[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: roles in targeted mode

From: Daniel J Walsh <dwalsh redhat com>
To: Brian Ginn <BGinn symark com>
Cc: "'fedora-selinux-list redhat com'" <fedora-selinux-list redhat com>
Subject: Re: roles in targeted mode
Date: Tue, 12 May 2009 14:07:35 -0400

On 05/12/2009 01:14 PM, Brian Ginn wrote:

After some time learning SELinux on Fedora 9, I'm on an RHEL 5.3 box in targeted mode.
The policycoreutils rpm doesn't contain the newrole command.  Is newrole even needed in targeted mode?

No targeted policy in RHEL5 is basically everything in system_r role.

This is changing in Fedora 9 and beyond. Where you can have confineduser roles along with unconfined user roles.

seinfo -r -x
reports 6 roles and 268 total types
It looks like every role is allowed to run every type except for two types:
        httpd_squid_script_t and httpd_prewikka_script_t





Thanks,
Brian




--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

References:
- roles in targeted mode
  - From: Brian Ginn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]