From: dominick.grift@gmail.com (Dominick Grift)
Date: Mon, 26 Sep 2011 22:12:22 +0200
Subject: [refpolicy] [PATCH 2/2] Make sysadm an asterisk administrator
In-Reply-To: <20110926195753.GC15513@siphos.be>
References: <20110926195542.GA15513@siphos.be>
	<20110926195753.GC15513@siphos.be>
Message-ID: <1317067942.2861.2.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2011-09-26 at 21:57 +0200, Sven Vermeulen wrote:
> Give the asterisk administration role to the sysadm_r role.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/roles/sysadm.te |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
> index 954417f..d9d6726 100644
> --- a/policy/modules/roles/sysadm.te
> +++ b/policy/modules/roles/sysadm.te
> @@ -86,6 +86,10 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	asterisk_admin(sysadm_t, sysadm_r)
> +')

This should not be here. Its mostly duplicate.
I think you might only need to add the asterisk_stream_connect() here if
anything at all.


> +optional_policy(`
>  	auditadm_role_change(sysadm_r)
>  ')
>  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110926/4b9cf0f8/attachment.bin