Navigation

← Previous Changeset
Next Changeset →

Changeset 210

Timestamp:

07/08/08 13:31:50 (5 months ago)

Author:

jmowery

Message:

removing staff from rolemap
fixing call to deprecated interface in xar.te
disabling local policy added to userdomain.te as it was causing many duplicate declarations
policy still not compiling (some staff types still coming from somewhere)

Files:

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/xar.te (modified) (1 diff)
branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/userdomain.te (modified) (1 diff)
branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/rolemap (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/xar.te

r176 r210

83 83 term_use_all_terms(xar_t)
84 84
85 ~~userdom_use_sysadm~~_terms(xar_t)
85 sysadm_use_terms(xar_t)
86 86
87 87

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/userdomain.te

r203	r210
86	86	attribute untrusted_content_tmp_type;
87	87
88		########################################
89		#
90		# Local policy
91		#
92
93		userdom_admin_user_template(sysadm)
94		userdom_unpriv_user_template(staff)
95		userdom_unpriv_user_template(user)
96
97		# user role change rules:
98		# sysadm_r can change to user roles
99		userdom_role_change_template(sysadm, user)
100		userdom_role_change_template(sysadm, staff)
101
102		# only staff_r can change to sysadm_r
103		userdom_role_change_template(staff, sysadm)
104		dontaudit staff_t admin_terminal:chr_file { read write };
105
106		userdom_unpriv_user_template(secadm)
107		userdom_unpriv_user_template(auditadm)
108
109		userdom_role_change_template(staff, auditadm)
110		userdom_role_change_template(staff, secadm)
111
112		userdom_role_change_template(sysadm, secadm)
113		userdom_role_change_template(sysadm, auditadm)
114
115		userdom_role_change_template(auditadm, secadm)
116		userdom_role_change_template(auditadm, sysadm)
117
118		userdom_role_change_template(secadm, auditadm)
119		userdom_role_change_template(secadm, sysadm)
120
121		########################################
122		#
123		# Sysadm local policy
124		#
125
126		# for su
127		allow sysadm_t userdomain:fd use;
128
129		# Add/remove user home directories
130		allow sysadm_t user_home_dir_t:dir manage_dir_perms;
131		files_home_filetrans(sysadm_t, user_home_dir_t, dir)
132
133		corecmd_exec_shell(sysadm_t)
134
135		mls_process_read_up(sysadm_t)
136
137		init_exec(sysadm_t)
138
139		# Following for sending reboot and wall messages
140		userdom_use_unpriv_users_ptys(sysadm_t)
141		userdom_use_unpriv_users_ttys(sysadm_t)
142
143		ifdef(`direct_sysadm_daemon',`
144		optional_policy(`
145		init_run_daemon(sysadm_t, sysadm_r, admin_terminal)
146		')
147		',`
148		ifdef(`distro_gentoo',`
149		optional_policy(`
150		seutil_init_script_run_runinit(sysadm_t, sysadm_r, admin_terminal)
151		')
152		')
153		')
154
155		allow auditadm_t self:capability { dac_read_search dac_override };
156		seutil_run_runinit(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
157		domain_kill_all_domains(auditadm_t)
158		seutil_read_bin_policy(auditadm_t)
159		corecmd_exec_shell(auditadm_t)
160		logging_send_syslog_msg(auditadm_t)
161		logging_read_generic_logs(auditadm_t)
162		logging_manage_audit_log(auditadm_t)
163		logging_manage_audit_config(auditadm_t)
164		logging_run_auditctl(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
165		logging_run_auditd(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
166		userdom_dontaudit_read_sysadm_home_content_files(auditadm_t)
167
168		allow secadm_t self:capability { dac_read_search dac_override };
169		corecmd_exec_shell(secadm_t)
170		domain_obj_id_change_exemption(secadm_t)
171		mls_process_read_up(secadm_t)
172		mls_file_read_all_levels(secadm_t)
173		mls_file_write_all_levels(secadm_t)
174		mls_file_upgrade(secadm_t)
175		mls_file_downgrade(secadm_t)
176		auth_relabel_all_files_except_shadow(secadm_t)
177		dev_relabel_all_dev_nodes(secadm_t)
178		auth_relabel_shadow(secadm_t)
179		init_exec(secadm_t)
180		logging_read_audit_log(secadm_t)
181		logging_read_generic_logs(secadm_t)
182		logging_read_audit_config(secadm_t)
183		userdom_dontaudit_append_staff_home_content_files(secadm_t)
184		userdom_dontaudit_read_sysadm_home_content_files(secadm_t)
185
186		optional_policy(`
187		aide_run(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
188		')
189
190		optional_policy(`
191		netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
192		')
193		# logging_manage_audit_log(sysadm_t)
194		# logging_manage_audit_config(sysadm_t)
195		# logging_run_auditctl(sysadm_t, sysadm_r, admin_terminal)
196
197		tunable_policy(`allow_ptrace',`
198		domain_ptrace_all_domains(sysadm_t)
199		')
200
201		optional_policy(`
202		amanda_run_recover(sysadm_t, sysadm_r, admin_terminal)
203		')
204
205		optional_policy(`
206		apache_run_helper(sysadm_t, sysadm_r, admin_terminal)
207		#apache_run_all_scripts(sysadm_t, sysadm_r)
208		#apache_domtrans_sys_script(sysadm_t)
209		')
210
211		optional_policy(`
212		tzdata_domtrans(sysadm_t)
213		')
214
215		optional_policy(`
216		raid_domtrans_mdadm(sysadm_t)
217		')
218
219		optional_policy(`
220		# cjp: why is this not apm_run_client
221		apm_domtrans_client(sysadm_t)
222		')
223
224		optional_policy(`
225		apt_run(sysadm_t, sysadm_r, admin_terminal)
226		')
227
228		optional_policy(`
229		backup_run(sysadm_t, sysadm_r, admin_terminal)
230		')
231
232		optional_policy(`
233		bootloader_run(sysadm_t, sysadm_r, admin_terminal)
234		')
235
236		optional_policy(`
237		bind_run_ndc(sysadm_t, sysadm_r, admin_terminal)
238		')
239
240		optional_policy(`
241		certwatch_run(sysadm_t, sysadm_r, admin_terminal)
242		')
243
244		optional_policy(`
245		consoletype_run(sysadm_t, sysadm_r, admin_terminal)
246		')
247
248		optional_policy(`
249		clock_run(sysadm_t, sysadm_r, admin_terminal)
250		')
251
252		optional_policy(`
253		clockspeed_run_cli(sysadm_t, sysadm_r, admin_terminal)
254		')
255
256		optional_policy(`
257		cvs_exec(sysadm_t)
258		')
259
260		optional_policy(`
261		consoletype_exec(sysadm_t)
262
263		consoletype_exec(auditadm_t)
264		')
265
266		optional_policy(`
267		cron_admin_template(sysadm, sysadm_t, sysadm_r)
268		')
269
270		optional_policy(`
271		dcc_run_cdcc(sysadm_t, sysadm_r, admin_terminal)
272		dcc_run_client(sysadm_t, sysadm_r, admin_terminal)
273		dcc_run_dbclean(sysadm_t, sysadm_r, admin_terminal)
274		')
275
276		optional_policy(`
277		ddcprobe_run(sysadm_t, sysadm_r, admin_terminal)
278		')
279
280		optional_policy(`
281		dmesg_exec(sysadm_t)
282
283		dmesg_exec(auditadm_t)
284		')
285
286		optional_policy(`
287		dmidecode_run(sysadm_t, sysadm_r, admin_terminal)
288		')
289
290		optional_policy(`
291		dpkg_run(sysadm_t, sysadm_r, admin_terminal)
292		')
293
