| 1 |
pebenito |
1.1 |
################################################
|
| 2 |
|
|
#
|
| 3 |
|
|
# Role-based access control (RBAC) configuration.
|
| 4 |
|
|
#
|
| 5 |
|
|
|
| 6 |
|
|
dnl This file formerly contained a set of centralized role declarations.
|
| 7 |
|
|
dnl These role declarations have been partitioned up among the various
|
| 8 |
|
|
dnl .te files.
|
| 9 |
|
|
|
| 10 |
|
|
dnl Role transition rules are deprecated. Role transitions should be
|
| 11 |
|
|
dnl explicit, e.g. via login and newrole. Use domain transitions within a
|
| 12 |
|
|
dnl role for automatic changes of permissions upon program execution.
|
| 13 |
|
|
|
| 14 |
|
|
dnl This file is now merely for role allow rules, as described below.
|
| 15 |
|
|
|
| 16 |
|
|
########################################
|
| 17 |
|
|
#
|
| 18 |
|
|
# Role allow rules.
|
| 19 |
|
|
#
|
| 20 |
|
|
# A role allow rule specifies the allowable
|
| 21 |
|
|
# transitions between roles on an execve.
|
| 22 |
|
|
# If no rule is specified, then the change in
|
| 23 |
|
|
# roles will not be permitted. Additional
|
| 24 |
|
|
# controls over role transitions based on the
|
| 25 |
|
|
# type of the process may be specified through
|
| 26 |
|
|
# the constraints file.
|
| 27 |
|
|
#
|
| 28 |
|
|
# The syntax of a role allow rule is:
|
| 29 |
|
|
# allow current_role new_role ;
|
| 30 |
|
|
#
|
| 31 |
|
|
# Allow the admin role to transition to the system
|
| 32 |
|
|
# role for run_init.
|
| 33 |
|
|
#
|
| 34 |
|
|
allow sysadm_r system_r;
|
Parent Directory
| 
Revision Log