From: dwalsh@redhat.com (Daniel J Walsh) Date: Tue, 20 Jul 2010 14:40:10 -0400 Subject: [refpolicy] roles_staff.patch In-Reply-To: <4C448B4F.40900@tresys.com> References: <4C06BF9E.6030300@redhat.com> <4C3324B4.9030603@tresys.com> <4C3B245A.5030809@redhat.com> <4C448B4F.40900@tresys.com> Message-ID: <4C45ED8A.3070700@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2010 01:28 PM, Christopher J. PeBenito wrote: > On 07/12/10 10:19, Daniel J Walsh wrote: >> On 07/06/2010 08:42 AM, Christopher J. PeBenito wrote: >>> On 06/02/10 16:31, Daniel J Walsh wrote: >>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/roles_staff.patch >>>> >>>> Allow staff user to exec files on removable devices >>>> >>>> Needs access to run sandbox >>>> >>>> Additional access for staff reading kernel info. >>>> >>>> staff_t needs to run newrole to relabel content in his homedir >>>> >>>> Needs to run ping >>>> >>>> Added distro_redhat to eliminate all of the transitions that we did not >>>> want. >>> >>> This needs to be cleaned up, its way off from typical refpolicy style. >>> Also, instead of ifndef'ing individual optional blocks, they should all >>> be collected into one big ifndef block. >>> >>> >> I originally did this but I thought you asked me to move it to this >> format to make the changes less severe. > > Did I? If so, sorry about the confusion. I would prefer that there be > just the single distro_redhat block. But if you can separate the patch > into two: one that moves current rules into the ifndef distro_redhat > block and another that has all the other unrelated changes, that would > make it easier. > > This patch removes the role transitions from staff.te, unprivuser.te and sysadm.te for the redhat policies. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxF7YoACgkQrlYvE4MpobOolQCggKsC1tx29n9zGquB/QMOgghx FiwAnj4dtH4IgfOLwZCCUZMhD+eq8cn4 =WGuF -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: role_trans.patch Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20100720/dd18c081/attachment.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: role_trans.patch.sig Type: application/pgp-signature Size: 72 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100720/dd18c081/attachment.bin