714 lines
14 KiB
Text
714 lines
14 KiB
Text
policy_module(sysadm, 2.6.1)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
role sysadm_r;
|
|
|
|
userdom_admin_user_template(sysadm)
|
|
allow sysadm_t self:socket { accept listen };
|
|
allow sysadm_t self:netlink_tcpdiag_socket create_netlink_socket_perms;
|
|
allow sysadm_t self:netlink_selinux_socket create_socket_perms;
|
|
allow sysadm_t self:netlink_generic_socket create_socket_perms;
|
|
allow sysadm_t self:tipc_socket create_socket_perms;
|
|
allow sysadm_t self:sctp_socket create_socket_perms;
|
|
allow sysadm_t self:rawip_socket create_socket_perms;
|
|
|
|
allow sysadm_t self:system all_system_perms;
|
|
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
kernel_manage_perf_event(sysadm_t)
|
|
kernel_read_fs_sysctls(sysadm_t)
|
|
kernel_read_all_proc(sysadm_t)
|
|
kernel_unconfined(sysadm_t)
|
|
|
|
auth_manage_shadow(sysadm_t)
|
|
|
|
corecmd_exec_shell(sysadm_t)
|
|
|
|
dev_filetrans_all_named_dev(sysadm_t)
|
|
dev_rw_ipmi_dev(sysadm_t)
|
|
dev_rw_autofs(sysadm_t)
|
|
dev_rw_lvm_control(sysadm_t)
|
|
dev_rw_watchdog(sysadm_t)
|
|
dev_rw_wireless(sysadm_t)
|
|
dev_setattr_all_chr_files(sysadm_t)
|
|
|
|
domain_dontaudit_read_all_domains_state(sysadm_t)
|
|
domain_read_view_all_domains_keyrings(sysadm_t)
|
|
|
|
files_read_kernel_modules(sysadm_t)
|
|
files_filetrans_named_content(sysadm_t)
|
|
files_status_etc(sysadm_t)
|
|
files_unconfined(sysadm_t)
|
|
|
|
fs_manage_configfs_dirs(sysadm_t)
|
|
fs_manage_configfs_files(sysadm_t)
|
|
fs_mount_fusefs(sysadm_t)
|
|
fs_rw_tracefs_files(sysadm_t)
|
|
fs_mount_tracefs(sysadm_t)
|
|
|
|
storage_filetrans_all_named_dev(sysadm_t)
|
|
storage_read_scsi_generic(sysadm_t)
|
|
storage_write_scsi_generic(sysadm_t)
|
|
|
|
term_filetrans_all_named_dev(sysadm_t)
|
|
|
|
mls_process_read_up(sysadm_t)
|
|
mls_file_read_all_levels(sysadm_t)
|
|
mls_file_write_all_levels(sysadm_t)
|
|
mls_file_read_to_clearance(sysadm_t)
|
|
mls_process_write_to_clearance(sysadm_t)
|
|
|
|
storage_setattr_fixed_disk_dev(sysadm_t)
|
|
|
|
ubac_process_exempt(sysadm_t)
|
|
ubac_file_exempt(sysadm_t)
|
|
ubac_fd_exempt(sysadm_t)
|
|
|
|
application_exec(sysadm_t)
|
|
|
|
init_filetrans_named_content(sysadm_t)
|
|
init_disable_services(sysadm_t)
|
|
init_enable_services(sysadm_t)
|
|
init_reload_services(sysadm_t)
|
|
init_exec(sysadm_t)
|
|
init_exec_script_files(sysadm_t)
|
|
init_dbus_chat(sysadm_t)
|
|
init_script_role_transition(sysadm_r)
|
|
init_start(sysadm_t)
|
|
init_stop(sysadm_t)
|
|
init_status(sysadm_t)
|
|
init_reboot(sysadm_t)
|
|
init_halt(sysadm_t)
|
|
init_undefined(sysadm_t)
|
|
init_ioctl_stream_sockets(sysadm_t)
|
|
init_prog_run_bpf(sysadm_t)
|
|
init_run_script(sysadm_t, sysadm_r)
|
|
|
|
logging_filetrans_named_content(sysadm_t)
|
|
logging_map_audit_config(sysadm_t)
|
|
logging_map_audit_log(sysadm_t)
|
|
logging_mmap_journal(sysadm_t)
|
|
|
|
miscfiles_filetrans_named_content(sysadm_t)
|
|
miscfiles_read_hwdata(sysadm_t)
|
|
|
|
sysnet_filetrans_named_content(sysadm_t)
|
|
|
|
# Add/remove user home directories
|
|
userdom_manage_user_tmp_chr_files(sysadm_t)
|
|
userdom_manage_user_home_dirs(sysadm_t)
|
|
userdom_home_filetrans_user_home_dir(sysadm_t)
|
|
userdom_manage_tmp_role(sysadm_r, sysadm_t)
|
|
userdom_exec_admin_home_files(sysadm_t)
|
|
userdom_manage_admin_files(sysadm_t)
|
|
userdom_manage_admin_dirs(sysadm_t)
|
|
|
|
userdom_prog_run_bpf_userdomain(sysadm_t)
|
|
|
|
corenet_ib_access_unlabeled_pkeys(sysadm_t)
|
|
corenet_ib_manage_subnet_unlabeled_endports(sysadm_t)
|
|
corenet_tcp_bind_all_rpc_ports(sysadm_t)
|
|
|
|
optional_policy(`
|
|
abrt_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
accountsd_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
alsa_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
container_stream_connect(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dirsrv_domtrans(sysadm_t)
|
|
dirsrv_stream_connect(sysadm_t)
|
|
dirsrv_manage_log(sysadm_t)
|
|
dirsrv_manage_var_lib(sysadm_t)
|
|
