From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 24 Mar 2009 09:11:37 -0400
Subject: [refpolicy] admin_sudo.patch
Message-ID: <49C8DC09.7060809@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F11/admin_sudo.patch

Lots of fixes for sudo domain.

sudo can now do stuff newrole used to do so it needs lots of SELinux 
acccess to change roles and types.

sudo writes stuff to homedir so needs to manage nfs and cifs if they are 
homedirs

Need role access to send email on failed sudo, as well as checking passwd

Sends audit messages

Sudo checks whether it can execute an app before running so it needs to 
be able to execute any app.

Needs sys_nice