* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2014-12-03 12:56 Jason Zaman
2014-12-03 12:54 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
0 siblings, 2 replies; 11+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: f774e2c1acf6fab64fad40f8e5234755c8bf39c3
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Dec 2 08:15:17 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 09:30:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f774e2c1
Unify staff and user roles
user_r had a few things added which were not in staff_r. This adds them
to staff too so they are the same (apart from allowing staff to change
roles).
---
policy/modules/roles/staff.te | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 14706de..1d4b3e0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -192,6 +192,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ dropbox_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
googletalk_run_plugin(staff_t, staff_r)
')
@@ -200,6 +204,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ hadoop_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
links_role(staff_r, staff_t)
')
@@ -216,6 +224,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rtorrent_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
skype_role(staff_r, staff_t)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/ Jason Zaman
@ 2014-12-03 12:54 ` Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
1 sibling, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-12-03 12:54 UTC (permalink / raw
To: gentoo-commits
commit: f774e2c1acf6fab64fad40f8e5234755c8bf39c3
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Dec 2 08:15:17 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 09:30:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f774e2c1
Unify staff and user roles
user_r had a few things added which were not in staff_r. This adds them
to staff too so they are the same (apart from allowing staff to change
roles).
---
policy/modules/roles/staff.te | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 14706de..1d4b3e0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -192,6 +192,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ dropbox_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
googletalk_run_plugin(staff_t, staff_r)
')
@@ -200,6 +204,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ hadoop_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
links_role(staff_r, staff_t)
')
@@ -216,6 +224,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rtorrent_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
skype_role(staff_r, staff_t)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:userroles commit in: policy/modules/roles/
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/ Jason Zaman
2014-12-03 12:54 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
1 sibling, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: f774e2c1acf6fab64fad40f8e5234755c8bf39c3
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Dec 2 08:15:17 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 09:30:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f774e2c1
Unify staff and user roles
user_r had a few things added which were not in staff_r. This adds them
to staff too so they are the same (apart from allowing staff to change
roles).
---
policy/modules/roles/staff.te | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 14706de..1d4b3e0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -192,6 +192,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ dropbox_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
googletalk_run_plugin(staff_t, staff_r)
')
@@ -200,6 +204,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ hadoop_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
links_role(staff_r, staff_t)
')
@@ -216,6 +224,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rtorrent_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
skype_role(staff_r, staff_t)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: 0547411d0b8106d944dfe84d013d80a3b51d7987
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 04:53:23 2014 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat May 16 11:30:46 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0547411d
Add all _admin interfaces to sysadm.te
policy/modules/roles/sysadm.te | 863 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 843 insertions(+), 20 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 4cfb014..43d59ea 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -485,52 +485,570 @@ ifdef(`distro_gentoo',`
dev_read_cpuid(sysadm_t)
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_run_client(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Support audit2allow, sepolgen and so on
+ selinux_read_policy(sysadm_t)
+ ')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
+
+ #########################################
+ #
+ # Local sysadm_t admin interfaces
+ #
+
+ optional_policy(`
+ abrt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ accountsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ acct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ afs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aiccu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aide_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aisexecd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amavis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amtu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apache_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apcupsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ arpwatch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
asterisk_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
+ automount_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ avahi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_domtrans_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bcfg2_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bird_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bitlbee_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bluetooth_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ boinc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bugzilla_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ calamaris_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ callweaver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ canna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ccs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmaster_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmonger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cfengine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cgroup_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ chronyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cipe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ clamav_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cmirrord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cobbler_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ collectd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ condor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ corosync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ couchdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ctdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cups_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cvs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyphesis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyrus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dante_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ddclient_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ denyhosts_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ devicekit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dhcpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dictd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dirmngr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ distcc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dkim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Bug 529208
+ dmesg_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dovecot_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ drbd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dspam_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ entropyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ exim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fcoe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fetchmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ firewalld_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gdomap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glusterfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hddtemp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ howl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ i18n_input_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ icecast_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ifplugd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ inn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iodine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ irqbalance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iscsi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ isnsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ jabber_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kdump_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerberos_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerneloops_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ keystone_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kismet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kudzu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ l2tp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ldap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lightsquid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ likewise_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lldpad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ logsentry_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lsmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mandb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mcelog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ memcached_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minidlna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minissdpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mongodb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ monop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mrtg_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mscan_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ munin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mysql_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nagios_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nessus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ networkmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- # Bug 529208
- dmesg_run(sysadm_t, sysadm_r)
+ nis_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dnsmasq_admin(sysadm_t, sysadm_r)
+ nscd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dovecot_admin(sysadm_t, sysadm_r)
+ nsd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
+ nslcd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- fail2ban_run_client(sysadm_t, sysadm_r)
+ ntop_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
+ ntp_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
+ numad_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ nut_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
+ oident_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
+ openct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ openhpi_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -538,24 +1056,160 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ openvswitch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pacemaker_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pads_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pcscd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pegasus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ perdition_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ phpfpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pingd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ plymouthd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ polipo_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portmap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portreserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postfix_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ postfixpolicyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postgresql_admin(sysadm_t, sysadm_r)
postgresql_exec(sysadm_t)
')
optional_policy(`
+ postgrey_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ppp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ prelude_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ privoxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ psad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
puppet_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
+ pxe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyicqt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qpidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quantum_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quota_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radius_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radvd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ redis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ resmgr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rgmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhcs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ricci_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rngd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ roundup_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -563,21 +1217,57 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rpcbind_admin(sysadm_t, sysadm_r)
rpcbind_stream_connect(sysadm_t)
')
optional_policy(`
+ rpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rsync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rtkit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rtorrent_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ rwho_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
optional_policy(`
- # Support audit2allow, sepolgen and so on
- selinux_read_policy(sysadm_t)
+ samba_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sanlock_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sasl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sblim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sensord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ setroubleshoot_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -589,6 +1279,139 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
+ slpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smartmon_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smokeping_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smstools_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snmp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snort_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ soundserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ spamassassin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ squid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sssd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ stapserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ svnserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sysstat_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tcsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tgtd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ transproxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ulogd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uptime_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uucp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uuidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ varnishd_admin(sysadm_t, sysadm_r)
+ varnishd_admin_varnishlog(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vdagent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vhostmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ virt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vnstatd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ watchdog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ wdmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ xfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zabbix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zarafa_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zebra_admin(sysadm_t, sysadm_r)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2015-02-09 18:35 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2015-02-09 18:35 UTC (permalink / raw
To: gentoo-commits
commit: 3149b5ee56dfe6c99fcc21df22c88cb118870dc6
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 04:53:23 2014 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 9 18:35:00 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3149b5ee
Add all foo_admin interfaces to sysadm.te
---
policy/modules/roles/sysadm.te | 867 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 847 insertions(+), 20 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 91da175..195b5f3 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -485,52 +485,574 @@ ifdef(`distro_gentoo',`
dev_read_cpuid(sysadm_t)
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_run_client(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Support audit2allow, sepolgen and so on
+ selinux_read_policy(sysadm_t)
+ ')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
+
+ #########################################
+ #
+ # Local sysadm_t admin interfaces
+ #
+
+ optional_policy(`
+ abrt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ accountsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ acct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ afs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aiccu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aide_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aisexecd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amavis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amtu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apache_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apcupsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ arpwatch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
asterisk_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
+ automount_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ avahi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_domtrans_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bcfg2_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bird_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bitlbee_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bluetooth_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ boinc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bugzilla_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ calamaris_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ callweaver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ canna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ccs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmaster_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmonger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cfengine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cgroup_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ chronyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cipe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ clamav_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cmirrord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cobbler_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ collectd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ condor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ corosync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ couchdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ctdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cups_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cvs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyphesis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyrus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dante_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ddclient_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ denyhosts_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ devicekit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dhcpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dictd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dirmngr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ distcc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dkim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Bug 529208
+ dmesg_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dovecot_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ drbd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dspam_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ entropyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ exim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fcoe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fetchmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ firewalld_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gdomap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glusterfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hadoop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hddtemp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ howl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ i18n_input_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ icecast_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ifplugd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ inn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iodine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ irqbalance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iscsi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ isnsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ jabber_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kdump_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerberos_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerneloops_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ keystone_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kismet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kudzu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ l2tp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ldap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lightsquid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ likewise_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lldpad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ logsentry_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lsmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mandb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mcelog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ memcached_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minidlna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minissdpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mongodb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ monop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mrtg_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mscan_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ munin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mysql_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nagios_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nessus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ networkmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- # Bug 529208
- dmesg_run(sysadm_t, sysadm_r)
+ nis_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dnsmasq_admin(sysadm_t, sysadm_r)
+ nscd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dovecot_admin(sysadm_t, sysadm_r)
+ nsd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
+ nslcd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- fail2ban_run_client(sysadm_t, sysadm_r)
+ ntop_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
