[redhat-lspp] [Fwd: Re: Latest diffs in policy]
LC Bruzenak
lenny at bruzenak.com
Tue May 16 13:52:51 UTC 2006
On Tue, 2006-05-16 at 08:43 -0400, Steve Grubb wrote:
> On Tuesday 16 May 2006 08:21, Daniel J Walsh wrote:
> > I want to open up discussion of removal of the secadm_t policy and
> > roling it into sysadm_t and make auditadm_r match what Michael and Casey
> > have defined.
>
> I really think the original intent of the secadm role was to separate audit
> use/control from admin role. I think the role name may have lead to confusion
> and people then wanted an audit admin role because that *was* needed. Then
> the problem became "what is the definition of the security admin?"
Steve, I agree with your assessment of the original intent.
>
> So, I vote for combining secadm with sysadm.
I understand you guys are aiming for the LSPP cert...
Those of us who would use this OS for a multilevel trusted server must
follow DCID 6/3. I had made the following correlation between DCID and
SE Linux roles:
DCID SE Linux
---- --------
ISSM audadm
ISSO secadm
Administrator sysadm
If there is still a way to configure the administration for these
separate roles we are still in business, otherwise maybe not.
Or it may mean we would have to configure the system so far outside the
certified LSPP config that it would negate that positive trust
milestone.
Thanks,
LCB.
--
LC Bruzenak
lenny at bruzenak.com
More information about the redhat-lspp
mailing list