]>
Commit | Line | Data |
---|---|---|
25d796ed | 1 | policy_module(staff, 2.1.2) |
e9c6cda7 CP |
2 | |
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | ||
8 | role staff_r; | |
9 | ||
10 | userdom_unpriv_user_template(staff) | |
3eaa9939 DW |
11 | fs_exec_noxattr(staff_t) |
12 | ||
13 | # needed for sandbox | |
14 | allow staff_t self:process setexec; | |
e9c6cda7 CP |
15 | |
16 | ######################################## | |
17 | # | |
18 | # Local policy | |
19 | # | |
20 | ||
3eaa9939 DW |
21 | kernel_read_ring_buffer(staff_usertype) |
22 | kernel_getattr_core_if(staff_usertype) | |
23 | kernel_getattr_message_if(staff_usertype) | |
24 | kernel_read_software_raid_state(staff_usertype) | |
2968e068 DW |
25 | kernel_read_fs_sysctls(staff_usertype) |
26 | ||
27 | domain_read_all_domains_state(staff_usertype) | |
28 | domain_getattr_all_domains(staff_usertype) | |
29 | domain_obj_id_change_exemption(staff_t) | |
30 | ||
31 | files_read_kernel_modules(staff_usertype) | |
32 | ||
33 | seutil_read_module_store(staff_t) | |
34 | seutil_run_newrole(staff_t, staff_r) | |
35 | ||
36 | term_use_unallocated_ttys(staff_usertype) | |
3eaa9939 DW |
37 | |
38 | auth_domtrans_pam_console(staff_t) | |
39 | ||
40 | init_dbus_chat(staff_t) | |
41 | init_dbus_chat_script(staff_t) | |
42 | ||
2968e068 DW |
43 | miscfiles_read_hwdata(staff_usertype) |
44 | ||
45 | modutils_read_module_config(staff_usertype) | |
46 | modutils_read_module_deps(staff_usertype) | |
47 | ||
3eaa9939 DW |
48 | netutils_run_ping(staff_t, staff_r) |
49 | netutils_signal_ping(staff_t) | |
50 | ||
e9c6cda7 | 51 | optional_policy(` |
296273a7 | 52 | apache_role(staff_r, staff_t) |
e9c6cda7 CP |
53 | ') |
54 | ||
3eaa9939 | 55 | optional_policy(` |
296273a7 | 56 | auditadm_role_change(staff_r) |
3eaa9939 DW |
57 | ') |
58 | ||
e9c6cda7 | 59 | optional_policy(` |
c62f1bef | 60 | dbadm_role_change(staff_r) |
e9c6cda7 CP |
61 | ') |
62 | ||
c62f1bef | 63 | optional_policy(` |
14ffaf83 DW |
64 | accountsd_dbus_chat(staff_t) |
65 | accountsd_read_lib_files(staff_t) | |
3eaa9939 DW |
66 | ') |
67 | ||
68 | optional_policy(` | |
14ffaf83 | 69 | gnomeclock_dbus_chat(staff_t) |
3eaa9939 DW |
70 | ') |
71 | ||
3eaa9939 | 72 | optional_policy(` |
14ffaf83 DW |
73 | firewallgui_dbus_chat(staff_t) |
74 | ') | |
75 | ||
76 | optional_policy(` | |
77 | lpd_list_spool(staff_t) | |
3eaa9939 DW |
78 | ') |
79 | ||
80 | optional_policy(` | |
14ffaf83 DW |
81 | kerneloops_dbus_chat(staff_t) |
82 | ') | |
83 | ||
84 | optional_policy(` | |
85 | logadm_role_change(staff_r) | |
86 | ') | |
87 | ||
88 | optional_policy(` | |
89 | mozilla_run_plugin(staff_t, staff_r) | |
3eaa9939 DW |
90 | ') |
91 | ||
366396d8 DW |
92 | optional_policy(` |
93 | oident_manage_user_content(staff_t) | |
94 | oident_relabel_user_content(staff_t) | |
95 | ') | |
96 | ||
3eaa9939 | 97 | optional_policy(` |
2968e068 | 98 | postgresql_role(staff_r, staff_t) |
3eaa9939 DW |
99 | ') |
100 | ||
101 | optional_policy(` | |
14ffaf83 | 102 | rtkit_scheduled(staff_t) |
3eaa9939 DW |
103 | ') |
104 | ||
105 | optional_policy(` | |
14ffaf83 | 106 | rpm_dbus_chat(staff_usertype) |
3eaa9939 DW |
107 | ') |
108 | ||
109 | optional_policy(` | |
c87e1502 | 110 | secadm_role_change(staff_r) |
296273a7 CP |
111 | ') |
112 | ||
113 | optional_policy(` | |
14ffaf83 | 114 | sandbox_transition(staff_t, staff_r) |
3eaa9939 DW |
115 | ') |
116 | ||
117 | optional_policy(` | |
2968e068 | 118 | screen_role_template(staff, staff_r, staff_t) |
3eaa9939 DW |
119 | ') |
120 | ||
296273a7 | 121 | optional_policy(` |
c87e1502 JS |
122 | sysadm_role_change(staff_r) |
123 | userdom_dontaudit_use_user_terminals(staff_t) | |
296273a7 | 124 | ') |
14ffaf83 DW |
125 | optional_policy(` |
126 | setroubleshoot_stream_connect(staff_t) | |
127 | setroubleshoot_dbus_chat(staff_t) | |
128 | setroubleshoot_dbus_chat_fixit(staff_t) | |
129 | ') | |
130 | ||
3eaa9939 | 131 | optional_policy(` |
2968e068 | 132 | ssh_role_template(staff, staff_r, staff_t) |
