From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 06 Jul 2010 08:44:53 -0400
Subject: [refpolicy] roles_sysadm.patch
In-Reply-To: <4C06BFFB.1010605@redhat.com>
References: <4C06BFFB.1010605@redhat.com>
Message-ID: <4C332545.2070507@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/02/10 16:32, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_sysadm.patch
>
> sysadm_t needs mls overrides to look at all processes within his range.
>
> Dontaudit domains outside his range, so tools like top will work.
>
>
> Allow sysadm to exec all applications and scripts
>
> Manage user tmp content
>
> connect to syslog
>
> Eliminate transitions that redhat does not want.

Similarly to the staff patch, needs style cleanup.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com