dirsrv_manage_var_run(sysadm_t)
|
|
dirsrv_manage_config(sysadm_t)
|
|
dirsrv_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
ssh_filetrans_admin_home_content(sysadm_t)
|
|
ssh_filetrans_keys(sysadm_t)
|
|
')
|
|
|
|
ifdef(`direct_sysadm_daemon',`
|
|
optional_policy(`
|
|
init_run_daemon(sysadm_t, sysadm_r)
|
|
')
|
|
',`
|
|
ifdef(`distro_gentoo',`
|
|
optional_policy(`
|
|
seutil_init_script_run_runinit(sysadm_t, sysadm_r)
|
|
')
|
|
')
|
|
')
|
|
|
|
ifdef(`distro_gentoo',`
|
|
init_exec_rc(sysadm_t)
|
|
')
|
|
|
|
tunable_policy(`deny_ptrace',`',`
|
|
domain_ptrace_all_domains(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
amanda_run_recover(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
apache_run_helper(sysadm_t, sysadm_r)
|
|
apache_filetrans_named_content(sysadm_t)
|
|
#apache_run_all_scripts(sysadm_t, sysadm_r)
|
|
#apache_domtrans_sys_script(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# cjp: why is this not apm_run_client
|
|
apm_domtrans_client(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
apt_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
asterisk_stream_connect(sysadm_t)
|
|
asterisk_exec(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
auditadm_role_change(sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
backup_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
bacula_run_admin(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
bind_run_ndc(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
bootloader_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
certmonger_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
certwatch_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
clock_run(sysadm_t, sysadm_r)
|
|
clock_manage_adjtime(sysadm_t)
|
|
clock_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
clockspeed_run_cli(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
colord_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_admin_role(sysadm_r, sysadm)
|
|
')
|
|
|
|
optional_policy(`
|
|
consoletype_exec(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
daemonstools_run_start(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
dbus_role_template(sysadm, sysadm_r, sysadm_t)
|
|
dbus_connect_system_bus(sysadm_t)
|
|
dontaudit sysadm_dbusd_t self:capability net_admin;
|
|
|
|
optional_policy(`
|
|
systemd_dbus_chat_timedated(sysadm_t)
|
|
systemd_dbus_chat_hostnamed(sysadm_t)
|
|
systemd_dbus_chat_localed(sysadm_t)
|
|
systemd_hwdb_mmap_config(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
realmd_dbus_chat(sysadm_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
dcc_run_cdcc(sysadm_t, sysadm_r)
|
|
dcc_run_client(sysadm_t, sysadm_r)
|
|
dcc_run_dbclean(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
ddcprobe_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
devicekit_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dmesg_exec(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dmidecode_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
dpkg_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
firstboot_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
firewalld_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
fstools_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
fwupd_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gnome_filetrans_fontconfig_home_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gpg_filetrans_admin_home_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
hostname_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
hwloc_admin(sysadm_t)
|
|
hwloc_run_dhwd(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
hadoop_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
insights_client_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
iotop_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
# allow system administrator to use the ipsec script to look
|
|
# at things (e.g., ipsec auto --status)
|
|
# probably should create an ipsec_admin role for this kind of thing
|
|
