From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 18 Feb 2010 12:57:01 -0500
Subject: [refpolicy] roles_staff.patch
In-Reply-To: <1266510741.11694.141.camel@gorn.columbia.tresys.com>
References: <4B7C1144.9020105@redhat.com>
	<1266510741.11694.141.camel@gorn.columbia.tresys.com>
Message-ID: <4B7D7F6D.4070009@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/18/2010 11:32 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-02-17 at 10:54 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_staff.patch
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_unprivuser.patch
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_sysadm.patch
>>
>> Updated patches including ifndef redhat to remove all the old cruft caused by the per_role_template in ancient policy.
>
> These don't look updated; I don't see any ifndef.
>
>> staff - Add setexec so it can use sandbox
>>
>> Allow it to read kernel state.
>> Allow it to use rtkit
>>
>> Lots of real world access required by staff_usertype.
>>
>> Also allow staff_t to transition to unconfined_t through sudo.
>>
>
Sorry.
http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_staff.patch
http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_unprivuser.patch
http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_sysadm.patch