From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 12 Jul 2010 10:19:06 -0400
Subject: [refpolicy] roles_staff.patch
In-Reply-To: <4C3324B4.9030603@tresys.com>
References: <4C06BF9E.6030300@redhat.com> <4C3324B4.9030603@tresys.com>
Message-ID: <4C3B245A.5030809@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/06/2010 08:42 AM, Christopher J. PeBenito wrote:
> On 06/02/10 16:31, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_staff.patch
>>
>> Allow staff user to exec files on removable devices
>>
>> Needs access to run sandbox
>>
>> Additional access for staff reading kernel info.
>>
>> staff_t needs to run newrole to relabel content in his homedir
>>
>> Needs to run ping
>>
>> Added distro_redhat to eliminate all of the transitions that we did not
>> want.
> 
> This needs to be cleaned up, its way off from typical refpolicy style.
> Also, instead of ifndef'ing individual optional blocks, they should all
> be collected into one big ifndef block.
> 
> 
I originally did this but I thought you asked me to move it to this
format to make the changes less severe.