From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 17 Feb 2010 09:05:32 -0500
Subject: [refpolicy] roles_staff.patch
In-Reply-To: <4AFC7915.8080607@redhat.com>
References: <4AFC7915.8080607@redhat.com>
Message-ID: <1266415532.11694.66.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-11-12 at 16:07 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/roles_staff.patch
> 
> add setexec so staff_t can run sandbox.  Maybe want to add to user_t
> also.
> 
> I think we need to remove all the role transition stuff from staff_t
> and allow users to choose which domains they want to play with

Same thing as for unprivuser.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150