Anyway, the configuration should be consistent.

If we agree that sysadm_u should be the type for system administrator,
when root logins in the console then root should be sysadm_u.

I am not sure if the concept of limited administrator is really
possible. I guess it should be someone who cannot install arbitrary
packages to /usr/bin, but should be able to install packages from
trusted sources or update them; and stop and start services.

But when someone needs a new program, or a custom program, to be
installed? Then one needs a unconfined, fully unrestricted user.

On Tue, Aug 6, 2019 at 12:09 AM Debian Bug Tracking System
<[email protected]> wrote:
>
> Thank you for the additional information you have supplied regarding
> this Bug report.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
>  Debian SELinux maintainers <[email protected]>
>
> If you wish to submit further information on this problem, please
> send it to [email protected].
>
> Please do not send mail to [email protected] unless you wish
> to report a problem with the Bug-tracking system.
>
> --
> 933858: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933858
> Debian Bug Tracking System
> Contact [email protected] with problems

Reply via email to