From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH v2 2/2] Add all the missing _admin interfaces to sysadm
Date: Tue, 9 Jun 2015 08:40:36 -0400 [thread overview]
Message-ID: <5576DEC4.5010003@tresys.com> (raw)
In-Reply-To: <1433795902-12448-2-git-send-email-jason@perfinion.com>
On 6/8/2015 4:38 PM, Jason Zaman wrote:
> Lots of the foo_admin() interfaces were not applied to sysadm. This
> patch adds all the ones that were missing.
>
> The tests pass for all combinations of distros, monolithic,
> direct_initrc, standard/mcs/mls.
Merged.
> ---
> policy/modules/roles/sysadm.te | 788 ++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 784 insertions(+), 4 deletions(-)
>
> diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
> index f9919fd..5a95779 100644
> --- a/policy/modules/roles/sysadm.te
> +++ b/policy/modules/roles/sysadm.te
> @@ -66,10 +66,47 @@ tunable_policy(`allow_ptrace',`
> ')
>
> optional_policy(`
> + abrt_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + accountsd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + acct_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + afs_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + aiccu_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + aide_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + aisexecd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> amanda_run_recover(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + amavis_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + amtu_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + apache_admin(sysadm_t, sysadm_r)
> apache_run_helper(sysadm_t, sysadm_r)
> #apache_run_all_scripts(sysadm_t, sysadm_r)
> #apache_domtrans_sys_script(sysadm_t)
> @@ -77,8 +114,12 @@ optional_policy(`
> ')
>
> optional_policy(`
> - # cjp: why is this not apm_run_client
> - apm_domtrans_client(sysadm_t)
> + apcupsd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + apm_admin(sysadm_t, sysadm_r)
> + apm_run_client(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> @@ -86,6 +127,11 @@ optional_policy(`
> ')
>
> optional_policy(`
> + arpwatch_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + asterisk_admin(sysadm_t, sysadm_r)
> asterisk_stream_connect(sysadm_t)
> ')
>
> @@ -94,26 +140,104 @@ optional_policy(`
> ')
>
> optional_policy(`
> + automount_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + avahi_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> backup_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> bacula_run_admin(sysadm_t, sysadm_r)
> + bacula_admin(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + bcfg2_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + bind_admin(sysadm_t, sysadm_r)
> bind_run_ndc(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + bird_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + bitlbee_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + boinc_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> bootloader_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + bugzilla_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cachefilesd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + calamaris_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + callweaver_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + canna_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ccs_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + certmaster_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + certmonger_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> certwatch_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + cfengine_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cgroup_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + chronyd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cipe_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + clamav_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> clock_run(sysadm_t, sysadm_r)
> ')
>
> @@ -122,24 +246,101 @@ optional_policy(`
> ')
>
> optional_policy(`
> + cmirrord_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cobbler_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + collectd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + condor_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> consoletype_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + corosync_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + couchdb_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ctdb_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cups_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cvs_admin(sysadm_t, sysadm_r)
> cvs_exec(sysadm_t)
> ')
>
> optional_policy(`
> + cyphesis_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + cyrus_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dante_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> dcc_run_cdcc(sysadm_t, sysadm_r)
> dcc_run_client(sysadm_t, sysadm_r)
> dcc_run_dbclean(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + ddclient_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> ddcprobe_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + denyhosts_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + devicekit_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dhcpd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dictd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dirmngr_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + distcc_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dkim_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> dmesg_exec(sysadm_t)
> ')
>
> @@ -148,10 +349,54 @@ optional_policy(`
> ')
>
> optional_policy(`
> + dnsmasq_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dnssectrigger_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dovecot_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> dpkg_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + drbd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + dspam_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + entropyd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + exim_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + fail2ban_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + fcoe_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + fetchmail_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + firewalld_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> firstboot_run(sysadm_t, sysadm_r)
> ')
>
> @@ -160,7 +405,31 @@ optional_policy(`
> ')
>
> optional_policy(`
> - hostname_run(sysadm_t, sysadm_r)
