[refpolicy] [PATCH 1/2] Asterisk admin must be able to run 'asterisk -r'

Sven Vermeulen sven.vermeulen at siphos.be
Tue Sep 27 11:39:12 CDT 2011


On Mon, Sep 26, 2011 at 10:23:06PM +0200, Dominick Grift wrote:
> In theory looks good but i wonder if this will work in practice since
> you may have tested it with sysadm_t that is not a good representation
> of reality. These admin interfaces shouldnt be called by sysadm_t, they
> should instead be used with userdom_base_user_template.

I agree that role support here is important, but what is the rule when to
add things to sysadm_t and when not? It also holds the apache_role...

Wkr,
	Sven Vermeulen


More information about the refpolicy mailing list