Section 8.7: Lab: Mitigating Risk with SELinux
Question 4 asks the following:
"Map the operator2 user to a confined SELinux user to restrict su access, but make sure that they can use the sudo command."
The solution provided uses SELinux sysadm_u user. This does not sound right to me. Chapter 8.3 of the course has the following bit:
"SELinux allows Linux users mapped to sysadm_u to use su and sudo. "
The correct solution would be to use the SELinux staff_u user. Linux users mapped to staff_u can use sudo but not su.
Red Hat team, can you get this resolved please?