################################################

#

# Role-based access control (RBAC) configuration.

#

# The RBAC configuration was originally centralized in this

# file, but has been decomposed into individual role declarations, 

# role allow rules, and role transition rules throughout the TE 

# configuration to support easy removal or adding of domains without 

# modifying a centralized file each time. This also allowed the macros 

# to properly instantiate role declarations and rules for domains.

# Hence, this file is largely unused, except for miscellaneous 

# role allow rules.

########################################

#

# Role allow rules.

#

# A role allow rule specifies the allowable

# transitions between roles on an execve.

# If no rule is specified, then the change in

# roles will not be permitted.  Additional

# controls over role transitions based on the

# type of the process may be specified through

# the constraints file.

#

# The syntax of a role allow rule is:

# 	allow current_role new_role ;

# 

# Allow the admin role to transition to the system

# role for run_init.

#

allow sysadm_r system_r;