3eaa9939 DW |
133 | ') |
134 | ||
135 | optional_policy(` | |
2968e068 | 136 | sudo_role_template(staff, staff_r, staff_t) |
3eaa9939 DW |
137 | ') |
138 | ||
139 | optional_policy(` | |
14ffaf83 | 140 | telepathy_dbus_session_role(staff_r, staff_t) |
c62f1bef CP |
141 | ') |
142 | ||
296273a7 | 143 | optional_policy(` |
14ffaf83 DW |
144 | userhelper_console_role_template(staff, staff_r, staff_usertype) |
145 | ') | |
146 | ||
147 | optional_policy(` | |
148 | unconfined_role_change(staff_r) | |
149 | ') | |
150 | ||
151 | optional_policy(` | |
152 | virt_stream_connect(staff_t) | |
153 | ') | |
154 | ||
155 | optional_policy(` | |
156 | webadm_role_change(staff_r) | |
296273a7 CP |
157 | ') |
158 | ||
3eaa9939 | 159 | optional_policy(` |
2968e068 | 160 | xserver_role(staff_r, staff_t) |
3eaa9939 DW |
161 | ') |
162 | ||
163 | ifndef(`distro_redhat',` | |
2968e068 DW |
164 | optional_policy(` |
165 | auth_role(staff_r, staff_t) | |
166 | ') | |
167 | ||
168 | optional_policy(` | |
169 | bluetooth_role(staff_r, staff_t) | |
170 | ') | |
171 | ||
172 | optional_policy(` | |
173 | cdrecord_role(staff_r, staff_t) | |
174 | ') | |
175 | ||
176 | optional_policy(` | |
177 | cron_role(staff_r, staff_t) | |
178 | ') | |
179 | ||
180 | optional_policy(` | |
181 | dbus_role_template(staff, staff_r, staff_t) | |
182 | ') | |
3eaa9939 | 183 | |
2968e068 DW |
184 | optional_policy(` |
185 | evolution_role(staff_r, staff_t) | |
186 | ') | |
3eaa9939 | 187 | |
2968e068 DW |
188 | optional_policy(` |
189 | games_role(staff_r, staff_t) | |
190 | ') | |
3eaa9939 | 191 | |
2968e068 DW |
192 | optional_policy(` |
193 | gift_role(staff_r, staff_t) | |
194 | ') | |
296273a7 | 195 | |
2968e068 DW |
196 | optional_policy(` |
197 | gnome_role(staff_r, staff_t) | |
198 | ') | |
3eaa9939 | 199 | |
2968e068 DW |
200 | optional_policy(` |
201 | gpg_role(staff_r, staff_t) | |
202 | ') | |
296273a7 | 203 | |
2968e068 DW |
204 | optional_policy(` |
205 | irc_role(staff_r, staff_t) | |
206 | ') | |
3eaa9939 | 207 | |
2968e068 DW |
208 | optional_policy(` |
209 | java_role(staff_r, staff_t) | |
210 | ') | |
296273a7 | 211 | |
2968e068 DW |
212 | optional_policy(` |
213 | lockdev_role(staff_r, staff_t) | |
214 | ') | |
296273a7 | 215 | |
2968e068 DW |
216 | optional_policy(` |
217 | lpd_role(staff_r, staff_t) | |
218 | ') | |
296273a7 | 219 | |
2968e068 DW |
220 | optional_policy(` |
221 | mozilla_role(staff_r, staff_t) | |
222 | ') | |
3eaa9939 | 223 | |
2968e068 DW |
224 | optional_policy(` |
225 | mplayer_role(staff_r, staff_t) | |
226 | ') | |
3eaa9939 | 227 | |
2968e068 DW |
228 | optional_policy(` |
229 | mta_role(staff_r, staff_t) | |
230 | ') | |
3eaa9939 | 231 | |
2968e068 DW |
232 | optional_policy(` |
233 | pyzor_role(staff_r, staff_t) | |
234 | ') | |
3eaa9939 | 235 | |
2968e068 DW |
236 | optional_policy(` |
237 | razor_role(staff_r, staff_t) | |
238 | ') | |
3eaa9939 | 239 | |
2968e068 DW |
240 | optional_policy(` |
241 | rssh_role(staff_r, staff_t) | |
242 | ') | |
3eaa9939 | 243 | |
2968e068 DW |
244 | optional_policy(` |
245 | spamassassin_role(staff_r, staff_t) | |
246 | ') | |
3eaa9939 | 247 | |
2968e068 DW |
248 | optional_policy(` |
249 | su_role_template(staff, staff_r, staff_t) | |
250 | ') | |
3eaa9939 | 251 | |
2968e068 DW |
252 | optional_policy(` |
253 | thunderbird_role(staff_r, staff_t) | |
254 | ') | |
3eaa9939 | 255 | |
2968e068 DW |
256 | optional_policy(` |
257 | tvtime_role(staff_r, staff_t) | |
258 | ') | |
3eaa9939 | 259 | |
2968e068 DW |
260 | optional_policy(` |
261 | uml_role(staff_r, staff_t) | |
262 | ') | |
3eaa9939 | 263 | |
2968e068 DW |
264 | optional_policy(` |
265 | userhelper_role_template(staff, staff_r, staff_t) | |
266 | ') | |
3eaa9939 | 267 | |
2968e068 DW |
268 | optional_policy(` |
269 | vmware_role(staff_r, staff_t) | |
270 | ') | |
3eaa9939 | 271 | |
2968e068 DW |
272 | optional_policy(` |
273 | wireshark_role(staff_r, staff_t) | |
274 | ') | |
275 | ') |