Navigation

← Previous Changeset
Next Changeset →

Changeset 211

Timestamp:

07/08/08 14:53:49 (2 months ago)

Author:

jmowery

Message:

policy compiles with optional staff (excluded by default in modules.conf)

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/oddjob.te

r203	r211
79	79	miscfiles_read_localization(oddjob_mkhomedir_t)
80	80
81		staff_manage_home_dirs(oddjob_mkhomedir_t)
	81	optional_policy(`
	82	staff_manage_home_dirs(oddjob_mkhomedir_t)
	83	')
82	84
83	85	# Add/remove user home directories

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/locallogin.te

r203	r211
244	244	userdom_use_unpriv_users_fds(sulogin_t)
245	245
246		staff_search_home_dirs(sulogin_t)
	246	optional_policy(`
	247	staff_search_home_dirs(sulogin_t)
	248	')
247	249
248	250	sysadm_shell_domtrans(sulogin_t)

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/modutils.te

r203	r211
209	209	# Read System.map from home directories.
210	210	files_list_home(depmod_t)
211		staff_read_home_content_files(depmod_t)
	211	optional_policy(`
	212	staff_read_home_content_files(depmod_t)
	213	')
212	214	sysadm_read_home_content_files(depmod_t)
213	215

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/sysnetwork.te

r203	r211
137	137	modutils_domtrans_insmod(dhcpc_t)
138	138
139		staff_dontaudit_search_home_dirs(dhcpc_t)
	139	optional_policy(`
	140	staff_dontaudit_search_home_dirs(dhcpc_t)
	141	')
140	142
141	143	ifdef(`distro_redhat', `

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/userdomain.if

r203	r211
1456	1456	seutil_run_setfiles($1, $2, $3)
1457	1457
1458		staff_dontaudit_append_home_content_files($1)
	1458	optional_policy(`
	1459	staff_dontaudit_append_home_content_files($1)
	1460	')
1459	1461
1460	1462	sysadm_dontaudit_read_home_content_files($1)

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/system/userdomain.te

r210	r211
120	120	###
121	121	###########################################
122		####
123		#### Sysadm local policy
124		####
125		###
126		#### for su
127		###allow sysadm_t userdomain:fd use;
128		###
129		#### Add/remove user home directories
130		###allow sysadm_t user_home_dir_t:dir manage_dir_perms;
131		###files_home_filetrans(sysadm_t, user_home_dir_t, dir)
132		###
133		###corecmd_exec_shell(sysadm_t)
134		###
135		###mls_process_read_up(sysadm_t)
136		###
137		###init_exec(sysadm_t)
138		###
139		#### Following for sending reboot and wall messages
140		###userdom_use_unpriv_users_ptys(sysadm_t)
141		###userdom_use_unpriv_users_ttys(sysadm_t)
142		###
143		###ifdef(`direct_sysadm_daemon',`
144		### optional_policy(`
145		### init_run_daemon(sysadm_t, sysadm_r, admin_terminal)
146		### ')
147		###',`
148		### ifdef(`distro_gentoo',`
149		### optional_policy(`
150		### seutil_init_script_run_runinit(sysadm_t, sysadm_r, admin_terminal)
151		### ')
152		### ')
153		###')
154		###
155		###allow auditadm_t self:capability { dac_read_search dac_override };
156		###seutil_run_runinit(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
157		###domain_kill_all_domains(auditadm_t)
158		###seutil_read_bin_policy(auditadm_t)
159		###corecmd_exec_shell(auditadm_t)
160		###logging_send_syslog_msg(auditadm_t)
161		###logging_read_generic_logs(auditadm_t)
162		###logging_manage_audit_log(auditadm_t)
163		###logging_manage_audit_config(auditadm_t)
164		###logging_run_auditctl(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
165		###logging_run_auditd(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
166		###userdom_dontaudit_read_sysadm_home_content_files(auditadm_t)
167		###
168		###allow secadm_t self:capability { dac_read_search dac_override };
169		###corecmd_exec_shell(secadm_t)
170		###domain_obj_id_change_exemption(secadm_t)
171		###mls_process_read_up(secadm_t)
172		###mls_file_read_all_levels(secadm_t)
173		###mls_file_write_all_levels(secadm_t)
174		###mls_file_upgrade(secadm_t)
175		###mls_file_downgrade(secadm_t)
176		###auth_relabel_all_files_except_shadow(secadm_t)
177		###dev_relabel_all_dev_nodes(secadm_t)
178		###auth_relabel_shadow(secadm_t)
179		###init_exec(secadm_t)
180		###logging_read_audit_log(secadm_t)
181		###logging_read_generic_logs(secadm_t)
182		###logging_read_audit_config(secadm_t)
183		###userdom_dontaudit_append_staff_home_content_files(secadm_t)
184		###userdom_dontaudit_read_sysadm_home_content_files(secadm_t)
185		###
186		###optional_policy(`
187		### aide_run(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
188		###')
189		###
190		###optional_policy(`
191		### netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
192		###')
193		#### logging_manage_audit_log(sysadm_t)
194		#### logging_manage_audit_config(sysadm_t)
195		#### logging_run_auditctl(sysadm_t, sysadm_r, admin_terminal)
196		###
197		###tunable_policy(`allow_ptrace',`
198		### domain_ptrace_all_domains(sysadm_t)
199		###')
200		###
201		###optional_policy(`
202		### amanda_run_recover(sysadm_t, sysadm_r, admin_terminal)
203		###')
204		###
205		###optional_policy(`
206		### apache_run_helper(sysadm_t, sysadm_r, admin_terminal)
207		### #apache_run_all_scripts(sysadm_t, sysadm_r)
