From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 28 Oct 2011 18:30:34 +0200
Subject: [refpolicy] [PATCH v2 3/3] Allow users,
 staff and sysadm to use mutt
In-Reply-To: <4EAAB04B.1000703@tresys.com>
References: <20111003200247.GA7198@siphos.be> <20111003200428.GD7198@siphos.be>
	<4EAAB04B.1000703@tresys.com>
Message-ID: <20111028163016.GA23945@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, Oct 28, 2011 at 09:38:19AM -0400, Christopher J. PeBenito wrote:
> On 10/03/11 16:04, Sven Vermeulen wrote:
> > diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
> > index 954417f..edee69a 100644
> > --- a/policy/modules/roles/sysadm.te
> > +++ b/policy/modules/roles/sysadm.te
> > @@ -461,5 +461,9 @@ ifndef(`distro_redhat',`
> >  	optional_policy(`
> >  		java_role(sysadm_r, sysadm_t)
> >  	')
> > +
> > +	optional_policy(`
> > +		mutt_role(sysadm_r, sysadm_t)
> > +	')
> >  ')
> 
> Does sysadm really need this?  They should be using their staff role for that.

Need? Perhaps not (or not in a reference policy). I "need" it when I log on as
root directly (which here means the SELinux root user which is immediately on
the sysadm_r role) and need to read the local (system-generated) mails. 

But I might be just too lazy to newrole here towards staff_r.

I'll drop it from the patch set.

Wkr,
	Sven Vermeulen