Chris PeBenito 0fbfa5
################################################
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Role-based access control (RBAC) configuration.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# The RBAC configuration was originally centralized in this
Chris PeBenito 0fbfa5
# file, but has been decomposed into individual role declarations, 
Chris PeBenito 0fbfa5
# role allow rules, and role transition rules throughout the TE 
Chris PeBenito 0fbfa5
# configuration to support easy removal or adding of domains without 
Chris PeBenito 0fbfa5
# modifying a centralized file each time. This also allowed the macros 
Chris PeBenito 0fbfa5
# to properly instantiate role declarations and rules for domains.
Chris PeBenito 0fbfa5
# Hence, this file is largely unused, except for miscellaneous 
Chris PeBenito 0fbfa5
# role allow rules.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
########################################
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Role allow rules.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# A role allow rule specifies the allowable
Chris PeBenito 0fbfa5
# transitions between roles on an execve.
Chris PeBenito 0fbfa5
# If no rule is specified, then the change in
Chris PeBenito 0fbfa5
# roles will not be permitted.  Additional
Chris PeBenito 0fbfa5
# controls over role transitions based on the
Chris PeBenito 0fbfa5
# type of the process may be specified through
Chris PeBenito 0fbfa5
# the constraints file.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# The syntax of a role allow rule is:
Chris PeBenito 0fbfa5
# 	allow current_role new_role ;
Chris PeBenito 0fbfa5
# 
Chris PeBenito 0fbfa5
# Allow the admin role to transition to the system
Chris PeBenito 0fbfa5
# role for run_init.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
allow sysadm_r system_r;