208		### #apache_domtrans_sys_script(sysadm_t)
209		###')
210		###
211		###optional_policy(`
212		### tzdata_domtrans(sysadm_t)
213		###')
214		###
215		###optional_policy(`
216		### raid_domtrans_mdadm(sysadm_t)
217		###')
218		###
219		###optional_policy(`
220		### # cjp: why is this not apm_run_client
221		### apm_domtrans_client(sysadm_t)
222		###')
223		###
224		###optional_policy(`
225		### apt_run(sysadm_t, sysadm_r, admin_terminal)
226		###')
227		###
228		###optional_policy(`
229		### backup_run(sysadm_t, sysadm_r, admin_terminal)
230		###')
231		###
232		###optional_policy(`
233		### bootloader_run(sysadm_t, sysadm_r, admin_terminal)
234		###')
235		###
236		###optional_policy(`
237		### bind_run_ndc(sysadm_t, sysadm_r, admin_terminal)
238		###')
239		###
240		###optional_policy(`
241		### certwatch_run(sysadm_t, sysadm_r, admin_terminal)
242		###')
243		###
244		###optional_policy(`
245		### consoletype_run(sysadm_t, sysadm_r, admin_terminal)
246		###')
247		###
248		###optional_policy(`
249		### clock_run(sysadm_t, sysadm_r, admin_terminal)
250		###')
251		###
252		###optional_policy(`
253		### clockspeed_run_cli(sysadm_t, sysadm_r, admin_terminal)
254		###')
255		###
256		###optional_policy(`
257		### cvs_exec(sysadm_t)
258		###')
259		###
260		###optional_policy(`
261		### consoletype_exec(sysadm_t)
262		###
263		### consoletype_exec(auditadm_t)
264		###')
265		###
266		###optional_policy(`
267		### cron_admin_template(sysadm, sysadm_t, sysadm_r)
268		###')
269		###
270		###optional_policy(`
271		### dcc_run_cdcc(sysadm_t, sysadm_r, admin_terminal)
272		### dcc_run_client(sysadm_t, sysadm_r, admin_terminal)
273		### dcc_run_dbclean(sysadm_t, sysadm_r, admin_terminal)
274		###')
275		###
276		###optional_policy(`
277		### ddcprobe_run(sysadm_t, sysadm_r, admin_terminal)
278		###')
279		###
280		###optional_policy(`
281		### dmesg_exec(sysadm_t)
282		###
283		### dmesg_exec(auditadm_t)
284		###')
285		###
286		###optional_policy(`
287		### dmidecode_run(sysadm_t, sysadm_r, admin_terminal)
288		###')
289		###
290		###optional_policy(`
291		### dpkg_run(sysadm_t, sysadm_r, admin_terminal)
292		###')
293		###
294		###optional_policy(`
295		### ethereal_run_tethereal(sysadm_t, sysadm_r, admin_terminal)
296		### ethereal_admin_template(sysadm, sysadm_t, sysadm_r)
297		###')
298		###
299		###optional_policy(`
300		### firstboot_run(sysadm_t, sysadm_r, sysadm_tty_device_t)
301		###')
302		###
303		###optional_policy(`
304		### fstools_run(sysadm_t, sysadm_r, admin_terminal)
305		###')
306		###
307		###optional_policy(`
308		### hostname_run(sysadm_t, sysadm_r, admin_terminal)
309		###')
310		###
311		###optional_policy(`
312		### # allow system administrator to use the ipsec script to look
313		### # at things (e.g., ipsec auto --status)
314		### # probably should create an ipsec_admin role for this kind of thing
315		### ipsec_exec_mgmt(sysadm_t)
316		### ipsec_stream_connect(sysadm_t)
317		### # for lsof
318		### ipsec_getattr_key_sockets(sysadm_t)
319		###')
320		###
321		###optional_policy(`
322		### iptables_run(sysadm_t, sysadm_r, admin_terminal)
323		###')
324		###
325		###optional_policy(`
326		### libs_run_ldconfig(sysadm_t, sysadm_r, admin_terminal)
327		###')
328		###
329		###optional_policy(`
330		### lvm_run(sysadm_t, sysadm_r, admin_terminal)
