[DSE-Dev] Bug#933858: I do not understand
Ramón García
ramon.garcia.f at gmail.com
Mon Aug 5 23:06:10 BST 2019
What is the intended purpose of sysadm_t?
If the root user logs in the console, the context is
unconfined_u:unconfined_r:unconfined_t. If some user sudo to root,
that might be allowed or not, but if allowed, shouldn't the session
have the same rights as a root session? Otherwise, what is expected
from sudo is broken.
The same reasoning for su: doing su to root may be allowed or not,
depending on the user. But if allowed, shouldn't the session have the
same unrestricted permissions as a root session?
I believed that the purpose of sysadm_u was to determinate what users
can su/sudo to root+unconfined_t.
More information about the SELinux-devel
mailing list