http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_sysadm.patch
sysadm_t needs mls overrides to look at all processes within his range.
Dontaudit domains outside his range, so tools like top will work.
Allow sysadm to exec all applications and scripts
Manage user tmp content
connect to syslog
Eliminate transitions that redhat does not want.
On 06/02/10 16:32, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_sysadm.patch
>
> sysadm_t needs mls overrides to look at all processes within his range.
>
> Dontaudit domains outside his range, so tools like top will work.
>
>
> Allow sysadm to exec all applications and scripts
>
> Manage user tmp content
>
> connect to syslog
>
> Eliminate transitions that redhat does not want.
Similarly to the staff patch, needs style cleanup.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com