ipsec_exec_mgmt(sysadm_t)
|
|
ipsec_read_pid(sysadm_t)
|
|
ipsec_stream_connect(sysadm_t)
|
|
# for lsof
|
|
ipsec_getattr_key_sockets(sysadm_t)
|
|
ipsec_run_setkey(sysadm_t, sysadm_r)
|
|
ipsec_run_racoon(sysadm_t, sysadm_r)
|
|
ipsec_stream_connect_racoon(sysadm_t)
|
|
|
|
optional_policy(`
|
|
ipsec_mgmt_dbus_chat(sysadm_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
iptables_run(sysadm_t, sysadm_r)
|
|
iptables_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
irc_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
kerberos_exec_kadmind(sysadm_t)
|
|
kerberos_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
kpatch_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
libs_run_ldconfig(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
logrotate_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
corenet_tcp_bind_ldap_port(sysadm_t)
|
|
ldap_admin(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
lockdev_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
lpd_run_checkpc(sysadm_t, sysadm_r)
|
|
lpd_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
lvm_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
mandb_map_cache_files(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
modutils_run_kmod(sysadm_t, sysadm_r)
|
|
modutils_read_module_deps(sysadm_t)
|
|
modules_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mount_run(sysadm_t, sysadm_r)
|
|
mount_run_showmount(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_role(sysadm_r, sysadm_t)
|
|
# this is defined in userdom_common_user_template
|
|
#mta_filetrans_home_content(sysadm_t)
|
|
mta_filetrans_admin_home_content(sysadm_t)
|
|
mta_rw_aliases(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
munin_stream_connect(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mysql_stream_connect(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
ncftool_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
netutils_run(sysadm_t, sysadm_r)
|
|
netutils_run_ping(sysadm_t, sysadm_r)
|
|
netutils_run_traceroute(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
networkmanager_filetrans_named_content(sysadm_t)
|
|
networkmanager_stream_connect(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
ntp_stub()
|
|
corenet_udp_bind_ntp_port(sysadm_t)
|
|
ntp_admin(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
nx_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
oddjob_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
oav_run_update(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
openvpn_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
pcmcia_run_cardctl(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
pkcs_rw_shm(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
polipo_role(sysadm_r, sysadm_t)
|
|
polipo_named_filetrans_admin_cache_home_dirs(sysadm_t)
|
|
polipo_named_filetrans_admin_config_home_files(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
portage_run(sysadm_t, sysadm_r)
|
|
portage_run_fetch(sysadm_t, sysadm_r)
|
|
portage_run_gcc_config(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
portmap_run_helper(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
postfix_admin(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
postgresql_admin(sysadm_t, sysadm_r)
|
|
postgresql_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
journalctl_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
prelink_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
puppet_run_puppetca(sysadm_t, sysadm_r)
|
|
puppet_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
quota_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
raid_run_mdadm(sysadm_r,sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rhcs_stream_connect_cluster(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpc_domtrans_nfsd(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpm_run(sysadm_t, sysadm_r)
|
|
rpm_dbus_chat(sysadm_t, sysadm_r)
|
|
rpm_hawkey_named_filetrans(sysadm_t)
|
|
rpmdb_run_rpmdb(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