> + ftp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + gatekeeper_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + gdomap_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + glance_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + glusterfs_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + gpm_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + gpsd_admin(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> @@ -168,6 +437,42 @@ optional_policy(`
> ')
>
> optional_policy(`
> + hddtemp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + hostname_run(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + howl_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + hypervkvp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + i18n_input_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + icecast_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ifplugd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + inn_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + iodine_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> # allow system administrator to use the ipsec script to look
> # at things (e.g., ipsec auto --status)
> # probably should create an ipsec_admin role for this kind of thing
> @@ -183,14 +488,79 @@ optional_policy(`
> ')
>
> optional_policy(`
> + irqbalance_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + iscsi_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + isnsd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + jabber_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + kdump_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + kerberos_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + kerneloops_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + keystone_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + kismet_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ksmtuned_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + kudzu_admin(sysadm_t, sysadm_r)
> kudzu_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + l2tp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ldap_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> libs_run_ldconfig(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + lightsquid_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + likewise_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + lircd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + lldpad_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> lockdev_role(sysadm_r, sysadm_t)
> ')
>
> @@ -204,16 +574,48 @@ optional_policy(`
> ')
>
> optional_policy(`
> + lsmd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> lvm_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + mandb_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + mcelog_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + memcached_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + minidlna_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + minissdpd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> modutils_run_depmod(sysadm_t, sysadm_r)
> modutils_run_insmod(sysadm_t, sysadm_r)
> modutils_run_update_mods(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + mongodb_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + monop_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> mount_run(sysadm_t, sysadm_r)
> ')
>
> @@ -222,10 +624,22 @@ optional_policy(`
> ')
>
> optional_policy(`
> + mpd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> mplayer_role(sysadm_r, sysadm_t)
> ')
>
> optional_policy(`
> + mrtg_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + mscan_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> mta_role(sysadm_r, sysadm_t)
> ')
>
> @@ -234,29 +648,122 @@ optional_policy(`
> ')
>
> optional_policy(`
> + mysql_admin(sysadm_t, sysadm_r)
> mysql_stream_connect(sysadm_t)
> ')
>
> optional_policy(`
> + nagios_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + nessus_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> netutils_run(sysadm_t, sysadm_r)
> netutils_run_ping(sysadm_t, sysadm_r)
> netutils_run_traceroute(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> - ntp_stub()
> + networkmanager_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + nis_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + nscd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + nslcd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ntop_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ntp_admin(sysadm_t, sysadm_r)
> corenet_udp_bind_ntp_port(sysadm_t)
> ')
>
> optional_policy(`
> + numad_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + nut_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> oav_run_update(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + oident_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + openct_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + openhpi_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + openvpn_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + openvswitch_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pacemaker_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pads_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> pcmcia_run_cardctl(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + pcscd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pegasus_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + perdition_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pingd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pkcs_admin_slotd(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + plymouthd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + polipo_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> portage_run(sysadm_t, sysadm_r)
> portage_run_fetch(sysadm_t, sysadm_r)
> portage_run_gcc_config(sysadm_t, sysadm_r)
> @@ -264,18 +771,86 @@ optional_policy(`
>
> optional_policy(`
> portmap_run_helper(sysadm_t, sysadm_r)
> + portmap_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + portreserve_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + postfix_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + postfixpolicyd_admin(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + postgrey_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ppp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + prelude_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + privoxy_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + psad_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + puppet_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pxe_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pyicqt_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + pyzor_admin(sysadm_t, sysadm_r)
> pyzor_role(sysadm_r, sysadm_t)
> ')
>
> optional_policy(`
