|
Chris PeBenito |
ab58ad |
################################################
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# Role-based access control (RBAC) configuration.
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
|
|
Chris PeBenito |
ab58ad |
########################################
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# Role allow rules.
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# A role allow rule specifies the allowable
|
|
Chris PeBenito |
ab58ad |
# transitions between roles on an execve.
|
|
Chris PeBenito |
ab58ad |
# If no rule is specified, then the change in
|
|
Chris PeBenito |
ab58ad |
# roles will not be permitted. Additional
|
|
Chris PeBenito |
ab58ad |
# controls over role transitions based on the
|
|
Chris PeBenito |
ab58ad |
# type of the process may be specified through
|
|
Chris PeBenito |
ab58ad |
# the constraints file.
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# The syntax of a role allow rule is:
|
|
Chris PeBenito |
ab58ad |
# allow current_role new_role ;
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
|
|
Chris PeBenito |
ab58ad |
allow sysadm_r system_r;
|
|
Chris PeBenito |
ab58ad |
allow user_r system_r;
|
|
Chris PeBenito |
ab58ad |
allow user_r sysadm_r;
|
|
Chris PeBenito |
ab58ad |
allow sysadm_r user_r;
|
|
Chris PeBenito |
ab58ad |
allow system_r sysadm_r;
|