Problems creating a user
Ivan Gyurdiev
ivg2 at cornell.edu
Mon Sep 26 18:06:17 UTC 2005
>>...and the boundaries between the types are pretty much set in stone at
>>this time - you can't
>>easily change what roles can do - there's staff_r, sysadm_r, secadm_r,
>>user_r, system_r,
>>and that's it.
>>
>>
>
>...unless you modify policy sources.
>
>
You're right. The problem isn't that RBAC isn't flexible - it's _too_
flexible. I think it would be confusing to admins to write policy. Maybe
if we could create some sort of friendly app with the most-common macros
an admin could want to use, and their descriptions... I guess we're
moving in the right direction with those management apis...hmm
More information about the fedora-selinux-list
mailing list