From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 06 Jul 2010 08:42:28 -0400
Subject: [refpolicy] roles_staff.patch
In-Reply-To: <4C06BF9E.6030300@redhat.com>
References: <4C06BF9E.6030300@redhat.com>
Message-ID: <4C3324B4.9030603@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/02/10 16:31, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_staff.patch
>
> Allow staff user to exec files on removable devices
>
> Needs access to run sandbox
>
> Additional access for staff reading kernel info.
>
> staff_t needs to run newrole to relabel content in his homedir
>
> Needs to run ping
>
> Added distro_redhat to eliminate all of the transitions that we did not
> want.

This needs to be cleaned up, its way off from typical refpolicy style. 
Also, instead of ifndef'ing individual optional blocks, they should all 
be collected into one big ifndef block.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com