294		optional_policy(`
295		ethereal_run_tethereal(sysadm_t, sysadm_r, admin_terminal)
296		ethereal_admin_template(sysadm, sysadm_t, sysadm_r)
297		')
298
299		optional_policy(`
300		firstboot_run(sysadm_t, sysadm_r, sysadm_tty_device_t)
301		')
302
303		optional_policy(`
304		fstools_run(sysadm_t, sysadm_r, admin_terminal)
305		')
306
307		optional_policy(`
308		hostname_run(sysadm_t, sysadm_r, admin_terminal)
309		')
310
311		optional_policy(`
312		# allow system administrator to use the ipsec script to look
313		# at things (e.g., ipsec auto --status)
314		# probably should create an ipsec_admin role for this kind of thing
315		ipsec_exec_mgmt(sysadm_t)
316		ipsec_stream_connect(sysadm_t)
317		# for lsof
318		ipsec_getattr_key_sockets(sysadm_t)
319		')
320
321		optional_policy(`
322		iptables_run(sysadm_t, sysadm_r, admin_terminal)
323		')
324
325		optional_policy(`
326		libs_run_ldconfig(sysadm_t, sysadm_r, admin_terminal)
327		')
328
329		optional_policy(`
330		lvm_run(sysadm_t, sysadm_r, admin_terminal)
331		')
332
333		optional_policy(`
334		logrotate_run(sysadm_t, sysadm_r, admin_terminal)
335		')
336
337		optional_policy(`
338		lpd_run_checkpc(sysadm_t, sysadm_r, admin_terminal)
339		lpr_admin_template(sysadm, sysadm_t, sysadm_r)
340		')
341
342		optional_policy(`
343		kudzu_run(sysadm_t, sysadm_r, admin_terminal)
344		')
345
346		optional_policy(`
347		modutils_run_depmod(sysadm_t, sysadm_r, admin_terminal)
348		modutils_run_insmod(sysadm_t, sysadm_r, admin_terminal)
349		modutils_run_update_mods(sysadm_t, sysadm_r, admin_terminal)
350		')
351
352		optional_policy(`
353		mount_run(sysadm_t, sysadm_r, admin_terminal)
354		')
355
356		optional_policy(`
357		mta_admin_template(sysadm, sysadm_t, sysadm_r)
358		')
359
360		optional_policy(`
361		mysql_stream_connect(sysadm_t)
362		')
363
364		optional_policy(`
365		netutils_run(sysadm_t, sysadm_r, admin_terminal)
366		netutils_run_ping(sysadm_t, sysadm_r, admin_terminal)
367		netutils_run_traceroute(sysadm_t, sysadm_r, admin_terminal)
368		')
369
370		optional_policy(`
371		rpc_domtrans_nfsd(sysadm_t)
372		')
373
374		optional_policy(`
375		munin_stream_connect(sysadm_t)
376		')
377
378		optional_policy(`
379		ntp_stub()
380		corenet_udp_bind_ntp_port(sysadm_t)
381		')
382
383		optional_policy(`
384		oav_run_update(sysadm_t, sysadm_r, admin_terminal)
385		')
386
387		optional_policy(`
388		pcmcia_run_cardctl(sysadm_t, sysadm_r, admin_terminal)
389		')
390
391		optional_policy(`
392		portage_run(sysadm_t, sysadm_r, admin_terminal)
393		portage_run_gcc_config(sysadm_t, sysadm_r, admin_terminal)
394		')
395
396		optional_policy(`
397		portmap_run_helper(sysadm_t, sysadm_r, admin_terminal)
398		')
399
400		optional_policy(`
401		quota_run(sysadm_t, sysadm_r, admin_terminal)
402		')
403
404		optional_policy(`
405		rpm_run(sysadm_t, sysadm_r, admin_terminal)
406		')
407
408		optional_policy(`
409		rsync_exec(sysadm_t)
410		')
411
412		optional_policy(`
413		samba_run_net(sysadm_t, sysadm_r, admin_terminal)
414		samba_run_winbind_helper(sysadm_t, sysadm_r, admin_terminal)
415		')
416
417		optional_policy(`
418		seutil_run_setfiles(sysadm_t, sysadm_r, admin_terminal)
419		seutil_run_runinit(sysadm_t, sysadm_r, admin_terminal)
420
421		userdom_security_admin_template(secadm_t, secadm_r, { secadm_tty_device_t sysadm_devpts_t })
422		')
423
424		optional_policy(`
