Paul Moore wrote: > I'm haven't verified this (I'm at home and don't have an LSPP machine handy) > but it was originally the case where you had to be in the secadm_r role to be > able to use netlabelctl. Unless Dan/Chris added the netlabel_mgmt_t domain > to the sysadm_r role I don't expect you'll be able to run netlabelctl.
If this is the case then I think we want to fix this so that sysadm_r can run netlabelctl. When Dan restructured the roles a while back, it seems like sysadm_r is supposed to be able to do everything now, except perhaps change the audit configuration - I can't remember that part. Does anyone know if there are there any other operations that only secadm_r can do? -- ljk -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
