34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
|
################################################
|
||
|
#
|
||
|
# Role-based access control (RBAC) configuration.
|
||
|
#
|
||
|
|
||
|
# The RBAC configuration was originally centralized in this
|
||
|
# file, but has been decomposed into individual role declarations,
|
||
|
# role allow rules, and role transition rules throughout the TE
|
||
|
# configuration to support easy removal or adding of domains without
|
||
|
# modifying a centralized file each time. This also allowed the macros
|
||
|
# to properly instantiate role declarations and rules for domains.
|
||
|
# Hence, this file is largely unused, except for miscellaneous
|
||
|
# role allow rules.
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# Role allow rules.
|
||
|
#
|
||
|
# A role allow rule specifies the allowable
|
||
|
# transitions between roles on an execve.
|
||
|
# If no rule is specified, then the change in
|
||
|
# roles will not be permitted. Additional
|
||
|
# controls over role transitions based on the
|
||
|
# type of the process may be specified through
|
||
|
# the constraints file.
|
||
|
#
|
||
|
# The syntax of a role allow rule is:
|
||
|
# allow current_role new_role ;
|
||
|
#
|
||
|
# Allow the admin role to transition to the system
|
||
|
# role for run_init.
|
||
|
#
|
||
|
allow sysadm_r system_r;
|