425		sysnet_run_ifconfig(sysadm_t, sysadm_r, admin_terminal)
426		sysnet_run_dhcpc(sysadm_t, sysadm_r, admin_terminal)
427		')
428
429		optional_policy(`
430		tripwire_run_siggen(sysadm_t, sysadm_r, admin_terminal)
431		tripwire_run_tripwire(sysadm_t, sysadm_r, admin_terminal)
432		tripwire_run_twadmin(sysadm_t, sysadm_r, admin_terminal)
433		tripwire_run_twprint(sysadm_t, sysadm_r, admin_terminal)
434		')
435
436		optional_policy(`
437		unconfined_domtrans(sysadm_t, sysadm_r, admin_terminal)
438		')
439
440		optional_policy(`
441		usbmodules_run(sysadm_t, sysadm_r, admin_terminal)
442		')
443
444		optional_policy(`
445		usermanage_run_admin_passwd(sysadm_t, sysadm_r, admin_terminal)
446		usermanage_run_groupadd(sysadm_t, sysadm_r, admin_terminal)
447		usermanage_run_useradd(sysadm_t, sysadm_r, admin_terminal)
448		')
449
450		optional_policy(`
451		vpn_run(sysadm_t, sysadm_r, admin_terminal)
452		')
453
454		optional_policy(`
455		webalizer_run(sysadm_t, sysadm_r, admin_terminal)
456		')
457
458		optional_policy(`
459		yam_run(sysadm_t, sysadm_r, admin_terminal)
460		')
	88	###########################################
	89	####
	90	#### Local policy
	91	####
	92	###
	93	###userdom_admin_user_template(sysadm)
	94	###userdom_unpriv_user_template(staff)
	95	###userdom_unpriv_user_template(user)
	96	###
	97	#### user role change rules:
	98	#### sysadm_r can change to user roles
	99	###userdom_role_change_template(sysadm, user)
	100	###userdom_role_change_template(sysadm, staff)
	101	###
	102	#### only staff_r can change to sysadm_r
	103	###userdom_role_change_template(staff, sysadm)
	104	###dontaudit staff_t admin_terminal:chr_file { read write };
	105	###
	106	###userdom_unpriv_user_template(secadm)
	107	###userdom_unpriv_user_template(auditadm)
	108	###
	109	###userdom_role_change_template(staff, auditadm)
	110	###userdom_role_change_template(staff, secadm)
	111	###
	112	###userdom_role_change_template(sysadm, secadm)
	113	###userdom_role_change_template(sysadm, auditadm)
	114	###
	115	###userdom_role_change_template(auditadm, secadm)
	116	###userdom_role_change_template(auditadm, sysadm)
	117	###
	118	###userdom_role_change_template(secadm, auditadm)
	119	###userdom_role_change_template(secadm, sysadm)
	120	###
	121	###########################################
	122	####
	123	#### Sysadm local policy
	124	####
	125	###
	126	#### for su
	127	###allow sysadm_t userdomain:fd use;
	128	###
	129	#### Add/remove user home directories
	130	###allow sysadm_t user_home_dir_t:dir manage_dir_perms;
	131	###files_home_filetrans(sysadm_t, user_home_dir_t, dir)
	132	###
	133	###corecmd_exec_shell(sysadm_t)
	134	###
	135	###mls_process_read_up(sysadm_t)
	136	###
	137	###init_exec(sysadm_t)
	138	###
	139	#### Following for sending reboot and wall messages
	140	###userdom_use_unpriv_users_ptys(sysadm_t)
	141	###userdom_use_unpriv_users_ttys(sysadm_t)
	142	###
	143	###ifdef(`direct_sysadm_daemon',`
	144	### optional_policy(`
	145	### init_run_daemon(sysadm_t, sysadm_r, admin_terminal)
	146	### ')
	147	###',`
	148	### ifdef(`distro_gentoo',`
	149	### optional_policy(`
	150	### seutil_init_script_run_runinit(sysadm_t, sysadm_r, admin_terminal)
	151	### ')
	152	### ')
	153	###')
	154	###
	155	###allow auditadm_t self:capability { dac_read_search dac_override };
	156	###seutil_run_runinit(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