331		###')
332		###
333		###optional_policy(`
334		### logrotate_run(sysadm_t, sysadm_r, admin_terminal)
335		###')
336		###
337		###optional_policy(`
338		### lpd_run_checkpc(sysadm_t, sysadm_r, admin_terminal)
339		### lpr_admin_template(sysadm, sysadm_t, sysadm_r)
340		###')
341		###
342		###optional_policy(`
343		### kudzu_run(sysadm_t, sysadm_r, admin_terminal)
344		###')
345		###
346		###optional_policy(`
347		### modutils_run_depmod(sysadm_t, sysadm_r, admin_terminal)
348		### modutils_run_insmod(sysadm_t, sysadm_r, admin_terminal)
349		### modutils_run_update_mods(sysadm_t, sysadm_r, admin_terminal)
350		###')
351		###
352		###optional_policy(`
353		### mount_run(sysadm_t, sysadm_r, admin_terminal)
354		###')
355		###
356		###optional_policy(`
357		### mta_admin_template(sysadm, sysadm_t, sysadm_r)
358		###')
359		###
360		###optional_policy(`
361		### mysql_stream_connect(sysadm_t)
362		###')
363		###
364		###optional_policy(`
365		### netutils_run(sysadm_t, sysadm_r, admin_terminal)
366		### netutils_run_ping(sysadm_t, sysadm_r, admin_terminal)
367		### netutils_run_traceroute(sysadm_t, sysadm_r, admin_terminal)
368		###')
369		###
370		###optional_policy(`
371		### rpc_domtrans_nfsd(sysadm_t)
372		###')
373		###
374		###optional_policy(`
375		### munin_stream_connect(sysadm_t)
376		###')
377		###
378		###optional_policy(`
379		### ntp_stub()
380		### corenet_udp_bind_ntp_port(sysadm_t)
381		###')
382		###
383		###optional_policy(`
384		### oav_run_update(sysadm_t, sysadm_r, admin_terminal)
385		###')
386		###
387		###optional_policy(`
388		### pcmcia_run_cardctl(sysadm_t, sysadm_r, admin_terminal)
389		###')
390		###
391		###optional_policy(`
392		### portage_run(sysadm_t, sysadm_r, admin_terminal)
393		### portage_run_gcc_config(sysadm_t, sysadm_r, admin_terminal)
394		###')
395		###
396		###optional_policy(`
397		### portmap_run_helper(sysadm_t, sysadm_r, admin_terminal)
398		###')
399		###
400		###optional_policy(`
401		### quota_run(sysadm_t, sysadm_r, admin_terminal)
402		###')
403		###
404		###optional_policy(`
405		### rpm_run(sysadm_t, sysadm_r, admin_terminal)
406		###')
407		###
408		###optional_policy(`
409		### rsync_exec(sysadm_t)
410		###')
411		###
412		###optional_policy(`
413		### samba_run_net(sysadm_t, sysadm_r, admin_terminal)
414		### samba_run_winbind_helper(sysadm_t, sysadm_r, admin_terminal)
415		###')
416		###
417		###optional_policy(`
418		### seutil_run_setfiles(sysadm_t, sysadm_r, admin_terminal)
419		### seutil_run_runinit(sysadm_t, sysadm_r, admin_terminal)
420		###
421		### userdom_security_admin_template(secadm_t, secadm_r, { secadm_tty_device_t sysadm_devpts_t })
422		###')
423		###
424		###optional_policy(`
425		### sysnet_run_ifconfig(sysadm_t, sysadm_r, admin_terminal)
426		### sysnet_run_dhcpc(sysadm_t, sysadm_r, admin_terminal)
427		###')
428		###
429		###optional_policy(`
430		### tripwire_run_siggen(sysadm_t, sysadm_r, admin_terminal)
431		### tripwire_run_tripwire(sysadm_t, sysadm_r, admin_terminal)
432		### tripwire_run_twadmin(sysadm_t, sysadm_r, admin_terminal)
433		### tripwire_run_twprint(sysadm_t, sysadm_r, admin_terminal)
434		###')
435		###
436		###optional_policy(`
437		### unconfined_domtrans(sysadm_t, sysadm_r, admin_terminal)
438		###')
439		###
440		###optional_policy(`
