-selinux-list mailing list