Christopher J. PeBenito wrote:
> On Mon, 2007-02-26 at 12:29 -0500, dwalsh@localhost.localdomain wrote:
>   
>> ===File /tmp/patches/done/nsaserefpolicy_policy_modules_services_nscd.patch===
>> --- nsaserefpolicy/policy/modules/services/nscd.te	2007-02-19 11:32:53.000000000 -0500
>> +++ serefpolicy-2.5.5/policy/modules/services/nscd.te	2007-02-26 11:02:34.000000000 -0500
>> @@ -117,6 +117,9 @@
>>  	term_dontaudit_use_unallocated_ttys(nscd_t)
>>  	term_dontaudit_use_generic_ptys(nscd_t)
>>  	files_dontaudit_read_root_files(nscd_t)
>> +',`
>> +	userdom_dontaudit_use_sysadm_ttys(nscd_t)
>> +	userdom_dontaudit_use_sysadm_ptys(nscd_t)
>>  ')
>>  
>>  optional_policy(`
>>     
>
> This should go with a run interface, then you get the transition, the
> role and these dontaudits.
>
>   
Ok how about this one.