From: dwalsh@redhat.com (Daniel J Walsh)
Date: Wed, 02 Jun 2010 16:32:59 -0400
Subject: [refpolicy] roles_sysadm.patch
Message-ID: <4C06BFFB.1010605@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_sysadm.patch

sysadm_t needs mls overrides to look at all processes within his range.

Dontaudit domains outside his range, so tools like top will work.


Allow sysadm to exec all applications and scripts

Manage user tmp content

connect to syslog

Eliminate transitions that redhat does not want.