+ ntp_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
+ numad_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ nut_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
+ oident_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
+ openct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ openhpi_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -538,24 +1060,160 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ openvswitch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pacemaker_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pads_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pcscd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pegasus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ perdition_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ phpfpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pingd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ plymouthd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ polipo_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portmap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portreserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postfix_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ postfixpolicyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postgresql_admin(sysadm_t, sysadm_r)
postgresql_exec(sysadm_t)
')
optional_policy(`
+ postgrey_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ppp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ prelude_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ privoxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ psad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
puppet_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
+ pxe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyicqt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qpidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quantum_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quota_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radius_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radvd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ redis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ resmgr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rgmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhcs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ricci_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rngd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ roundup_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -563,21 +1221,57 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rpcbind_admin(sysadm_t, sysadm_r)
rpcbind_stream_connect(sysadm_t)
')
optional_policy(`
+ rpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rsync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rtkit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rtorrent_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ rwho_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
optional_policy(`
- # Support audit2allow, sepolgen and so on
- selinux_read_policy(sysadm_t)
+ samba_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sanlock_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sasl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sblim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sensord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ setroubleshoot_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -585,6 +1279,139 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
+ slpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smartmon_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smokeping_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smstools_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snmp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snort_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ soundserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ spamassassin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ squid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sssd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ stapserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ svnserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sysstat_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tcsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tgtd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ transproxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ulogd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uptime_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uucp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uuidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ varnishd_admin(sysadm_t, sysadm_r)
+ varnishd_admin_varnishlog(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vdagent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vhostmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ virt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vnstatd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ watchdog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ wdmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ xfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zabbix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zarafa_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zebra_admin(sysadm_t, sysadm_r)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2015-02-09 9:58 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2015-02-09 9:58 UTC (permalink / raw
To: gentoo-commits
commit: f32ad968ab1bb81599bf51a11bf684a5c9971264
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 04:53:23 2014 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 9 09:58:03 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f32ad968
Add all foo_admin interfaces to sysadm.te
---
policy/modules/roles/sysadm.te | 867 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 847 insertions(+), 20 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 91da175..195b5f3 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -485,52 +485,574 @@ ifdef(`distro_gentoo',`
dev_read_cpuid(sysadm_t)
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_run_client(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Support audit2allow, sepolgen and so on
+ selinux_read_policy(sysadm_t)
+ ')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
+
+ #########################################
+ #
+ # Local sysadm_t admin interfaces
+ #
+
+ optional_policy(`
+ abrt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ accountsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ acct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ afs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aiccu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aide_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aisexecd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amavis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amtu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apache_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apcupsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ arpwatch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
asterisk_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
+ automount_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ avahi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_domtrans_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bcfg2_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bird_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bitlbee_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bluetooth_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ boinc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bugzilla_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ calamaris_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ callweaver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ canna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ccs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmaster_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmonger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cfengine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cgroup_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ chronyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cipe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ clamav_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cmirrord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cobbler_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ collectd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ condor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ corosync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ couchdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ctdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cups_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cvs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyphesis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyrus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dante_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ddclient_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ denyhosts_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ devicekit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dhcpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dictd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dirmngr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ distcc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dkim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Bug 529208
+ dmesg_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dovecot_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ drbd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dspam_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ entropyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ exim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fcoe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fetchmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ firewalld_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gdomap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glusterfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hadoop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hddtemp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ howl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ i18n_input_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ icecast_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ifplugd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ inn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iodine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ irqbalance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iscsi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ isnsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ jabber_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kdump_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerberos_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerneloops_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ keystone_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kismet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kudzu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ l2tp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ldap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lightsquid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ likewise_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lldpad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ logsentry_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lsmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mandb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mcelog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ memcached_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minidlna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minissdpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mongodb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ monop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mrtg_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mscan_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ munin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mysql_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nagios_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nessus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ networkmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- # Bug 529208