441		### usbmodules_run(sysadm_t, sysadm_r, admin_terminal)
442		###')
443		###
444		###optional_policy(`
445		### usermanage_run_admin_passwd(sysadm_t, sysadm_r, admin_terminal)
446		### usermanage_run_groupadd(sysadm_t, sysadm_r, admin_terminal)
447		### usermanage_run_useradd(sysadm_t, sysadm_r, admin_terminal)
448		###')
449		###
450		###optional_policy(`
451		### vpn_run(sysadm_t, sysadm_r, admin_terminal)
452		###')
453		###
454		###optional_policy(`
455		### webalizer_run(sysadm_t, sysadm_r, admin_terminal)
456		###')
457		###
458		###optional_policy(`
459		### yam_run(sysadm_t, sysadm_r, admin_terminal)
460		###')
	122	#
	123	# Sysadm local policy
	124	#
	125
	126	# for su
	127	allow sysadm_t userdomain:fd use;
	128
	129	# Add/remove user home directories
	130	allow sysadm_t user_home_dir_t:dir manage_dir_perms;
	131	files_home_filetrans(sysadm_t, user_home_dir_t, dir)
	132
	133	corecmd_exec_shell(sysadm_t)
	134
	135	mls_process_read_up(sysadm_t)
	136
	137	init_exec(sysadm_t)
	138
	139	# Following for sending reboot and wall messages
	140	userdom_use_unpriv_users_ptys(sysadm_t)
	141	userdom_use_unpriv_users_ttys(sysadm_t)
	142
	143	ifdef(`direct_sysadm_daemon',`
	144	optional_policy(`
	145	init_run_daemon(sysadm_t, sysadm_r, admin_terminal)
	146	')
	147	',`
	148	ifdef(`distro_gentoo',`
	149	optional_policy(`
	150	seutil_init_script_run_runinit(sysadm_t, sysadm_r, admin_terminal)
	151	')
	152	')
	153	')
	154
	155	allow auditadm_t self:capability { dac_read_search dac_override };
	156	seutil_run_runinit(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
	157	domain_kill_all_domains(auditadm_t)
	158	seutil_read_bin_policy(auditadm_t)
	159	corecmd_exec_shell(auditadm_t)
	160	logging_send_syslog_msg(auditadm_t)
	161	logging_read_generic_logs(auditadm_t)
	162	logging_manage_audit_log(auditadm_t)
	163	logging_manage_audit_config(auditadm_t)
	164	logging_run_auditctl(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
	165	logging_run_auditd(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
	166	sysadm_dontaudit_read_home_content_files(auditadm_t)
	167
	168	allow secadm_t self:capability { dac_read_search dac_override };
	169	corecmd_exec_shell(secadm_t)
	170	domain_obj_id_change_exemption(secadm_t)
	171	mls_process_read_up(secadm_t)
	172	mls_file_read_all_levels(secadm_t)
	173	mls_file_write_all_levels(secadm_t)
	174	mls_file_upgrade(secadm_t)
	175	mls_file_downgrade(secadm_t)
	176	auth_relabel_all_files_except_shadow(secadm_t)
	177	dev_relabel_all_dev_nodes(secadm_t)
	178	auth_relabel_shadow(secadm_t)
	179	init_exec(secadm_t)
	180	logging_read_audit_log(secadm_t)
	181	logging_read_generic_logs(secadm_t)
	182	logging_read_audit_config(secadm_t)
	183	optional_policy(`
	184	staff_dontaudit_append_home_content_files(secadm_t)
	185	')
	186	sysadm_dontaudit_read_home_content_files(secadm_t)
	187
	188	optional_policy(`
	189	aide_run(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
	190	')
	191
	192	optional_policy(`
	193	netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
	194	')
	195	# logging_manage_audit_log(sysadm_t)
	196	# logging_manage_audit_config(sysadm_t)
	197	# logging_run_auditctl(sysadm_t, sysadm_r, admin_terminal)
	198
	199	tunable_policy(`allow_ptrace',`
	200	domain_ptrace_all_domains(sysadm_t)
	201	')
	202
	203	optional_policy(`
