From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 18 Feb 2010 11:32:21 -0500
Subject: [refpolicy] roles_staff.patch
In-Reply-To: <4B7C1144.9020105@redhat.com>
References: <4B7C1144.9020105@redhat.com>
Message-ID: <1266510741.11694.141.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2010-02-17 at 10:54 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/roles_staff.patch
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/roles_unprivuser.patch
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/roles_sysadm.patch
> 
> Updated patches including ifndef redhat to remove all the old cruft caused by the per_role_template in ancient policy.

These don't look updated; I don't see any ifndef.

> staff - Add setexec so it can use sandbox
> 
> Allow it to read kernel state.
> Allow it to use rtkit
> 
> Lots of real world access required by staff_usertype.
> 
> Also allow staff_t to transition to unconfined_t through sudo.
> 

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150