- dmesg_run(sysadm_t, sysadm_r)
+ nis_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dnsmasq_admin(sysadm_t, sysadm_r)
+ nscd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dovecot_admin(sysadm_t, sysadm_r)
+ nsd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
+ nslcd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- fail2ban_run_client(sysadm_t, sysadm_r)
+ ntop_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
+ ntp_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
+ numad_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ nut_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
+ oident_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
+ openct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ openhpi_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -538,24 +1060,160 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ openvswitch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pacemaker_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pads_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pcscd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pegasus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ perdition_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ phpfpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pingd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ plymouthd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ polipo_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portmap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portreserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postfix_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ postfixpolicyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postgresql_admin(sysadm_t, sysadm_r)
postgresql_exec(sysadm_t)
')
optional_policy(`
+ postgrey_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ppp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ prelude_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ privoxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ psad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
puppet_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
+ pxe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyicqt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qpidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quantum_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quota_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radius_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radvd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ redis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ resmgr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rgmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhcs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ricci_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rngd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ roundup_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -563,21 +1221,57 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rpcbind_admin(sysadm_t, sysadm_r)
rpcbind_stream_connect(sysadm_t)
')
optional_policy(`
+ rpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rsync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rtkit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rtorrent_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ rwho_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
optional_policy(`
- # Support audit2allow, sepolgen and so on
- selinux_read_policy(sysadm_t)
+ samba_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sanlock_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sasl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sblim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sensord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ setroubleshoot_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -585,6 +1279,139 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
+ slpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smartmon_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smokeping_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smstools_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snmp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snort_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ soundserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ spamassassin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ squid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sssd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ stapserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ svnserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sysstat_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tcsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tgtd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ transproxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ulogd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uptime_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uucp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uuidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ varnishd_admin(sysadm_t, sysadm_r)
+ varnishd_admin_varnishlog(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vdagent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vhostmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ virt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vnstatd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ watchdog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ wdmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ xfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zabbix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zarafa_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zebra_admin(sysadm_t, sysadm_r)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 68185dbd1d1b6b1a5b737a844ebb9c115819c18d
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 04:53:23 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 12:54:22 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=68185dbd
Add all foo_admin interfaces to sysadm.te
---
policy/modules/roles/sysadm.te | 867 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 847 insertions(+), 20 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 76da241..4b7fed3 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -485,52 +485,574 @@ ifdef(`distro_gentoo',`
dev_read_cpuid(sysadm_t)
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_run_client(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Support audit2allow, sepolgen and so on
+ selinux_read_policy(sysadm_t)
+ ')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
+
+ #########################################
+ #
+ # Local sysadm_t admin interfaces
+ #
+
+ optional_policy(`
+ abrt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ accountsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ acct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ afs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aiccu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aide_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aisexecd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amavis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amtu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apache_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apcupsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ arpwatch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
asterisk_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
+ automount_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ avahi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_domtrans_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bcfg2_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bird_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bitlbee_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bluetooth_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ boinc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bugzilla_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ calamaris_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ callweaver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ canna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ccs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmaster_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmonger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cfengine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cgroup_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ chronyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cipe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ clamav_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cmirrord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cobbler_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ collectd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ condor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ corosync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ couchdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ctdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cups_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cvs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyphesis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyrus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dante_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ddclient_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ denyhosts_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ devicekit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dhcpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dictd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dirmngr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ distcc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dkim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Bug 529208
+ dmesg_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dovecot_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ drbd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dspam_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ entropyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ exim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fcoe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fetchmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ firewalld_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gdomap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glusterfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hadoop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hddtemp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ howl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ i18n_input_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ icecast_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ifplugd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ inn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iodine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ irqbalance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iscsi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ isnsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ jabber_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kdump_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerberos_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerneloops_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ keystone_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kismet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kudzu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ l2tp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ldap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lightsquid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ likewise_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lldpad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ logsentry_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lsmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mandb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mcelog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ memcached_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minidlna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minissdpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mongodb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ monop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mrtg_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mscan_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ munin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mysql_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nagios_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nessus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ networkmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- # Bug 529208