	157	###domain_kill_all_domains(auditadm_t)
	158	###seutil_read_bin_policy(auditadm_t)
	159	###corecmd_exec_shell(auditadm_t)
	160	###logging_send_syslog_msg(auditadm_t)
	161	###logging_read_generic_logs(auditadm_t)
	162	###logging_manage_audit_log(auditadm_t)
	163	###logging_manage_audit_config(auditadm_t)
	164	###logging_run_auditctl(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
	165	###logging_run_auditd(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
	166	###userdom_dontaudit_read_sysadm_home_content_files(auditadm_t)
	167	###
	168	###allow secadm_t self:capability { dac_read_search dac_override };
	169	###corecmd_exec_shell(secadm_t)
	170	###domain_obj_id_change_exemption(secadm_t)
	171	###mls_process_read_up(secadm_t)
	172	###mls_file_read_all_levels(secadm_t)
	173	###mls_file_write_all_levels(secadm_t)
	174	###mls_file_upgrade(secadm_t)
	175	###mls_file_downgrade(secadm_t)
	176	###auth_relabel_all_files_except_shadow(secadm_t)
	177	###dev_relabel_all_dev_nodes(secadm_t)
	178	###auth_relabel_shadow(secadm_t)
	179	###init_exec(secadm_t)
	180	###logging_read_audit_log(secadm_t)
	181	###logging_read_generic_logs(secadm_t)
	182	###logging_read_audit_config(secadm_t)
	183	###userdom_dontaudit_append_staff_home_content_files(secadm_t)
	184	###userdom_dontaudit_read_sysadm_home_content_files(secadm_t)
	185	###
	186	###optional_policy(`
	187	### aide_run(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
	188	###')
	189	###
	190	###optional_policy(`
	191	### netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
	192	###')
	193	#### logging_manage_audit_log(sysadm_t)
	194	#### logging_manage_audit_config(sysadm_t)
	195	#### logging_run_auditctl(sysadm_t, sysadm_r, admin_terminal)
	196	###
	197	###tunable_policy(`allow_ptrace',`
	198	### domain_ptrace_all_domains(sysadm_t)
	199	###')
	200	###
	201	###optional_policy(`
	202	### amanda_run_recover(sysadm_t, sysadm_r, admin_terminal)
	203	###')
	204	###
	205	###optional_policy(`
	206	### apache_run_helper(sysadm_t, sysadm_r, admin_terminal)
	207	### #apache_run_all_scripts(sysadm_t, sysadm_r)
	208	### #apache_domtrans_sys_script(sysadm_t)
	209	###')
	210	###
	211	###optional_policy(`
	212	### tzdata_domtrans(sysadm_t)
	213	###')
	214	###
	215	###optional_policy(`
	216	### raid_domtrans_mdadm(sysadm_t)
	217	###')
	218	###
	219	###optional_policy(`
	220	### # cjp: why is this not apm_run_client
	221	### apm_domtrans_client(sysadm_t)
	222	###')
	223	###
	224	###optional_policy(`
	225	### apt_run(sysadm_t, sysadm_r, admin_terminal)
	226	###')
	227	###
	228	###optional_policy(`
	229	### backup_run(sysadm_t, sysadm_r, admin_terminal)
	230	###')
	231	###
	232	###optional_policy(`
	233	### bootloader_run(sysadm_t, sysadm_r, admin_terminal)
	234	###')
	235	###
	236	###optional_policy(`
	237	### bind_run_ndc(sysadm_t, sysadm_r, admin_terminal)
	238	###')
	239	###
	240	###optional_policy(`
	241	### certwatch_run(sysadm_t, sysadm_r, admin_terminal)
	242	###')
	243	###
	244	###optional_policy(`
	245	### consoletype_run(sysadm_t, sysadm_r, admin_terminal)
	246	###')
	247	###
	248	###optional_policy(`
	249	### clock_run(sysadm_t, sysadm_r, admin_terminal)
	250	###')
	251	###
	252	###optional_policy(`
	253	### clockspeed_run_cli(sysadm_t, sysadm_r, admin_terminal)
	254	###')
	255	###
	256	###optional_policy(`
	257	### cvs_exec(sysadm_t)
	258	###')
	259	###
	260	###optional_policy(`
	261	### consoletype_exec(sysadm_t)
	262	###
	263	### consoletype_exec(auditadm_t)
	264	###')
	265	###
	266	###optional_policy(`
	267	### cron_admin_template(sysadm, sysadm_t, sysadm_r)
	268	###')
	269	###
	270	###optional_policy(`
	271	### dcc_run_cdcc(sysadm_t, sysadm_r, admin_terminal)
	272	### dcc_run_client(sysadm_t, sysadm_r, admin_terminal)
	273	### dcc_run_dbclean(sysadm_t, sysadm_r, admin_terminal)
	274	###')
	275	###
	276	###optional_policy(`
	277	### ddcprobe_run(sysadm_t, sysadm_r, admin_terminal)
	278	###')
	279	###
	280	###optional_policy(`
	281	### dmesg_exec(sysadm_t)
	282	###
	283	### dmesg_exec(auditadm_t)
	284	###')
	285	###
	286	###optional_policy(`
	287	### dmidecode_run(sysadm_t, sysadm_r, admin_terminal)
	288	###')
	289	###
	290	###optional_policy(`
	291	### dpkg_run(sysadm_t, sysadm_r, admin_terminal)
	292	###')
	293	###
	294	###optional_policy(`
	295	### ethereal_run_tethereal(sysadm_t, sysadm_r, admin_terminal)
	296	### ethereal_admin_template(sysadm, sysadm_t, sysadm_r)
	297	###')
	298	###
	299	###optional_policy(`
	300	### firstboot_run(sysadm_t, sysadm_r, sysadm_tty_device_t)
	301	###')
	302	###
	303	###optional_policy(`
	304	### fstools_run(sysadm_t, sysadm_r, admin_terminal)
	305	###')
	306	###
	307	###optional_policy(`
	308	### hostname_run(sysadm_t, sysadm_r, admin_terminal)
	309	###')
	310	###
	311	###optional_policy(`
	312	### # allow system administrator to use the ipsec script to look
	313	### # at things (e.g., ipsec auto --status)
	314	### # probably should create an ipsec_admin role for this kind of thing
	315	### ipsec_exec_mgmt(sysadm_t)
	316	### ipsec_stream_connect(sysadm_t)
	317	### # for lsof
	318	### ipsec_getattr_key_sockets(sysadm_t)
	319	###')
	320	###
	321	###optional_policy(`
	322	### iptables_run(sysadm_t, sysadm_r, admin_terminal)
	323	###')
	324	###
	325	###optional_policy(`
	326	### libs_run_ldconfig(sysadm_t, sysadm_r, admin_terminal)
	327	###')
	328	###
	329	###optional_policy(`
	330	### lvm_run(sysadm_t, sysadm_r, admin_terminal)
	331	###')
	332	###
	333	###optional_policy(`
	334	### logrotate_run(sysadm_t, sysadm_r, admin_terminal)
	335	###')
	336	###
	337	###optional_policy(`
	338	### lpd_run_checkpc(sysadm_t, sysadm_r, admin_terminal)
	339	### lpr_admin_template(sysadm, sysadm_t, sysadm_r)
	340	###')
	341	###
	342	###optional_policy(`
	343	### kudzu_run(sysadm_t, sysadm_r, admin_terminal)
	344	###')
	345	###
	346	###optional_policy(`
	347	### modutils_run_depmod(sysadm_t, sysadm_r, admin_terminal)
	348	### modutils_run_insmod(sysadm_t, sysadm_r, admin_terminal)
	349	### modutils_run_update_mods(sysadm_t, sysadm_r, admin_terminal)
	350	###')
	351	###
	352	###optional_policy(`
	353	### mount_run(sysadm_t, sysadm_r, admin_terminal)
	354	###')
	355	###
	356	###optional_policy(`
	357	### mta_admin_template(sysadm, sysadm_t, sysadm_r)
	358	###')
	359	###
	360	###optional_policy(`
	361	### mysql_stream_connect(sysadm_t)
	362	###')
	363	###
	364	###optional_policy(`
	365	### netutils_run(sysadm_t, sysadm_r, admin_terminal)
	366	### netutils_run_ping(sysadm_t, sysadm_r, admin_terminal)
	367	### netutils_run_traceroute(sysadm_t, sysadm_r, admin_terminal)
	368	###')
	369	###
	370	###optional_policy(`
	371	### rpc_domtrans_nfsd(sysadm_t)
	372	###')
	373	###
	374	###optional_policy(`
	375	### munin_stream_connect(sysadm_t)
	376	###')
