From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 9 Jun 2015 08:40:36 -0400 Subject: [refpolicy] [PATCH v2 2/2] Add all the missing _admin interfaces to sysadm In-Reply-To: <1433795902-12448-2-git-send-email-jason@perfinion.com> References: <1433795902-12448-1-git-send-email-jason@perfinion.com> <1433795902-12448-2-git-send-email-jason@perfinion.com> Message-ID: <5576DEC4.5010003@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 6/8/2015 4:38 PM, Jason Zaman wrote: > Lots of the foo_admin() interfaces were not applied to sysadm. This > patch adds all the ones that were missing. > > The tests pass for all combinations of distros, monolithic, > direct_initrc, standard/mcs/mls. Merged. > --- > policy/modules/roles/sysadm.te | 788 ++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 784 insertions(+), 4 deletions(-) > > diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te > index f9919fd..5a95779 100644 > --- a/policy/modules/roles/sysadm.te > +++ b/policy/modules/roles/sysadm.te > @@ -66,10 +66,47 @@ tunable_policy(`allow_ptrace',` > ') > > optional_policy(` > + abrt_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + accountsd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + acct_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + afs_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + aiccu_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + aide_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + aisexecd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > amanda_run_recover(sysadm_t, sysadm_r) > ') > > optional_policy(` > + amavis_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + amtu_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + apache_admin(sysadm_t, sysadm_r) > apache_run_helper(sysadm_t, sysadm_r) > #apache_run_all_scripts(sysadm_t, sysadm_r) > #apache_domtrans_sys_script(sysadm_t) > @@ -77,8 +114,12 @@ optional_policy(` > ') > > optional_policy(` > - # cjp: why is this not apm_run_client > - apm_domtrans_client(sysadm_t) > + apcupsd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + apm_admin(sysadm_t, sysadm_r) > + apm_run_client(sysadm_t, sysadm_r) > ') > > optional_policy(` > @@ -86,6 +127,11 @@ optional_policy(` > ') > > optional_policy(` > + arpwatch_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + asterisk_admin(sysadm_t, sysadm_r) > asterisk_stream_connect(sysadm_t) > ') > > @@ -94,26 +140,104 @@ optional_policy(` > ') > > optional_policy(` > + automount_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + avahi_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > backup_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > bacula_run_admin(sysadm_t, sysadm_r) > + bacula_admin(sysadm_t, sysadm_r) > ') > > optional_policy(` > + bcfg2_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + bind_admin(sysadm_t, sysadm_r) > bind_run_ndc(sysadm_t, sysadm_r) > ') > > optional_policy(` > + bird_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + bitlbee_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + boinc_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > bootloader_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + bugzilla_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cachefilesd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + calamaris_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + callweaver_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + canna_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ccs_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + certmaster_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + certmonger_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > certwatch_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + cfengine_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cgroup_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + chronyd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cipe_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + clamav_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > clock_run(sysadm_t, sysadm_r) > ') > > @@ -122,24 +246,101 @@ optional_policy(` > ') > > optional_policy(` > + cmirrord_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cobbler_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + collectd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + condor_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > consoletype_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + corosync_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + couchdb_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ctdb_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cups_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cvs_admin(sysadm_t, sysadm_r) > cvs_exec(sysadm_t) > ') > > optional_policy(` > + cyphesis_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + cyrus_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dante_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > dcc_run_cdcc(sysadm_t, sysadm_r) > dcc_run_client(sysadm_t, sysadm_r) > dcc_run_dbclean(sysadm_t, sysadm_r) > ') > > optional_policy(` > + ddclient_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > ddcprobe_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + denyhosts_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + devicekit_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dhcpd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dictd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dirmngr_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + distcc_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dkim_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > dmesg_exec(sysadm_t) > ') > > @@ -148,10 +349,54 @@ optional_policy(` > ') > > optional_policy(` > + dnsmasq_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dnssectrigger_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dovecot_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > dpkg_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + drbd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + dspam_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + entropyd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + exim_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + fail2ban_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + fcoe_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + fetchmail_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + firewalld_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > firstboot_run(sysadm_t, sysadm_r) > ') > > @@ -160,7 +405,31 @@ optional_policy(` > ') > > optional_policy(` > - hostname_run(sysadm_t, sysadm_r) > + ftp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + gatekeeper_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + gdomap_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + glance_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + glusterfs_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + gpm_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + gpsd_admin(sysadm_t, sysadm_r) > ') > > optional_policy(` > @@ -168,6 +437,42 @@ optional_policy(` > ') > > optional_policy(` > + hddtemp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + hostname_run(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + howl_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + hypervkvp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + i18n_input_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + icecast_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ifplugd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + inn_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + iodine_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > # allow system administrator to use the ipsec script to look > # at things (e.g., ipsec auto --status) > # probably should create an ipsec_admin role for this kind of thing > @@ -183,14 +488,79 @@ optional_policy(` > ') > > optional_policy(` > + irqbalance_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + iscsi_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + isnsd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + jabber_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + kdump_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + kerberos_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + kerneloops_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + keystone_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + kismet_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ksmtuned_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + kudzu_admin(sysadm_t, sysadm_r) > kudzu_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + l2tp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ldap_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > libs_run_ldconfig(sysadm_t, sysadm_r) > ') > > optional_policy(` > + lightsquid_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + likewise_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + lircd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + lldpad_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > lockdev_role(sysadm_r, sysadm_t) > ') > > @@ -204,16 +574,48 @@ optional_policy(` > ') > > optional_policy(` > + lsmd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > lvm_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + mandb_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + mcelog_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + memcached_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + minidlna_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + minissdpd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > modutils_run_depmod(sysadm_t, sysadm_r) > modutils_run_insmod(sysadm_t, sysadm_r) > modutils_run_update_mods(sysadm_t, sysadm_r) > ') > > optional_policy(` > + mongodb_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + monop_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > mount_run(sysadm_t, sysadm_r) > ') > > @@ -222,10 +624,22 @@ optional_policy(` > ') > > optional_policy(` > + mpd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > mplayer_role(sysadm_r, sysadm_t) > ') > > optional_policy(` > + mrtg_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + mscan_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > mta_role(sysadm_r, sysadm_t) > ') > > @@ -234,29 +648,122 @@ optional_policy(` > ') > > optional_policy(` > + mysql_admin(sysadm_t, sysadm_r) > mysql_stream_connect(sysadm_t) > ') > > optional_policy(` > + nagios_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + nessus_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > netutils_run(sysadm_t, sysadm_r) > netutils_run_ping(sysadm_t, sysadm_r) > netutils_run_traceroute(sysadm_t, sysadm_r) > ') > > optional_policy(` > - ntp_stub() > + networkmanager_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + nis_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + nscd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + nslcd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ntop_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ntp_admin(sysadm_t, sysadm_r) > corenet_udp_bind_ntp_port(sysadm_t) > ') > > optional_policy(` > + numad_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + nut_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > oav_run_update(sysadm_t, sysadm_r) > ') > > optional_policy(` > + oident_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + openct_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + openhpi_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + openvpn_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + openvswitch_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pacemaker_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pads_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > pcmcia_run_cardctl(sysadm_t, sysadm_r) > ') > > optional_policy(` > + pcscd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pegasus_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + perdition_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pingd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pkcs_admin_slotd(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + plymouthd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + polipo_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > portage_run(sysadm_t, sysadm_r) > portage_run_fetch(sysadm_t, sysadm_r) > portage_run_gcc_config(sysadm_t, sysadm_r) > @@ -264,18 +771,86 @@ optional_policy(` > > optional_policy(` > portmap_run_helper(sysadm_t, sysadm_r) > + portmap_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + portreserve_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + postfix_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + postfixpolicyd_admin(sysadm_t, sysadm_r) > ') > > optional_policy(` > + postgrey_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ppp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + prelude_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + privoxy_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + psad_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + puppet_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pxe_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pyicqt_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + pyzor_admin(sysadm_t, sysadm_r) > pyzor_role(sysadm_r, sysadm_t) > ') > > optional_policy(` > + qpidd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + quantum_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > quota_run(sysadm_t, sysadm_r) > + quota_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rabbitmq_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + radius_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + radvd_admin(sysadm_t, sysadm_r) > ') > > optional_policy(` > raid_run_mdadm(sysadm_r, sysadm_t) > + raid_admin_mdadm(sysadm_t, sysadm_r) > ') > > optional_policy(` > @@ -283,11 +858,49 @@ optional_policy(` > ') > > optional_policy(` > + redis_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + resmgr_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rgmanager_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rhcs_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rhsmcertd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + ricci_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rngd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + roundup_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rpc_admin(sysadm_t, sysadm_r) > rpc_domtrans_nfsd(sysadm_t) > ') > > optional_policy(` > + rpcbind_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > rpm_run(sysadm_t, sysadm_r) > + rpm_admin(sysadm_t, sysadm_r) > ') > > optional_policy(` > @@ -295,10 +908,22 @@ optional_policy(` > ') > > optional_policy(` > + rsync_admin(sysadm_t, sysadm_r) > rsync_exec(sysadm_t) > ') > > optional_policy(` > + rtkit_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + rwho_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + samba_admin(sysadm_t, sysadm_r) > + samba_run_smbcontrol(sysadm_t, sysadm_r) > + samba_run_smbmount(sysadm_t, sysadm_r) > samba_run_net(sysadm_t, sysadm_r) > samba_run_winbind_helper(sysadm_t, sysadm_r) > ') > @@ -308,6 +933,18 @@ optional_policy(` > ') > > optional_policy(` > + sanlock_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + sasl_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + sblim_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > screen_role_template(sysadm, sysadm_r, sysadm_t) > ') > > @@ -316,11 +953,52 @@ optional_policy(` > ') > > optional_policy(` > + sensord_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + setroubleshoot_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > seutil_run_setfiles(sysadm_t, sysadm_r) > seutil_run_runinit(sysadm_t, sysadm_r) > ') > > optional_policy(` > + shorewall_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + slpd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + smartmon_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + smokeping_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + smstools_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + snmp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + snort_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + soundserver_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + spamassassin_admin(sysadm_t, sysadm_r) > spamassassin_role(sysadm_r, sysadm_t) > ') > > @@ -329,10 +1007,18 @@ optional_policy(` > ') > > optional_policy(` > + sssd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > staff_role_change(sysadm_r) > ') > > optional_policy(` > + stapserver_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > su_role_template(sysadm, sysadm_r, sysadm_t) > ') > > @@ -341,15 +1027,43 @@ optional_policy(` > ') > > optional_policy(` > + svnserve_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > sysnet_run_ifconfig(sysadm_t, sysadm_r) > sysnet_run_dhcpc(sysadm_t, sysadm_r) > ') > > optional_policy(` > + sysstat_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + tcsd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + tftp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + tgtd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > thunderbird_role(sysadm_r, sysadm_t) > ') > > optional_policy(` > + tor_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + transproxy_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > tripwire_run_siggen(sysadm_t, sysadm_r) > tripwire_run_tripwire(sysadm_t, sysadm_r) > tripwire_run_twadmin(sysadm_t, sysadm_r) > @@ -365,6 +1079,10 @@ optional_policy(` > ') > > optional_policy(` > + ulogd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > uml_role(sysadm_r, sysadm_t) > ') > > @@ -377,6 +1095,10 @@ optional_policy(` > ') > > optional_policy(` > + uptime_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > usbmodules_run(sysadm_t, sysadm_r) > ') > > @@ -391,6 +1113,31 @@ optional_policy(` > ') > > optional_policy(` > + uucp_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + uuidd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + varnishd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + varnishd_admin_varnishlog(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + vdagent_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + vhostmd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + virt_admin(sysadm_t, sysadm_r) > virt_stream_connect(sysadm_t) > ') > > @@ -399,10 +1146,22 @@ optional_policy(` > ') > > optional_policy(` > + vnstatd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > vpn_run(sysadm_t, sysadm_r) > ') > > optional_policy(` > + watchdog_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + wdmd_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > webalizer_run(sysadm_t, sysadm_r) > ') > > @@ -419,15 +1178,32 @@ optional_policy(` > ') > > optional_policy(` > + xfs_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > yam_run(sysadm_t, sysadm_r) > ') > > +optional_policy(` > + zabbix_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + zarafa_admin(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > + zebra_admin(sysadm_t, sysadm_r) > +') > + > ifndef(`distro_redhat',` > optional_policy(` > auth_role(sysadm_r, sysadm_t) > ') > > optional_policy(` > + bluetooth_admin(sysadm_t, sysadm_r) > bluetooth_role(sysadm_r, sysadm_t) > ') > > @@ -468,6 +1244,10 @@ ifndef(`distro_redhat',` > ') > > optional_policy(` > + ircd_admin(sysadm_t, sysadm_r) > + ') > + > + optional_policy(` > java_role(sysadm_r, sysadm_t) > ') > ') > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com