- dmesg_run(sysadm_t, sysadm_r)
+ nis_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dnsmasq_admin(sysadm_t, sysadm_r)
+ nscd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dovecot_admin(sysadm_t, sysadm_r)
+ nsd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
+ nslcd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- fail2ban_run_client(sysadm_t, sysadm_r)
+ ntop_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
+ ntp_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
+ numad_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ nut_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
+ oident_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
+ openct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ openhpi_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -538,24 +1060,160 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ openvswitch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pacemaker_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pads_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pcscd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pegasus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ perdition_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ phpfpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pingd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ plymouthd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ polipo_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portmap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portreserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postfix_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ postfixpolicyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postgresql_admin(sysadm_t, sysadm_r)
postgresql_exec(sysadm_t)
')
optional_policy(`
+ postgrey_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ppp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ prelude_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ privoxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ psad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
puppet_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
+ pxe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyicqt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qpidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quantum_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quota_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radius_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radvd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ redis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ resmgr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rgmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhcs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ricci_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rngd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ roundup_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -563,21 +1221,57 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rpcbind_admin(sysadm_t, sysadm_r)
rpcbind_stream_connect(sysadm_t)
')
optional_policy(`
+ rpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rsync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rtkit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rtorrent_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ rwho_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
optional_policy(`
- # Support audit2allow, sepolgen and so on
- selinux_read_policy(sysadm_t)
+ samba_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sanlock_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sasl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sblim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sensord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ setroubleshoot_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -585,6 +1279,139 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
+ slpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smartmon_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smokeping_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smstools_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snmp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snort_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ soundserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ spamassassin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ squid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sssd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ stapserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ svnserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sysstat_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tcsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tgtd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ transproxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ulogd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uptime_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uucp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uuidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ varnishd_admin(sysadm_t, sysadm_r)
+ varnishd_admin_varnishlog(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vdagent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vhostmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ virt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vnstatd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ watchdog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ wdmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ xfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zabbix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zarafa_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zebra_admin(sysadm_t, sysadm_r)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 5572b308499e54999df84759d522779d8e4cfd0a
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Dec 2 11:14:38 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 09:30:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5572b308
Add missing roles interfaces
Some interfaces were missing from staff_r and user_r, this adds them in
---
policy/modules/roles/staff.te | 16 ++++++++++++++++
policy/modules/roles/unprivuser.te | 16 ++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 1d4b3e0..1a867f0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -188,6 +188,14 @@ ifndef(`distro_redhat',`
ifdef(`distro_gentoo',`
optional_policy(`
+ android_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
+ at_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
chromium_role(staff_r, staff_t)
')
@@ -230,4 +238,12 @@ ifdef(`distro_gentoo',`
optional_policy(`
skype_role(staff_r, staff_t)
')
+
+ optional_policy(`
+ wine_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
+ xscreensaver_role(staff_r, staff_t)
+ ')
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c171833..e349a03 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -173,6 +173,14 @@ ifndef(`distro_redhat',`
ifdef(`distro_gentoo',`
optional_policy(`
+ android_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ at_role(user_r, user_t)
+ ')
+
+ optional_policy(`
chromium_role(user_r, user_t)
')
@@ -211,4 +219,12 @@ ifdef(`distro_gentoo',`
optional_policy(`
skype_role(user_r, user_t)
')
+
+ optional_policy(`
+ wine_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ xscreensaver_role(user_r, user_t)
+ ')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2014-11-26 12:29 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-11-26 12:29 UTC (permalink / raw
To: gentoo-commits
commit: 97880bbf6232101f34bec3aae6d1a369fd0cb8d2
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 08:30:11 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Nov 26 12:29:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=97880bbf
remove sendmail_admin from sysadm
---
policy/modules/roles/sysadm.te | 4 ----
1 file changed, 4 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index c06874d..dafbab0 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1262,10 +1262,6 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- sendmail_admin(sysadm_t, sysadm_r)
- ')
-
- optional_policy(`
sensord_admin(sysadm_t, sysadm_r)
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 1b9381742fb861f5de305b839214faecc8219bd2
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 04:53:23 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:51 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1b938174
Add all foo_admin interfaces to sysadm.te
---
policy/modules/roles/sysadm.te | 867 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 849 insertions(+), 18 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 7e497b0..c06874d 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -485,47 +485,569 @@ ifdef(`distro_gentoo',`
dev_read_cpuid(sysadm_t)
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_run_client(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Support audit2allow, sepolgen and so on
+ selinux_read_policy(sysadm_t)
+ ')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
+
+ #########################################
+ #
+ # Local sysadm_t admin interfaces
+ #
+
+ optional_policy(`
+ abrt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ accountsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ acct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ afs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aiccu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aide_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aisexecd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amavis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amtu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apache_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apcupsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ arpwatch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
asterisk_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
