From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 19 Feb 2010 08:47:34 -0500
Subject: [refpolicy] roles_staff.patch
In-Reply-To: <4B7D7F6D.4070009@redhat.com>
References: <4B7C1144.9020105@redhat.com>
	<1266510741.11694.141.camel@gorn.columbia.tresys.com>
	<4B7D7F6D.4070009@redhat.com>
Message-ID: <1266587254.11694.148.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2010-02-18 at 12:57 -0500, Daniel J Walsh wrote:
> On 02/18/2010 11:32 AM, Christopher J. PeBenito wrote:
> > On Wed, 2010-02-17 at 10:54 -0500, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_staff.patch
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_unprivuser.patch
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_sysadm.patch
> >>
> >> Updated patches including ifndef redhat to remove all the old cruft caused by the per_role_template in ancient policy.
> >
> > These don't look updated; I don't see any ifndef.
> >
> >> staff - Add setexec so it can use sandbox
> >>
> >> Allow it to read kernel state.
> >> Allow it to use rtkit
> >>
> >> Lots of real world access required by staff_usertype.
> >>
> >> Also allow staff_t to transition to unconfined_t through sudo.
> >>
> >
> Sorry.
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_staff.patch
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_unprivuser.patch
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/roles_sysadm.patch

Please collect all the indef distro_redhat down at the bottom, in one
single large ifndef block for each module.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150