	377	###
	378	###optional_policy(`
	379	### ntp_stub()
	380	### corenet_udp_bind_ntp_port(sysadm_t)
	381	###')
	382	###
	383	###optional_policy(`
	384	### oav_run_update(sysadm_t, sysadm_r, admin_terminal)
	385	###')
	386	###
	387	###optional_policy(`
	388	### pcmcia_run_cardctl(sysadm_t, sysadm_r, admin_terminal)
	389	###')
	390	###
	391	###optional_policy(`
	392	### portage_run(sysadm_t, sysadm_r, admin_terminal)
	393	### portage_run_gcc_config(sysadm_t, sysadm_r, admin_terminal)
	394	###')
	395	###
	396	###optional_policy(`
	397	### portmap_run_helper(sysadm_t, sysadm_r, admin_terminal)
	398	###')
	399	###
	400	###optional_policy(`
	401	### quota_run(sysadm_t, sysadm_r, admin_terminal)
	402	###')
	403	###
	404	###optional_policy(`
	405	### rpm_run(sysadm_t, sysadm_r, admin_terminal)
	406	###')
	407	###
	408	###optional_policy(`
	409	### rsync_exec(sysadm_t)
	410	###')
	411	###
	412	###optional_policy(`
	413	### samba_run_net(sysadm_t, sysadm_r, admin_terminal)
	414	### samba_run_winbind_helper(sysadm_t, sysadm_r, admin_terminal)
	415	###')
	416	###
	417	###optional_policy(`
	418	### seutil_run_setfiles(sysadm_t, sysadm_r, admin_terminal)
	419	### seutil_run_runinit(sysadm_t, sysadm_r, admin_terminal)
	420	###
	421	### userdom_security_admin_template(secadm_t, secadm_r, { secadm_tty_device_t sysadm_devpts_t })
	422	###')
	423	###
	424	###optional_policy(`
	425	### sysnet_run_ifconfig(sysadm_t, sysadm_r, admin_terminal)
	426	### sysnet_run_dhcpc(sysadm_t, sysadm_r, admin_terminal)
	427	###')
	428	###
	429	###optional_policy(`
	430	### tripwire_run_siggen(sysadm_t, sysadm_r, admin_terminal)
	431	### tripwire_run_tripwire(sysadm_t, sysadm_r, admin_terminal)
	432	### tripwire_run_twadmin(sysadm_t, sysadm_r, admin_terminal)
	433	### tripwire_run_twprint(sysadm_t, sysadm_r, admin_terminal)
	434	###')
	435	###
	436	###optional_policy(`
	437	### unconfined_domtrans(sysadm_t, sysadm_r, admin_terminal)
	438	###')
	439	###
	440	###optional_policy(`
	441	### usbmodules_run(sysadm_t, sysadm_r, admin_terminal)
	442	###')
	443	###
	444	###optional_policy(`
	445	### usermanage_run_admin_passwd(sysadm_t, sysadm_r, admin_terminal)
	446	### usermanage_run_groupadd(sysadm_t, sysadm_r, admin_terminal)
	447	### usermanage_run_useradd(sysadm_t, sysadm_r, admin_terminal)
	448	###')
	449	###
	450	###optional_policy(`
	451	### vpn_run(sysadm_t, sysadm_r, admin_terminal)
	452	###')
	453	###
	454	###optional_policy(`
	455	### webalizer_run(sysadm_t, sysadm_r, admin_terminal)
	456	###')
	457	###
	458	###optional_policy(`
	459	### yam_run(sysadm_t, sysadm_r, admin_terminal)
	460	###')

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/rolemap

r176 r210

10 10
11 11 user_r user user_t
12 staff_r staff staff_t
12 #staff_r staff staff_t
13 13 sysadm_r sysadm sysadm_t
14 14

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.

r176	r210
83	83	term_use_all_terms(xar_t)
84	84
85		~~userdom_use_sysadm~~_terms(xar_t)
	85	sysadm_use_terms(xar_t)
86	86
87	87

r176	r210
10	10
11	11	user_r user user_t
12		staff_r staff staff_t
	12	#staff_r staff staff_t
13	13	sysadm_r sysadm sysadm_t
14	14

Navigation

Changeset 210

Legend:

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/xar.te

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/userdomain.te

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/rolemap

Download in other formats: