From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id AABEE138CD3 for ; Tue, 9 Jun 2015 13:33:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6E47FE088F; Tue, 9 Jun 2015 13:33:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A7562E0866 for ; Tue, 9 Jun 2015 13:33:48 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id CA89D340A5D for ; Tue, 9 Jun 2015 13:33:47 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 7D65EA37 for ; Tue, 9 Jun 2015 13:33:46 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1433855194.9af1d958667a91d353ce389ed5e4449750d54142.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/roles/sysadm.te X-VCS-Directories: policy/modules/roles/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 9af1d958667a91d353ce389ed5e4449750d54142 X-VCS-Branch: master Date: Tue, 9 Jun 2015 13:33:46 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 26b8bb69-2732-4aac-a86b-6ab31f28fc60 X-Archives-Hash: 9d2aa20d2578aeea0b8e444fd81c0296 commit: 9af1d958667a91d353ce389ed5e4449750d54142 Author: Jason Zaman perfinion com> AuthorDate: Mon Jun 8 20:38:22 2015 +0000 Commit: Jason Zaman gentoo org> CommitDate: Tue Jun 9 13:06:34 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9af1d958 Add all the missing _admin interfaces to sysadm Lots of the foo_admin() interfaces were not applied to sysadm. This patch adds all the ones that were missing. The tests pass for all combinations of distros, monolithic, direct_initrc, standard/mcs/mls. policy/modules/roles/sysadm.te | 910 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 845 insertions(+), 65 deletions(-) diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te index 9169215..4ece2da 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -66,216 +66,791 @@ tunable_policy(`allow_ptrace',` ') optional_policy(` + abrt_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + accountsd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + acct_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + afs_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + aiccu_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + aide_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + aisexecd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` amanda_run_recover(sysadm_t, sysadm_r) ') optional_policy(` - apache_run_helper(sysadm_t, sysadm_r) - #apache_run_all_scripts(sysadm_t, sysadm_r) - #apache_domtrans_sys_script(sysadm_t) - apache_role(sysadm_r, sysadm_t) + amavis_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + amtu_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + apache_admin(sysadm_t, sysadm_r) + apache_run_helper(sysadm_t, sysadm_r) + #apache_run_all_scripts(sysadm_t, sysadm_r) + #apache_domtrans_sys_script(sysadm_t) + apache_role(sysadm_r, sysadm_t) +') + +optional_policy(` + apcupsd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + apm_admin(sysadm_t, sysadm_r) + apm_run_client(sysadm_t, sysadm_r) +') + +optional_policy(` + apt_run(sysadm_t, sysadm_r) +') + +optional_policy(` + arpwatch_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + asterisk_admin(sysadm_t, sysadm_r) + asterisk_stream_connect(sysadm_t) +') + +optional_policy(` + auditadm_role_change(sysadm_r) +') + +optional_policy(` + automount_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + avahi_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + backup_run(sysadm_t, sysadm_r) +') + +optional_policy(` + bacula_run_admin(sysadm_t, sysadm_r) + bacula_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + bcfg2_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + bind_admin(sysadm_t, sysadm_r) + bind_run_ndc(sysadm_t, sysadm_r) +') + +optional_policy(` + bird_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + bitlbee_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + boinc_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + bootloader_run(sysadm_t, sysadm_r) +') + +optional_policy(` + bugzilla_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cachefilesd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + calamaris_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + callweaver_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + canna_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ccs_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + certmaster_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + certmonger_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + certwatch_run(sysadm_t, sysadm_r) +') + +optional_policy(` + cfengine_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cgroup_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + chronyd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cipe_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + clamav_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + clock_run(sysadm_t, sysadm_r) +') + +optional_policy(` + clockspeed_run_cli(sysadm_t, sysadm_r) +') + +optional_policy(` + cmirrord_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cobbler_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + collectd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + condor_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + consoletype_run(sysadm_t, sysadm_r) +') + +optional_policy(` + corosync_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + couchdb_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ctdb_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cups_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cvs_admin(sysadm_t, sysadm_r) + cvs_exec(sysadm_t) +') + +optional_policy(` + cyphesis_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + cyrus_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dante_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dcc_run_cdcc(sysadm_t, sysadm_r) + dcc_run_client(sysadm_t, sysadm_r) + dcc_run_dbclean(sysadm_t, sysadm_r) +') + +optional_policy(` + ddclient_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ddcprobe_run(sysadm_t, sysadm_r) +') + +optional_policy(` + denyhosts_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + devicekit_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dhcpd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dictd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dirmngr_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + distcc_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dkim_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dmesg_exec(sysadm_t) +') + +optional_policy(` + dmidecode_run(sysadm_t, sysadm_r) +') + +optional_policy(` + dnsmasq_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dnssectrigger_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dovecot_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dpkg_run(sysadm_t, sysadm_r) +') + +optional_policy(` + drbd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + dspam_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + entropyd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + exim_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + fail2ban_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + fcoe_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + fetchmail_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + firewalld_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + firstboot_run(sysadm_t, sysadm_r) +') + +optional_policy(` + fstools_run(sysadm_t, sysadm_r) +') + +optional_policy(` + ftp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + gatekeeper_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + gdomap_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + glance_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + glusterfs_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + gpm_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + gpsd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + hadoop_role(sysadm_r, sysadm_t) +') + +optional_policy(` + hddtemp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + hostname_run(sysadm_t, sysadm_r) +') + +optional_policy(` + howl_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + hypervkvp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + i18n_input_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + icecast_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ifplugd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + inn_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + iodine_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + # allow system administrator to use the ipsec script to look + # at things (e.g., ipsec auto --status) + # probably should create an ipsec_admin role for this kind of thing + ipsec_exec_mgmt(sysadm_t) + ipsec_stream_connect(sysadm_t) + # for lsof + ipsec_getattr_key_sockets(sysadm_t) +') + +optional_policy(` + iptables_admin(sysadm_t, sysadm_r) + iptables_run(sysadm_t, sysadm_r) +') + +optional_policy(` + irqbalance_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + iscsi_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + isnsd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + jabber_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + kdump_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + kerberos_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + kerneloops_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + keystone_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + kismet_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ksmtuned_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + kudzu_admin(sysadm_t, sysadm_r) + kudzu_run(sysadm_t, sysadm_r) +') + +optional_policy(` + l2tp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ldap_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + libs_run_ldconfig(sysadm_t, sysadm_r) +') + +optional_policy(` + lightsquid_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + likewise_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + lircd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + lldpad_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + lockdev_role(sysadm_r, sysadm_t) +') + +optional_policy(` + logrotate_run(sysadm_t, sysadm_r) +') + +optional_policy(` + lpd_run_checkpc(sysadm_t, sysadm_r) + lpd_role(sysadm_r, sysadm_t) +') + +optional_policy(` + lsmd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + lvm_run(sysadm_t, sysadm_r) +') + +optional_policy(` + mandb_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + mcelog_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + memcached_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + minidlna_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + minissdpd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + modutils_run_depmod(sysadm_t, sysadm_r) + modutils_run_insmod(sysadm_t, sysadm_r) + modutils_run_update_mods(sysadm_t, sysadm_r) +') + +optional_policy(` + mongodb_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + monop_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + mount_run(sysadm_t, sysadm_r) ') optional_policy(` - # cjp: why is this not apm_run_client - apm_domtrans_client(sysadm_t) + mozilla_role(sysadm_r, sysadm_t) ') optional_policy(` - apt_run(sysadm_t, sysadm_r) + mpd_admin(sysadm_t, sysadm_r) ') optional_policy(` - asterisk_stream_connect(sysadm_t) + mplayer_role(sysadm_r, sysadm_t) ') optional_policy(` - auditadm_role_change(sysadm_r) + mrtg_admin(sysadm_t, sysadm_r) ') optional_policy(` - backup_run(sysadm_t, sysadm_r) + mscan_admin(sysadm_t, sysadm_r) ') optional_policy(` - bacula_run_admin(sysadm_t, sysadm_r) + mta_role(sysadm_r, sysadm_t) ') optional_policy(` - bind_run_ndc(sysadm_t, sysadm_r) + munin_stream_connect(sysadm_t) ') optional_policy(` - bootloader_run(sysadm_t, sysadm_r) + mysql_admin(sysadm_t, sysadm_r) + mysql_stream_connect(sysadm_t) ') optional_policy(` - certwatch_run(sysadm_t, sysadm_r) + nagios_admin(sysadm_t, sysadm_r) ') optional_policy(` - clock_run(sysadm_t, sysadm_r) + nessus_admin(sysadm_t, sysadm_r) ') optional_policy(` - clockspeed_run_cli(sysadm_t, sysadm_r) + netutils_run(sysadm_t, sysadm_r) + netutils_run_ping(sysadm_t, sysadm_r) + netutils_run_traceroute(sysadm_t, sysadm_r) ') optional_policy(` - consoletype_run(sysadm_t, sysadm_r) + networkmanager_admin(sysadm_t, sysadm_r) ') optional_policy(` - cvs_exec(sysadm_t) + nis_admin(sysadm_t, sysadm_r) ') optional_policy(` - dcc_run_cdcc(sysadm_t, sysadm_r) - dcc_run_client(sysadm_t, sysadm_r) - dcc_run_dbclean(sysadm_t, sysadm_r) + nscd_admin(sysadm_t, sysadm_r) ') optional_policy(` - ddcprobe_run(sysadm_t, sysadm_r) + nslcd_admin(sysadm_t, sysadm_r) ') optional_policy(` - dmesg_exec(sysadm_t) + ntop_admin(sysadm_t, sysadm_r) ') optional_policy(` - dmidecode_run(sysadm_t, sysadm_r) + ntp_admin(sysadm_t, sysadm_r) + corenet_udp_bind_ntp_port(sysadm_t) ') optional_policy(` - dpkg_run(sysadm_t, sysadm_r) + numad_admin(sysadm_t, sysadm_r) ') optional_policy(` - firstboot_run(sysadm_t, sysadm_r) + nut_admin(sysadm_t, sysadm_r) ') optional_policy(` - fstools_run(sysadm_t, sysadm_r) + oav_run_update(sysadm_t, sysadm_r) ') optional_policy(` - hostname_run(sysadm_t, sysadm_r) + oident_admin(sysadm_t, sysadm_r) ') optional_policy(` - hadoop_role(sysadm_r, sysadm_t) + openct_admin(sysadm_t, sysadm_r) ') optional_policy(` - # allow system administrator to use the ipsec script to look - # at things (e.g., ipsec auto --status) - # probably should create an ipsec_admin role for this kind of thing - ipsec_exec_mgmt(sysadm_t) - ipsec_stream_connect(sysadm_t) - # for lsof - ipsec_getattr_key_sockets(sysadm_t) + openhpi_admin(sysadm_t, sysadm_r) ') optional_policy(` - iptables_admin(sysadm_t, sysadm_r) - iptables_run(sysadm_t, sysadm_r) + openvpn_admin(sysadm_t, sysadm_r) ') optional_policy(` - kudzu_run(sysadm_t, sysadm_r) + openvswitch_admin(sysadm_t, sysadm_r) ') optional_policy(` - libs_run_ldconfig(sysadm_t, sysadm_r) + pacemaker_admin(sysadm_t, sysadm_r) ') optional_policy(` - lockdev_role(sysadm_r, sysadm_t) + pads_admin(sysadm_t, sysadm_r) ') optional_policy(` - logrotate_run(sysadm_t, sysadm_r) + pcmcia_run_cardctl(sysadm_t, sysadm_r) ') optional_policy(` - lpd_run_checkpc(sysadm_t, sysadm_r) - lpd_role(sysadm_r, sysadm_t) + pcscd_admin(sysadm_t, sysadm_r) ') optional_policy(` - lvm_run(sysadm_t, sysadm_r) + pegasus_admin(sysadm_t, sysadm_r) ') optional_policy(` - modutils_run_depmod(sysadm_t, sysadm_r) - modutils_run_insmod(sysadm_t, sysadm_r) - modutils_run_update_mods(sysadm_t, sysadm_r) + perdition_admin(sysadm_t, sysadm_r) ') optional_policy(` - mount_run(sysadm_t, sysadm_r) + pingd_admin(sysadm_t, sysadm_r) ') optional_policy(` - mozilla_role(sysadm_r, sysadm_t) + pkcs_admin_slotd(sysadm_t, sysadm_r) ') optional_policy(` - mplayer_role(sysadm_r, sysadm_t) + plymouthd_admin(sysadm_t, sysadm_r) ') optional_policy(` - mta_role(sysadm_r, sysadm_t) + polipo_admin(sysadm_t, sysadm_r) ') optional_policy(` - munin_stream_connect(sysadm_t) + portage_run(sysadm_t, sysadm_r) + portage_run_fetch(sysadm_t, sysadm_r) + portage_run_gcc_config(sysadm_t, sysadm_r) ') optional_policy(` - mysql_stream_connect(sysadm_t) + portmap_run_helper(sysadm_t, sysadm_r) + portmap_admin(sysadm_t, sysadm_r) ') optional_policy(` - netutils_run(sysadm_t, sysadm_r) - netutils_run_ping(sysadm_t, sysadm_r) - netutils_run_traceroute(sysadm_t, sysadm_r) + portreserve_admin(sysadm_t, sysadm_r) ') optional_policy(` - ntp_stub() - corenet_udp_bind_ntp_port(sysadm_t) + postfix_admin(sysadm_t, sysadm_r) ') optional_policy(` - oav_run_update(sysadm_t, sysadm_r) + postfixpolicyd_admin(sysadm_t, sysadm_r) ') optional_policy(` - pcmcia_run_cardctl(sysadm_t, sysadm_r) + postgrey_admin(sysadm_t, sysadm_r) ') optional_policy(` - portage_run(sysadm_t, sysadm_r) - portage_run_fetch(sysadm_t, sysadm_r) - portage_run_gcc_config(sysadm_t, sysadm_r) + ppp_admin(sysadm_t, sysadm_r) ') optional_policy(` - portmap_run_helper(sysadm_t, sysadm_r) + prelude_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + privoxy_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + psad_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + puppet_admin(sysadm_t, sysadm_r) ') optional_policy(` + pxe_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + pyicqt_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + pyzor_admin(sysadm_t, sysadm_r) pyzor_role(sysadm_r, sysadm_t) ') optional_policy(` + qpidd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + quantum_admin(sysadm_t, sysadm_r) +') + +optional_policy(` quota_run(sysadm_t, sysadm_r) + quota_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rabbitmq_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + radius_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + radvd_admin(sysadm_t, sysadm_r) ') optional_policy(` raid_run_mdadm(sysadm_r, sysadm_t) + raid_admin_mdadm(sysadm_t, sysadm_r) ') optional_policy(` @@ -283,11 +858,49 @@ optional_policy(` ') optional_policy(` + redis_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + resmgr_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rgmanager_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rhcs_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rhsmcertd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + ricci_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rngd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + roundup_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rpc_admin(sysadm_t, sysadm_r) rpc_domtrans_nfsd(sysadm_t) ') optional_policy(` + rpcbind_admin(sysadm_t, sysadm_r) +') + +optional_policy(` rpm_run(sysadm_t, sysadm_r) + rpm_admin(sysadm_t, sysadm_r) ') optional_policy(` @@ -295,10 +908,22 @@ optional_policy(` ') optional_policy(` + rsync_admin(sysadm_t, sysadm_r) rsync_exec(sysadm_t) ') optional_policy(` + rtkit_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + rwho_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + samba_admin(sysadm_t, sysadm_r) + samba_run_smbcontrol(sysadm_t, sysadm_r) + samba_run_smbmount(sysadm_t, sysadm_r) samba_run_net(sysadm_t, sysadm_r) samba_run_winbind_helper(sysadm_t, sysadm_r) ') @@ -308,6 +933,18 @@ optional_policy(` ') optional_policy(` + sanlock_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + sasl_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + sblim_admin(sysadm_t, sysadm_r) +') + +optional_policy(` screen_role_template(sysadm, sysadm_r, sysadm_t) ') @@ -316,11 +953,52 @@ optional_policy(` ') optional_policy(` + sensord_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + setroubleshoot_admin(sysadm_t, sysadm_r) +') + +optional_policy(` seutil_run_setfiles(sysadm_t, sysadm_r) seutil_run_runinit(sysadm_t, sysadm_r) ') optional_policy(` + shorewall_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + slpd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + smartmon_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + smokeping_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + smstools_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + snmp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + snort_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + soundserver_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + spamassassin_admin(sysadm_t, sysadm_r) spamassassin_role(sysadm_r, sysadm_t) ') @@ -329,10 +1007,18 @@ optional_policy(` ') optional_policy(` + sssd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` staff_role_change(sysadm_r) ') optional_policy(` + stapserver_admin(sysadm_t, sysadm_r) +') + +optional_policy(` su_role_template(sysadm, sysadm_r, sysadm_t) ') @@ -341,15 +1027,43 @@ optional_policy(` ') optional_policy(` + svnserve_admin(sysadm_t, sysadm_r) +') + +optional_policy(` sysnet_run_ifconfig(sysadm_t, sysadm_r) sysnet_run_dhcpc(sysadm_t, sysadm_r) ') optional_policy(` + sysstat_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + tcsd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + tftp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + tgtd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` thunderbird_role(sysadm_r, sysadm_t) ') optional_policy(` + tor_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + transproxy_admin(sysadm_t, sysadm_r) +') + +optional_policy(` tripwire_run_siggen(sysadm_t, sysadm_r) tripwire_run_tripwire(sysadm_t, sysadm_r) tripwire_run_twadmin(sysadm_t, sysadm_r) @@ -365,6 +1079,10 @@ optional_policy(` ') optional_policy(` + ulogd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` uml_role(sysadm_r, sysadm_t) ') @@ -377,6 +1095,10 @@ optional_policy(` ') optional_policy(` + uptime_admin(sysadm_t, sysadm_r) +') + +optional_policy(` usbmodules_run(sysadm_t, sysadm_r) ') @@ -391,6 +1113,31 @@ optional_policy(` ') optional_policy(` + uucp_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + uuidd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + varnishd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + varnishd_admin_varnishlog(sysadm_t, sysadm_r) +') + +optional_policy(` + vdagent_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + vhostmd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + virt_admin(sysadm_t, sysadm_r) virt_stream_connect(sysadm_t) ') @@ -399,10 +1146,22 @@ optional_policy(` ') optional_policy(` + vnstatd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` vpn_run(sysadm_t, sysadm_r) ') optional_policy(` + watchdog_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + wdmd_admin(sysadm_t, sysadm_r) +') + +optional_policy(` webalizer_run(sysadm_t, sysadm_r) ') @@ -419,15 +1178,32 @@ optional_policy(` ') optional_policy(` + xfs_admin(sysadm_t, sysadm_r) +') + +optional_policy(` yam_run(sysadm_t, sysadm_r) ') +optional_policy(` + zabbix_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + zarafa_admin(sysadm_t, sysadm_r) +') + +optional_policy(` + zebra_admin(sysadm_t, sysadm_r) +') + ifndef(`distro_redhat',` optional_policy(` auth_role(sysadm_r, sysadm_t) ') optional_policy(` + bluetooth_admin(sysadm_t, sysadm_r) bluetooth_role(sysadm_r, sysadm_t) ') @@ -468,6 +1244,10 @@ ifndef(`distro_redhat',` ') optional_policy(` + ircd_admin(sysadm_t, sysadm_r) + ') + + optional_policy(` java_role(sysadm_r, sysadm_t) ') ')