[redhat-lspp] LSPP Development Telecon 12/12/2005 Minutes
Chad Hanson
chanson at TrustedCS.com
Mon Dec 19 15:29:32 UTC 2005
Also, how would this userspace implementation of RBAC be used in fulfilling
the audit requirements? I would vote for the first option myself....
-Chad
>
> On Fri, 2005-12-16 at 18:53 -0600, Debora Velarde wrote:
> > -----
> > Roles
> > -----
> > script instead of using selinux mechanism
> > because don't have option of using selinux mechanism
> > need to define how we're going to do this composition with a script
>
> Can someone elaborate on what this means? Options I see are:
> - using the role dominance feature of the existing policy language, and
> using SELinux roles as RBAC roles,
> - using an entirely userspace construct for the role hierarchy and
> generating SELinux policy from that hierarchy using some
> userspace tool
> (which sounds like what you are describing), either mapping the RBAC
> roles to SELinux roles or to SELinux user identities (which then are
> authorized for SELinux roles via policy). Main issue then is ensuring
> that the role hierarchy is properly enforced, by providing a strong
> mapping between it and the underlying policy representation (which
> should be possible).
>
More information about the redhat-lspp
mailing list