+ automount_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ avahi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_domtrans_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bcfg2_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bird_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bitlbee_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bluetooth_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ boinc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bugzilla_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ calamaris_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ callweaver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ canna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ccs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmaster_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmonger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cfengine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cgroup_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ chronyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cipe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ clamav_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cmirrord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cobbler_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ collectd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ condor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ corosync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ couchdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ctdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cups_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cvs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyphesis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyrus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dante_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ddclient_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ denyhosts_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ devicekit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dhcpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dictd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dirmngr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ distcc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dkim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dovecot_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ drbd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dspam_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ entropyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ exim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fcoe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fetchmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ firewalld_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gdomap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glusterfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hadoop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hddtemp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ howl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ i18n_input_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ icecast_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ifplugd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ inn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iodine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ irqbalance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iscsi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ isnsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ jabber_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kdump_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerberos_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerneloops_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ keystone_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kismet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kudzu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ l2tp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ldap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lightsquid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ likewise_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lldpad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ logsentry_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lsmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mandb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mcelog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ memcached_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minidlna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minissdpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mongodb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ monop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mrtg_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mscan_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ munin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mysql_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nagios_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nessus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ networkmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nis_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dnsmasq_admin(sysadm_t, sysadm_r)
+ nscd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dovecot_admin(sysadm_t, sysadm_r)
+ nsd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
+ nslcd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- fail2ban_run_client(sysadm_t, sysadm_r)
+ ntop_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
+ ntp_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
+ numad_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ nut_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
+ oident_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
+ openct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ openhpi_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -533,24 +1055,160 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ openvswitch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pacemaker_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pads_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pcscd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pegasus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ perdition_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ phpfpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pingd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ plymouthd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ polipo_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portmap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portreserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postfix_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ postfixpolicyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postgresql_admin(sysadm_t, sysadm_r)
postgresql_exec(sysadm_t)
')
optional_policy(`
+ postgrey_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ppp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ prelude_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ privoxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ psad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
puppet_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
+ pxe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyicqt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qpidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quantum_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quota_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radius_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radvd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ redis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ resmgr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rgmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhcs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ricci_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rngd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ roundup_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -558,21 +1216,61 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rpcbind_admin(sysadm_t, sysadm_r)
rpcbind_stream_connect(sysadm_t)
')
optional_policy(`
+ rpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rsync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rtkit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rtorrent_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ rwho_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
optional_policy(`
- # Support audit2allow, sepolgen and so on
- selinux_read_policy(sysadm_t)
+ samba_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sanlock_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sasl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sblim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sendmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sensord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ setroubleshoot_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -580,6 +1278,139 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
+ slpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smartmon_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smokeping_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smstools_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snmp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snort_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ soundserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ spamassassin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ squid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sssd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ stapserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ svnserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sysstat_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tcsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tgtd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ transproxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ulogd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uptime_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uucp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uuidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ varnishd_admin(sysadm_t, sysadm_r)
+ varnishd_admin_varnishlog(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vdagent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vhostmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ virt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vnstatd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ watchdog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ wdmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ xfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zabbix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zarafa_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zebra_admin(sysadm_t, sysadm_r)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/
@ 2014-11-25 19:49 Jason Zaman
0 siblings, 0 replies; 11+ messages in thread
From: Jason Zaman @ 2014-11-25 19:49 UTC (permalink / raw
To: gentoo-commits
commit: dae6a062355a4499dbbc782cfa5500973d211d43
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 04:53:23 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:49:00 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=dae6a062
Add all foo_admin interfaces to sysadm.te
---
policy/modules/roles/sysadm.te | 871 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 853 insertions(+), 18 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 7e497b0..f926281 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -485,47 +485,569 @@ ifdef(`distro_gentoo',`
dev_read_cpuid(sysadm_t)
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_run_client(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ # Support audit2allow, sepolgen and so on
+ selinux_read_policy(sysadm_t)
+ ')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
+
+ #########################################
+ #
+ # Local sysadm_t admin interfaces
+ #
+
+ optional_policy(`
+ abrt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ accountsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ acct_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ afs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aiccu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aide_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ aisexecd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amavis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ amtu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apache_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apcupsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ apm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ arpwatch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
asterisk_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
