Anyway, the configuration should be consistent. If we agree that sysadm_u should be the type for system administrator, when root logins in the console then root should be sysadm_u.
I am not sure if the concept of limited administrator is really possible. I guess it should be someone who cannot install arbitrary packages to /usr/bin, but should be able to install packages from trusted sources or update them; and stop and start services. But when someone needs a new program, or a custom program, to be installed? Then one needs a unconfined, fully unrestricted user. On Tue, Aug 6, 2019 at 12:09 AM Debian Bug Tracking System <[email protected]> wrote: > > Thank you for the additional information you have supplied regarding > this Bug report. > > This is an automatically generated reply to let you know your message > has been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > Your message has been sent to the package maintainer(s): > Debian SELinux maintainers <[email protected]> > > If you wish to submit further information on this problem, please > send it to [email protected]. > > Please do not send mail to [email protected] unless you wish > to report a problem with the Bug-tracking system. > > -- > 933858: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933858 > Debian Bug Tracking System > Contact [email protected] with problems