	204	amanda_run_recover(sysadm_t, sysadm_r, admin_terminal)
	205	')
	206
	207	optional_policy(`
	208	apache_run_helper(sysadm_t, sysadm_r, admin_terminal)
	209	#apache_run_all_scripts(sysadm_t, sysadm_r)
	210	#apache_domtrans_sys_script(sysadm_t)
	211	')
	212
	213	optional_policy(`
	214	tzdata_domtrans(sysadm_t)
	215	')
	216
	217	optional_policy(`
	218	raid_domtrans_mdadm(sysadm_t)
	219	')
	220
	221	optional_policy(`
	222	# cjp: why is this not apm_run_client
	223	apm_domtrans_client(sysadm_t)
	224	')
	225
	226	optional_policy(`
	227	apt_run(sysadm_t, sysadm_r, admin_terminal)
	228	')
	229
	230	optional_policy(`
	231	backup_run(sysadm_t, sysadm_r, admin_terminal)
	232	')
	233
	234	optional_policy(`
	235	bootloader_run(sysadm_t, sysadm_r, admin_terminal)
	236	')
	237
	238	optional_policy(`
	239	bind_run_ndc(sysadm_t, sysadm_r, admin_terminal)
	240	')
	241
	242	optional_policy(`
	243	certwatch_run(sysadm_t, sysadm_r, admin_terminal)
	244	')
	245
	246	optional_policy(`
	247	consoletype_run(sysadm_t, sysadm_r, admin_terminal)
	248	')
	249
	250	optional_policy(`
	251	clock_run(sysadm_t, sysadm_r, admin_terminal)
	252	')
	253
	254	optional_policy(`
	255	clockspeed_run_cli(sysadm_t, sysadm_r, admin_terminal)
	256	')
	257
	258	optional_policy(`
	259	cvs_exec(sysadm_t)
	260	')
	261
	262	optional_policy(`
	263	consoletype_exec(sysadm_t)
	264
	265	consoletype_exec(auditadm_t)
	266	')
	267
	268	optional_policy(`
	269	cron_admin_template(sysadm, sysadm_t, sysadm_r)
	270	')
	271
	272	optional_policy(`
	273	dcc_run_cdcc(sysadm_t, sysadm_r, admin_terminal)
	274	dcc_run_client(sysadm_t, sysadm_r, admin_terminal)
	275	dcc_run_dbclean(sysadm_t, sysadm_r, admin_terminal)
	276	')
	277
	278	optional_policy(`
	279	ddcprobe_run(sysadm_t, sysadm_r, admin_terminal)
	280	')
	281
	282	optional_policy(`
	283	dmesg_exec(sysadm_t)
	284
	285	dmesg_exec(auditadm_t)
	286	')
	287
	288	optional_policy(`
	289	dmidecode_run(sysadm_t, sysadm_r, admin_terminal)
	290	')
	291
	292	optional_policy(`
	293	dpkg_run(sysadm_t, sysadm_r, admin_terminal)
	294	')
	295
	296	optional_policy(`
	297	ethereal_run_tethereal(sysadm_t, sysadm_r, admin_terminal)
	298	ethereal_admin_template(sysadm, sysadm_t, sysadm_r)
	299	')
	300
	301	optional_policy(`
	302	firstboot_run(sysadm_t, sysadm_r, sysadm_tty_device_t)
	303	')
	304
	305	optional_policy(`
	306	fstools_run(sysadm_t, sysadm_r, admin_terminal)
	307	')
	308
	309	optional_policy(`
	310	hostname_run(sysadm_t, sysadm_r, admin_terminal)
	311	')
	312
	313	optional_policy(`
	314	# allow system administrator to use the ipsec script to look
	315	# at things (e.g., ipsec auto --status)
	316	# probably should create an ipsec_admin role for this kind of thing
	317	ipsec_exec_mgmt(sysadm_t)
	318	ipsec_stream_connect(sysadm_t)
	319	# for lsof
	320	ipsec_getattr_key_sockets(sysadm_t)
	321	')
	322
	323	optional_policy(`
	324	iptables_run(sysadm_t, sysadm_r, admin_terminal)
	325	')
	326
	327	optional_policy(`
	328	libs_run_ldconfig(sysadm_t, sysadm_r, admin_terminal)
	329	')
	330
	331	optional_policy(`
	332	lvm_run(sysadm_t, sysadm_r, admin_terminal)
	333	')
	334
	335	optional_policy(`
	336	logrotate_run(sysadm_t, sysadm_r, admin_terminal)
	337	')
	338
	339	optional_policy(`
	340	lpd_run_checkpc(sysadm_t, sysadm_r, admin_terminal)
	341	lpr_admin_template(sysadm, sysadm_t, sysadm_r)
	342	')
	343
