[redhat-lspp] RBACPP requirement question
Casey Schaufler
casey at schaufler-ca.com
Wed Jun 14 19:01:16 UTC 2006
--- Klaus Weidner <klaus at atsec.com> wrote:
> Please comment if you have opinions about handling
> roles, especially from
> an end user point of view.
Roles work best when they associate a specific
set of actions with a specific set of information.
This is why the auditadm role is a good idea
and the secadm role is a poor one. The Type
Enforcement mechanism of SELinux implements
this sort of association. Just for grins, let
me suggest that y'all look into deriving role
definitions from relationships defined in
the system policy. If nothing else, this should
prove a valuable cross-check on the
appropriateness of the policies.
Casey Schaufler
casey at schaufler-ca.com
More information about the redhat-lspp
mailing list