From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:07:39 +0100
Subject: [refpolicy] [PATCH 9/34]: patch for logging in the sysadm role
Message-ID: <1297836459.3205.45.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch adds some permissions (through interface calls) needed
by the sysadm role (in particular logging permissions).

diff -pruN refpolicy-git-15022011-new-before-modification/policy/modules/roles/sysadm.te refpolicy-git-15022011-new-modified/policy/modules/roles/sysadm.te
--- refpolicy-git-15022011-new-before-modification/policy/modules/roles/sysadm.te	2011-01-08 19:07:21.214736932 +0100
+++ refpolicy-git-15022011-new-modified/policy/modules/roles/sysadm.te	2011-02-15 23:10:39.681408593 +0100
@@ -34,6 +34,10 @@ ubac_file_exempt(sysadm_t)
 ubac_fd_exempt(sysadm_t)
 
 init_exec(sysadm_t)
+init_stream_connect(sysadm_t)
+
+logging_send_audit_msgs(sysadm_t)
+logging_set_tty_audit(sysadm_t)
 
 # Add/remove user home directories
 userdom_manage_user_home_dirs(sysadm_t)