Administrator domain protection

Controlling access to sysadm_t
- type_transition getty_t login_exec_t:process local_login_t;
- allow local_login_t sysadm_t:process transition;
- allow newrole_t sysadm_t:process transition;
Execution limited to approved types
Separation from other domains

Controlling access to sysadm_t