From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 12 Jul 2010 13:35:53 -0400
Subject: [refpolicy] roles_auditadm.patch
In-Reply-To: <4C3B41D9.50501@gmail.com>
References: <4C06BEE1.3090502@redhat.com>
	<4C332130.1090106@tresys.com>	<4C3B2DD9.50906@redhat.com>
	<4C3B41D9.50501@gmail.com>
Message-ID: <4C3B5279.2050900@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/12/2010 12:24 PM, Dominick Grift wrote:
> On 07/12/2010 04:59 PM, Daniel J Walsh wrote:
>> On 07/06/2010 08:27 AM, Christopher J. PeBenito wrote:
>>> On 06/02/10 16:28, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_auditadm.patch
>>>>
>>>> Auditadmin should be able to connect to the syslog. Dontaudit search
>>>> /root.
>>>
>>> Not clear why auditadm would connecting to syslog; what program are they
>>> running?  Also, the interface doesn't exist.
>>>
>>
>> This is some old stuff, but I guess it would have to do with changing
>> the way syslog worked.
>>
>> Probably needs the ability to manage the syslog/auditd process also.
> 
> Any particular reason why these "mls roles" need to be login users and
> unlike webadm etc:?
> 
> userdom_unpriv_user_template(auditadm)
> 
> userdom_base_user_template(webadm)
> 
> 
I am not sure,  In MLS mode in RHEL5 we allowed you to login directly as
auditadm_t on MLS boxes.  But I would prefer to move to

userdom_base_user_template(auditadm)
> 
> 
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> 
> 
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy