txt/selinux-naming


1
2
3
4
5
6
7
8
9

Quick excerpts from #selinux

Interface naming
  _domtrans is internal, only allows domain transition
  _run was for root support, but basically nothing more than domtrans + access (role)
  _role is a more elaborate version, including resource access, like
    mozilla_role(staff_r, staff_t)
  _admin is to allow administration of a domain, including transitioning through the labeled init scripts, like
    postfix_admin(sysadm_r, sysadm_t)