> + qpidd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + quantum_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> quota_run(sysadm_t, sysadm_r)
> + quota_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rabbitmq_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + radius_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + radvd_admin(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> raid_run_mdadm(sysadm_r, sysadm_t)
> + raid_admin_mdadm(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> @@ -283,11 +858,49 @@ optional_policy(`
> ')
>
> optional_policy(`
> + redis_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + resmgr_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rgmanager_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rhcs_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rhsmcertd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + ricci_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rngd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + roundup_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rpc_admin(sysadm_t, sysadm_r)
> rpc_domtrans_nfsd(sysadm_t)
> ')
>
> optional_policy(`
> + rpcbind_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> rpm_run(sysadm_t, sysadm_r)
> + rpm_admin(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> @@ -295,10 +908,22 @@ optional_policy(`
> ')
>
> optional_policy(`
> + rsync_admin(sysadm_t, sysadm_r)
> rsync_exec(sysadm_t)
> ')
>
> optional_policy(`
> + rtkit_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + rwho_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + samba_admin(sysadm_t, sysadm_r)
> + samba_run_smbcontrol(sysadm_t, sysadm_r)
> + samba_run_smbmount(sysadm_t, sysadm_r)
> samba_run_net(sysadm_t, sysadm_r)
> samba_run_winbind_helper(sysadm_t, sysadm_r)
> ')
> @@ -308,6 +933,18 @@ optional_policy(`
> ')
>
> optional_policy(`
> + sanlock_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + sasl_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + sblim_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> screen_role_template(sysadm, sysadm_r, sysadm_t)
> ')
>
> @@ -316,11 +953,52 @@ optional_policy(`
> ')
>
> optional_policy(`
> + sensord_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + setroubleshoot_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> seutil_run_setfiles(sysadm_t, sysadm_r)
> seutil_run_runinit(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + shorewall_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + slpd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + smartmon_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + smokeping_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + smstools_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + snmp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + snort_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + soundserver_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + spamassassin_admin(sysadm_t, sysadm_r)
> spamassassin_role(sysadm_r, sysadm_t)
> ')
>
> @@ -329,10 +1007,18 @@ optional_policy(`
> ')
>
> optional_policy(`
> + sssd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> staff_role_change(sysadm_r)
> ')
>
> optional_policy(`
> + stapserver_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> su_role_template(sysadm, sysadm_r, sysadm_t)
> ')
>
> @@ -341,15 +1027,43 @@ optional_policy(`
> ')
>
> optional_policy(`
> + svnserve_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> sysnet_run_ifconfig(sysadm_t, sysadm_r)
> sysnet_run_dhcpc(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + sysstat_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + tcsd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + tftp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + tgtd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> thunderbird_role(sysadm_r, sysadm_t)
> ')
>
> optional_policy(`
> + tor_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + transproxy_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> tripwire_run_siggen(sysadm_t, sysadm_r)
> tripwire_run_tripwire(sysadm_t, sysadm_r)
> tripwire_run_twadmin(sysadm_t, sysadm_r)
> @@ -365,6 +1079,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + ulogd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> uml_role(sysadm_r, sysadm_t)
> ')
>
> @@ -377,6 +1095,10 @@ optional_policy(`
> ')
>
> optional_policy(`
> + uptime_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> usbmodules_run(sysadm_t, sysadm_r)
> ')
>
> @@ -391,6 +1113,31 @@ optional_policy(`
> ')
>
> optional_policy(`
> + uucp_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + uuidd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + varnishd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + varnishd_admin_varnishlog(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + vdagent_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + vhostmd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + virt_admin(sysadm_t, sysadm_r)
> virt_stream_connect(sysadm_t)
> ')
>
> @@ -399,10 +1146,22 @@ optional_policy(`
> ')
>
> optional_policy(`
> + vnstatd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> vpn_run(sysadm_t, sysadm_r)
> ')
>
> optional_policy(`
> + watchdog_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + wdmd_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> webalizer_run(sysadm_t, sysadm_r)
> ')
>
> @@ -419,15 +1178,32 @@ optional_policy(`
> ')
>
> optional_policy(`
> + xfs_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> yam_run(sysadm_t, sysadm_r)
> ')
>
> +optional_policy(`
> + zabbix_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + zarafa_admin(sysadm_t, sysadm_r)
> +')
> +
> +optional_policy(`
> + zebra_admin(sysadm_t, sysadm_r)
> +')
> +
> ifndef(`distro_redhat',`
> optional_policy(`
> auth_role(sysadm_r, sysadm_t)
> ')
>
> optional_policy(`
> + bluetooth_admin(sysadm_t, sysadm_r)
> bluetooth_role(sysadm_r, sysadm_t)
> ')
>
> @@ -468,6 +1244,10 @@ ifndef(`distro_redhat',`
> ')
>
> optional_policy(`
> + ircd_admin(sysadm_t, sysadm_r)
> + ')
> +
> + optional_policy(`
> java_role(sysadm_r, sysadm_t)
> ')
> ')
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
next prev parent reply other threads:[~2015-06-09 12:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-08 20:38 [refpolicy] [PATCH v2 1/2] Introduce iptables_admin Jason Zaman
2015-06-08 20:38 ` [refpolicy] [PATCH v2 2/2] Add all the missing _admin interfaces to sysadm Jason Zaman
2015-06-09 12:40 ` Christopher J. PeBenito [this message]
2015-06-09 12:40 ` [refpolicy] [PATCH v2 1/2] Introduce iptables_admin Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5576DEC4.5010003@tresys.com \
--to=cpebenito@tresys.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.