--- Klaus Weidner <[EMAIL PROTECTED]> wrote:
> Please comment if you have opinions about handling > roles, especially from > an end user point of view. Roles work best when they associate a specific set of actions with a specific set of information. This is why the auditadm role is a good idea and the secadm role is a poor one. The Type Enforcement mechanism of SELinux implements this sort of association. Just for grins, let me suggest that y'all look into deriving role definitions from relationships defined in the system policy. If nothing else, this should prove a valuable cross-check on the appropriateness of the policies. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
