After searching the forums up and down and nibbling stuff here and there, I'm giving up.
What is this whole *_transition_* stuff? How do I run services as a specific role; should I do that? Why not just put appropriate access flags on all required things in a services' subject?
People on the fora seem to know what they are talking about. That is somewhat frustrating, as it seems im missing out some documentation that I haven't been able to unearth.
There's so much in the default policy I cannot find documentation on; and although I consider myself somewhat adept at figuring tech stuff out, most people are not.
I'd be willing to write up decent documentation on that in the wiki - only I am not sure I understand half of it correctly, and I find it rather tiresome playing n+ hours with a vm/sandbox to figure it all out myself.
-- Elven