From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 10 Oct 2008 17:16:06 -0400
Subject: [refpolicy] admin_prelink.patch
Message-ID: <48EFC616.5050606@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F10/admin_prelink.patch

needs sys_resource priv

needs to be able to execmod badly written libraries in /tmp

reads kernel_sysctls

Needs to manage files in /usr that do not have correctl label and
relabel them to the correct name for third party apps

Has to be able to manage files in homedirs

Finally I say the hell with it and run this as a unconfined_domain.

It can rewrite all executabels so no real good in confineing it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjvxhYACgkQrlYvE4MpobOxKQCdHenndfMKM/MDNguEHy41AG5W
CygAn2B4sMzEGO7TD3L9NkSl49QLAsDP
=c2ev
-----END PGP SIGNATURE-----