+ automount_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ avahi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bacula_domtrans_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bcfg2_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bird_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bitlbee_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bluetooth_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ boinc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bugzilla_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cachefilesd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ calamaris_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ callweaver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ canna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ccs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmaster_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ certmonger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cfengine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cgroup_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ chronyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cipe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ clamav_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cmirrord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cobbler_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ collectd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ condor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ corosync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ couchdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ctdb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cups_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cvs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyphesis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ cyrus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dante_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ddclient_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ denyhosts_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ devicekit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dhcpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dictd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dirmngr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ distcc_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dkim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnsmasq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dnssectrigger_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dovecot_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ drbd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ dspam_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ entropyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ exim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fail2ban_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fcoe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ fetchmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ firewalld_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gatekeeper_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gdomap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ glusterfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ gpsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hadoop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hddtemp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ howl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ hypervkvp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ i18n_input_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ icecast_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ifplugd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ inn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iodine_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ irqbalance_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ iscsi_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ isnsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ jabber_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kdump_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerberos_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kerneloops_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ keystone_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kismet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ksmtuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ kudzu_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ l2tp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ldap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lightsquid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ likewise_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lircd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lldpad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ logsentry_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ lsmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mandb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mcelog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ memcached_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minidlna_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ minissdpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mongodb_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ monop_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mrtg_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mscan_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ munin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ mysql_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nagios_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nessus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ networkmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nscd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dnsmasq_admin(sysadm_t, sysadm_r)
+ nsd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dovecot_admin(sysadm_t, sysadm_r)
+ nslcd_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
+ ntop_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- fail2ban_run_client(sysadm_t, sysadm_r)
+ ntp_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
+ numad_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
+ nut_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ oident_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
+ openct_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
+ openhpi_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -533,24 +1055,164 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ openvswitch_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pacemaker_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pads_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pcscd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pegasus_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ perdition_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ phpfpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pingd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pkcs_admin_slotd(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ plymouthd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ polipo_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portmap_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ portreserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postfix_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ postfixpolicyd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
postgresql_admin(sysadm_t, sysadm_r)
postgresql_exec(sysadm_t)
')
optional_policy(`
+ postgrey_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ppp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ prelude_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ privoxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ psad_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
puppet_admin(sysadm_t, sysadm_r)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
+ pxe_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyicqt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ pyzor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qpidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quantum_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ quota_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rabbitmq_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radius_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ radvd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ raid_admin_mdadm(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ redis_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ resmgr_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rgmanager_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhcs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rhsmcertd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ricci_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rngd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ roundup_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -558,21 +1220,61 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rpcbind_admin(sysadm_t, sysadm_r)
rpcbind_stream_connect(sysadm_t)
')
optional_policy(`
+ rpm_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rsync_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ rtkit_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rtorrent_admin(sysadm_t, sysadm_r)
')
optional_policy(`
+ rwho_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
optional_policy(`
- # Support audit2allow, sepolgen and so on
- selinux_read_policy(sysadm_t)
+ samba_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sanlock_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sasl_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sblim_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sendmail_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sensord_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ setroubleshoot_admin(sysadm_t, sysadm_r)
')
optional_policy(`
@@ -580,6 +1282,139 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
+ slpd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smartmon_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smokeping_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ smstools_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snmp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ snort_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ soundserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ spamassassin_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ squid_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sssd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ stapserver_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ svnserve_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ sysstat_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tcsd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tftp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tgtd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tor_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ transproxy_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ tuned_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ulogd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uptime_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uucp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ uuidd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ varnishd_admin(sysadm_t, sysadm_r)
+ varnishd_admin_varnishlog(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vdagent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vhostmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ virt_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ vnstatd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ watchdog_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ wdmd_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ xfs_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zabbix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zarafa_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ zebra_admin(sysadm_t, sysadm_r)
')
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2015-05-16 11:32 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/roles/ Jason Zaman
2014-12-03 12:54 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2015-05-16 11:32 [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2015-02-09 18:35 Jason Zaman
2015-02-09 9:58 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-11-26 12:29 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 19:49 Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox