]>
Commit | Line | Data |
---|---|---|
826d0142 | 1 | policy_module(staff, 2.2.0) |
e9c6cda7 CP |
2 | |
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | ||
8 | role staff_r; | |
9 | ||
10 | userdom_unpriv_user_template(staff) | |
3eaa9939 DW |
11 | fs_exec_noxattr(staff_t) |
12 | ||
13 | # needed for sandbox | |
14 | allow staff_t self:process setexec; | |
e9c6cda7 CP |
15 | |
16 | ######################################## | |
17 | # | |
18 | # Local policy | |
19 | # | |
20 | ||
a6c4623b DW |
21 | kernel_read_ring_buffer(staff_t) |
22 | kernel_getattr_core_if(staff_t) | |
23 | kernel_getattr_message_if(staff_t) | |
24 | kernel_read_software_raid_state(staff_t) | |
25 | kernel_read_fs_sysctls(staff_t) | |
2968e068 | 26 | |
a6c4623b | 27 | fs_read_hugetlbfs_files(staff_t) |
acba86e0 | 28 | |
a6c4623b | 29 | dev_read_cpuid(staff_t) |
3ac15b7c | 30 | |
a6c4623b DW |
31 | domain_read_all_domains_state(staff_t) |
32 | domain_getattr_all_domains(staff_t) | |
2968e068 DW |
33 | domain_obj_id_change_exemption(staff_t) |
34 | ||
a6c4623b | 35 | files_read_kernel_modules(staff_t) |
2968e068 DW |
36 | |
37 | seutil_read_module_store(staff_t) | |
38 | seutil_run_newrole(staff_t, staff_r) | |
39 | ||
5c589335 DW |
40 | storage_read_scsi_generic(staff_t) |
41 | storage_write_scsi_generic(staff_t) | |
42 | ||
a6c4623b | 43 | term_use_unallocated_ttys(staff_t) |
3eaa9939 DW |
44 | |
45 | auth_domtrans_pam_console(staff_t) | |
46 | ||
47 | init_dbus_chat(staff_t) | |
48 | init_dbus_chat_script(staff_t) | |
49 | ||
a6c4623b | 50 | miscfiles_read_hwdata(staff_t) |
2968e068 | 51 | |
4ba442da DW |
52 | ifndef(`enable_mls',` |
53 | selinux_read_policy(staff_t) | |
54 | ') | |
55 | ||
4ad28653 | 56 | optional_policy(` |
0e7fbb58 | 57 | abrt_read_cache(staff_t) |
4ad28653 DW |
58 | ') |
59 | ||
e9c6cda7 | 60 | optional_policy(` |
296273a7 | 61 | apache_role(staff_r, staff_t) |
e9c6cda7 CP |
62 | ') |
63 | ||
3eaa9939 | 64 | optional_policy(` |
296273a7 | 65 | auditadm_role_change(staff_r) |
3eaa9939 DW |
66 | ') |
67 | ||
a3cfe808 DW |
68 | optional_policy(` |
69 | blueman_dbus_chat(staff_t) | |
70 | ') | |
71 | ||
e9c6cda7 | 72 | optional_policy(` |
c62f1bef | 73 | dbadm_role_change(staff_r) |
e9c6cda7 CP |
74 | ') |
75 | ||
c62f1bef | 76 | optional_policy(` |
14ffaf83 DW |
77 | accountsd_dbus_chat(staff_t) |
78 | accountsd_read_lib_files(staff_t) | |
3eaa9939 DW |
79 | ') |
80 | ||
27608c5b DW |
81 | optional_policy(` |
82 | colord_dbus_chat(staff_t) | |
83 | ') | |
84 | ||
3eaa9939 | 85 | optional_policy(` |
14ffaf83 | 86 | gnomeclock_dbus_chat(staff_t) |
3eaa9939 DW |
87 | ') |
88 | ||
ca9e8850 DW |
89 | optional_policy(` |
90 | gnome_role(staff_r, staff_t) | |
91 | ') | |
92 | ||
f8f030aa DG |
93 | optional_policy(` |
94 | irc_role(staff_r, staff_t) | |
95 | ') | |
96 | ||
14ffaf83 DW |
97 | optional_policy(` |
98 | lpd_list_spool(staff_t) | |
3eaa9939 DW |
99 | ') |
100 | ||
28545264 DW |
101 | optional_policy(` |
102 | mock_role(staff_r, staff_t) | |
103 | ') | |
104 | ||
3eaa9939 | 105 | optional_policy(` |
14ffaf83 DW |
106 | kerneloops_dbus_chat(staff_t) |
107 | ') | |
108 | ||
109 | optional_policy(` | |
110 | logadm_role_change(staff_r) | |
111 | ') | |
112 | ||
2371d8d8 | 113 | optional_policy(` |
a6c4623b DW |
114 | modutils_read_module_config(staff_t) |
115 | modutils_read_module_deps(staff_t) | |
2371d8d8 MG |
116 | ') |
117 | ||
118 | optional_policy(` | |
119 | netutils_run_ping(staff_t, staff_r) | |
120 | netutils_run_traceroute(staff_t, staff_r) | |
121 | netutils_signal_ping(staff_t) | |
122 | netutils_kill_ping(staff_t) | |
123 | ') | |
124 | ||
366396d8 DW |
125 | optional_policy(` |
126 | oident_manage_user_content(staff_t) | |
127 | oident_relabel_user_content(staff_t) | |
128 | ') | |
129 | ||
9a52a69e MG |
130 | optional_policy(` |
131 | mta_role(staff_r, staff_t) | |
132 | ') | |
133 | ||
a7129342 DW |
134 | optional_policy(` |
135 | mysql_exec(staff_t) | |
136 | ') | |
137 | ||
f1b7d092 DG |
138 | optional_policy(` |
139 | polipo_role(staff_r, staff_t) | |
140 | polipo_named_filetrans_cache_home_dirs(staff_t) | |
141 | polipo_named_filetrans_config_home_files(staff_t) | |
142 | ') | |
143 | ||
3eaa9939 | 144 | optional_policy(` |
2968e068 | 145 | postgresql_role(staff_r, staff_t) |
3eaa9939 DW |
146 | ') |
147 | ||
148 | optional_policy(` | |
14ffaf83 | 149 | rtkit_scheduled(staff_t) |
3eaa9939 DW |
150 | ') |
151 | ||
152 | optional_policy(` | |
a6c4623b | 153 | rpm_dbus_chat(staff_t) |
3eaa9939 DW |
154 | ') |
155 | ||
156 | optional_policy(` | |
c87e1502 | 157 | secadm_role_change(staff_r) |
296273a7 CP |
158 | ') |
159 | ||
160 | optional_policy(` | |
14ffaf83 | 161 | sandbox_transition(staff_t, staff_r) |
3eaa9939 DW |
162 | ') |
163 | ||
164 | optional_policy(` | |
2968e068 | 165 | screen_role_template(staff, staff_r, staff_t) |
3eaa9939 DW |
166 | ') |
167 | ||
296273a7 | 168 | optional_policy(` |
c87e1502 JS |
169 | sysadm_role_change(staff_r) |
170 | userdom_dontaudit_use_user_terminals(staff_t) | |
296273a7 | 171 | ') |
7c525b65 | 172 | |
14ffaf83 DW |
173 | optional_policy(` |
174 | setroubleshoot_stream_connect(staff_t) | |
175 | setroubleshoot_dbus_chat(staff_t) | |
176 | setroubleshoot_dbus_chat_fixit(staff_t) | |
177 | ') | |
178 | ||
3eaa9939 | 179 | optional_policy(` |
4e857ebf | 180 | ssh_role_template(staff, staff_r, staff_t) |
3eaa9939 DW |
181 | ') |
182 | ||
183 | optional_policy(` | |
2968e068 | 184 | sudo_role_template(staff, staff_r, staff_t) |
3eaa9939 DW |
185 | ') |
186 | ||
296273a7 | 187 | optional_policy(` |
a6c4623b | 188 | userhelper_console_role_template(staff, staff_r, staff_t) |
14ffaf83 DW |
189 | ') |
190 | ||
191 | optional_policy(` | |
192 | unconfined_role_change(staff_r) | |
193 | ') | |
194 | ||
3bf6566d | 195 | optional_policy(` |
196 | usbmuxd_stream_connect(staff_t) | |
197 | ') | |
198 | ||
14ffaf83 DW |
199 | optional_policy(` |
200 | virt_stream_connect(staff_t) | |
201 | ') | |
202 | ||
0a394bf0 | 203 | optional_policy(` |
7c525b65 | 204 | vlock_run(staff_t, staff_r) |
0a394bf0 DW |
205 | ') |
206 | ||
14ffaf83 | 207 | optional_policy(` |
7c525b65 | 208 | vnstatd_read_lib_files(staff_t) |
296273a7 CP |
209 | ') |
210 | ||
d35e2ee0 | 211 | optional_policy(` |
7c525b65 | 212 | webadm_role_change(staff_r) |
d35e2ee0 HC |
213 | ') |
214 | ||
3eaa9939 | 215 | optional_policy(` |
2968e068 | 216 | xserver_role(staff_r, staff_t) |
3eaa9939 DW |
217 | ') |
218 | ||
219 | ifndef(`distro_redhat',` | |
2968e068 DW |
220 | optional_policy(` |
221 | auth_role(staff_r, staff_t) | |
222 | ') | |
223 | ||
224 | optional_policy(` | |
225 | bluetooth_role(staff_r, staff_t) | |
226 | ') | |
227 | ||
228 | optional_policy(` | |
229 | cdrecord_role(staff_r, staff_t) | |
230 | ') | |
231 | ||
232 | optional_policy(` | |
233 | cron_role(staff_r, staff_t) | |
234 | ') | |
235 | ||
236 | optional_policy(` | |
237 | dbus_role_template(staff, staff_r, staff_t) | |
2968e068 | 238 | ') |
296273a7 | 239 | |
2968e068 DW |
240 | optional_policy(` |
241 | gpg_role(staff_r, staff_t) | |
242 | ') | |
296273a7 | 243 | |
2968e068 DW |
244 | optional_policy(` |
245 | java_role(staff_r, staff_t) | |
246 | ') | |
296273a7 | 247 | |
2968e068 DW |
248 | optional_policy(` |
249 | lockdev_role(staff_r, staff_t) | |
250 | ') | |
296273a7 | 251 | |
2968e068 DW |
252 | optional_policy(` |
253 | lpd_role(staff_r, staff_t) | |
254 | ') | |
296273a7 | 255 | |
2968e068 DW |
256 | optional_policy(` |
257 | mplayer_role(staff_r, staff_t) | |
258 | ') | |
3eaa9939 | 259 | |
2968e068 DW |
260 | optional_policy(` |
261 | pyzor_role(staff_r, staff_t) | |
262 | ') | |
3eaa9939 | 263 | |
2968e068 DW |
264 | optional_policy(` |
265 | razor_role(staff_r, staff_t) | |
266 | ') | |
3eaa9939 | 267 | |
2968e068 DW |
268 | optional_policy(` |
269 | rssh_role(staff_r, staff_t) | |
270 | ') | |
3eaa9939 | 271 | |
2968e068 DW |
272 | optional_policy(` |
273 | spamassassin_role(staff_r, staff_t) | |
274 | ') | |
3eaa9939 | 275 | |
2968e068 DW |
276 | optional_policy(` |
277 | su_role_template(staff, staff_r, staff_t) | |
278 | ') | |
3eaa9939 | 279 | |
2968e068 DW |
280 | optional_policy(` |
281 | tvtime_role(staff_r, staff_t) | |
282 | ') | |
3eaa9939 | 283 | |
2968e068 DW |
284 | optional_policy(` |
285 | uml_role(staff_r, staff_t) | |
286 | ') | |
3eaa9939 | 287 | |
2968e068 DW |
288 | optional_policy(` |
289 | userhelper_role_template(staff, staff_r, staff_t) | |
290 | ') | |
3eaa9939 | 291 | |
2968e068 DW |
292 | optional_policy(` |
293 | vmware_role(staff_r, staff_t) | |
294 | ') | |
3eaa9939 | 295 | |
2968e068 DW |
296 | optional_policy(` |
297 | wireshark_role(staff_r, staff_t) | |
298 | ') | |
299 | ') | |
4d22fba0 DW |
300 | |
301 | tunable_policy(`allow_execmod',` | |
a6c4623b | 302 | userdom_execmod_user_home_files(staff_t) |
4d22fba0 | 303 | ') |