rtkit_daemon_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rsync_exec(sysadm_t)
|
|
rsync_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
samba_run_net(sysadm_t, sysadm_r)
|
|
samba_run_winbind_helper(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
samhain_admin(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
sanlock_stream_connect(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
screen_role_template(sysadm, sysadm_r, sysadm_t)
|
|
allow sysadm_screen_t self:capability { dac_read_search dac_override chown };
|
|
')
|
|
|
|
optional_policy(`
|
|
secadm_role_change(sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
setroubleshoot_stream_connect(sysadm_t)
|
|
setroubleshoot_dbus_chat(sysadm_t)
|
|
setroubleshoot_dbus_chat_fixit(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
seutil_run_setfiles(sysadm_t, sysadm_r)
|
|
seutil_run_runinit(sysadm_t, sysadm_r)
|
|
seutil_dbus_chat_semanage(sysadm_t)
|
|
seutil_read_login_config(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
shutdown_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
ssh_role_template(sysadm, sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sssd_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
staff_role_change(sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
su_role_template(sysadm, sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sudo_role_template(sysadm, sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sysnet_run_ifconfig(sysadm_t, sysadm_r)
|
|
sysnet_run_dhcpc(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
systemd_passwd_agent_run(sysadm_t, sysadm_r)
|
|
systemd_config_all_services(sysadm_t)
|
|
systemd_dbus_chat_machined(sysadm_t)
|
|
systemd_manage_all_unit_files(sysadm_t)
|
|
systemd_manage_all_unit_lnk_files(sysadm_t)
|
|
systemd_manage_unit_dirs(sysadm_t)
|
|
systemd_login_status(sysadm_t)
|
|
systemd_login_reboot(sysadm_t)
|
|
systemd_login_halt(sysadm_t)
|
|
systemd_login_undefined(sysadm_t)
|
|
systemd_systemctl_entrypoint(sysadm_t)
|
|
systemd_tmpfiles_run(sysadm_t, sysadm_r)
|
|
systemd_tmpfiles_nnp_domtrans(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
systemd_exec_sysctl(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tftp_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tlp_filetrans_named_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tripwire_run_siggen(sysadm_t, sysadm_r)
|
|
tripwire_run_tripwire(sysadm_t, sysadm_r)
|
|
tripwire_run_twadmin(sysadm_t, sysadm_r)
|
|
tripwire_run_twprint(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
targetcli_filetrans_admin_home_content(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tuned_dbus_chat(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tzdata_domtrans(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
udev_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
unprivuser_role_change(sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
usbmodules_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
usermanage_run_admin_passwd(sysadm_t, sysadm_r)
|
|
usermanage_run_groupadd(sysadm_t, sysadm_r)
|
|
usermanage_run_useradd(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
virt_stream_connect(sysadm_t)
|
|
virt_filetrans_home_content(sysadm_t)
|
|
virt_manage_pid_dirs(sysadm_t)
|
|
virt_transition_svirt_sandbox(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
vmware_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
vlock_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
vpn_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
webalizer_run(sysadm_t, sysadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
wireshark_role(sysadm_r, sysadm_t)
|
|
wireshark_rw_shm(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
xserver_role(sysadm_r, sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
zebra_stream_connect(sysadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gnome_role_template(sysadm, sysadm_r, sysadm_t)
|
|
gnome_filetrans_admin_home_content(sysadm_t)
|
|
')
|