	344	optional_policy(`
	345	kudzu_run(sysadm_t, sysadm_r, admin_terminal)
	346	')
	347
	348	optional_policy(`
	349	modutils_run_depmod(sysadm_t, sysadm_r, admin_terminal)
	350	modutils_run_insmod(sysadm_t, sysadm_r, admin_terminal)
	351	modutils_run_update_mods(sysadm_t, sysadm_r, admin_terminal)
	352	')
	353
	354	optional_policy(`
	355	mount_run(sysadm_t, sysadm_r, admin_terminal)
	356	')
	357
	358	optional_policy(`
	359	mta_admin_template(sysadm, sysadm_t, sysadm_r)
	360	')
	361
	362	optional_policy(`
	363	mysql_stream_connect(sysadm_t)
	364	')
	365
	366	optional_policy(`
	367	netutils_run(sysadm_t, sysadm_r, admin_terminal)
	368	netutils_run_ping(sysadm_t, sysadm_r, admin_terminal)
	369	netutils_run_traceroute(sysadm_t, sysadm_r, admin_terminal)
	370	')
	371
	372	optional_policy(`
	373	rpc_domtrans_nfsd(sysadm_t)
	374	')
	375
	376	optional_policy(`
	377	munin_stream_connect(sysadm_t)
	378	')
	379
	380	optional_policy(`
	381	ntp_stub()
	382	corenet_udp_bind_ntp_port(sysadm_t)
	383	')
	384
	385	optional_policy(`
	386	oav_run_update(sysadm_t, sysadm_r, admin_terminal)
	387	')
	388
	389	optional_policy(`
	390	pcmcia_run_cardctl(sysadm_t, sysadm_r, admin_terminal)
	391	')
	392
	393	optional_policy(`
	394	portage_run(sysadm_t, sysadm_r, admin_terminal)
	395	portage_run_gcc_config(sysadm_t, sysadm_r, admin_terminal)
	396	')
	397
	398	optional_policy(`
	399	portmap_run_helper(sysadm_t, sysadm_r, admin_terminal)
	400	')
	401
	402	optional_policy(`
	403	quota_run(sysadm_t, sysadm_r, admin_terminal)
	404	')
	405
	406	optional_policy(`
	407	rpm_run(sysadm_t, sysadm_r, admin_terminal)
	408	')
	409
	410	optional_policy(`
	411	rsync_exec(sysadm_t)
	412	')
	413
	414	optional_policy(`
	415	samba_run_net(sysadm_t, sysadm_r, admin_terminal)
	416	samba_run_winbind_helper(sysadm_t, sysadm_r, admin_terminal)
	417	')
	418
	419	optional_policy(`
	420	seutil_run_setfiles(sysadm_t, sysadm_r, admin_terminal)
	421	seutil_run_runinit(sysadm_t, sysadm_r, admin_terminal)
	422
	423	userdom_security_admin_template(secadm_t, secadm_r, { secadm_tty_device_t sysadm_devpts_t })
	424	')
	425
	426	optional_policy(`
	427	sysnet_run_ifconfig(sysadm_t, sysadm_r, admin_terminal)
	428	sysnet_run_dhcpc(sysadm_t, sysadm_r, admin_terminal)
	429	')
	430
	431	optional_policy(`
	432	tripwire_run_siggen(sysadm_t, sysadm_r, admin_terminal)
	433	tripwire_run_tripwire(sysadm_t, sysadm_r, admin_terminal)
	434	tripwire_run_twadmin(sysadm_t, sysadm_r, admin_terminal)
	435	tripwire_run_twprint(sysadm_t, sysadm_r, admin_terminal)
	436	')
	437
	438	optional_policy(`
	439	unconfined_domtrans(sysadm_t, sysadm_r, admin_terminal)
	440	')
	441
	442	optional_policy(`
	443	usbmodules_run(sysadm_t, sysadm_r, admin_terminal)
	444	')
	445
	446	optional_policy(`
	447	usermanage_run_admin_passwd(sysadm_t, sysadm_r, admin_terminal)
	448	usermanage_run_groupadd(sysadm_t, sysadm_r, admin_terminal)
	449	usermanage_run_useradd(sysadm_t, sysadm_r, admin_terminal)
	450	')
	451
	452	optional_policy(`
	453	vpn_run(sysadm_t, sysadm_r, admin_terminal)
	454	')
	455
	456	optional_policy(`
	457	webalizer_run(sysadm_t, sysadm_r, admin_terminal)
	458	')
	459
	460	optional_policy(`
	461	yam_run(sysadm_t, sysadm_r, admin_terminal)
	462	')

Download in other formats:

Unified Diff
Zip Disabled

* Note large changesets can take awhile to generate.