[people/stevee/selinux-policy.git] / policy / modules / roles / sysadm.te

policy_module(sysadm, 2.2.1)

########################################
#
# Declarations
#

role sysadm_r;

userdom_admin_user_template(sysadm)

ifndef(`enable_mls',`
	userdom_security_admin_template(sysadm_t, sysadm_r)
')

########################################
#
# Local policy
#
kernel_read_fs_sysctls(sysadm_t)

corecmd_exec_shell(sysadm_t)

domain_dontaudit_read_all_domains_state(sysadm_t)

files_read_kernel_modules(sysadm_t)

dev_filetrans_all_named_dev(sysadm_t)
storage_filetrans_all_named_dev(sysadm_t)
term_filetrans_all_named_dev(sysadm_t)

mls_process_read_up(sysadm_t)
mls_file_read_to_clearance(sysadm_t)
mls_process_write_to_clearance(sysadm_t)

storage_setattr_fixed_disk_dev(sysadm_t)

ubac_process_exempt(sysadm_t)
ubac_file_exempt(sysadm_t)
ubac_fd_exempt(sysadm_t)

application_exec(sysadm_t)

init_exec(sysadm_t)
init_exec_script_files(sysadm_t)
init_dbus_chat(sysadm_t)
init_script_role_transition(sysadm_r)

miscfiles_filetrans_named_content(sysadm_t)
miscfiles_read_hwdata(sysadm_t)

sysnet_filetrans_named_content(sysadm_t)

# Add/remove user home directories
userdom_manage_user_home_dirs(sysadm_t)
userdom_home_filetrans_user_home_dir(sysadm_t)
userdom_manage_tmp_role(sysadm_r, sysadm_t)

optional_policy(`
	alsa_filetrans_named_content(sysadm_t)
')

optional_policy(`
	ssh_filetrans_admin_home_content(sysadm_t)
')

ifdef(`direct_sysadm_daemon',`
	optional_policy(`
		init_run_daemon(sysadm_t, sysadm_r)
	')
',`
	ifdef(`distro_gentoo',`
		optional_policy(`
			seutil_init_script_run_runinit(sysadm_t, sysadm_r)
		')
	')
')

ifndef(`enable_mls',`
	logging_manage_audit_log(sysadm_t)
	logging_manage_audit_config(sysadm_t)
	logging_run_auditctl(sysadm_t, sysadm_r)
	logging_stream_connect_syslog(sysadm_t)
')

tunable_policy(`deny_ptrace',`',`
	domain_ptrace_all_domains(sysadm_t)
')

optional_policy(`
	amanda_run_recover(sysadm_t, sysadm_r)
')

optional_policy(`
	apache_run_helper(sysadm_t, sysadm_r)
	apache_filetrans_home_content(sysadm_t)
	#apache_run_all_scripts(sysadm_t, sysadm_r)
	#apache_domtrans_sys_script(sysadm_t)
')

optional_policy(`
	# cjp: why is this not apm_run_client
	apm_domtrans_client(sysadm_t)
')

optional_policy(`
	apt_run(sysadm_t, sysadm_r)
')

optional_policy(`
	auditadm_role_change(sysadm_r)
')

optional_policy(`
	backup_run(sysadm_t, sysadm_r)
')

optional_policy(`
	bind_run_ndc(sysadm_t, sysadm_r)
')

optional_policy(`
	bootloader_run(sysadm_t, sysadm_r)
')

optional_policy(`
	certmonger_dbus_chat(sysadm_t)
')

optional_policy(`
	certwatch_run(sysadm_t, sysadm_r)
')

optional_policy(`
	clock_run(sysadm_t, sysadm_r)
')

optional_policy(`
	clockspeed_run_cli(sysadm_t, sysadm_r)
')

optional_policy(`
	cron_admin_role(sysadm_r, sysadm_t)
	#cron_role(sysadm_r, sysadm_t)
')

optional_policy(`
	consoletype_exec(sysadm_t)
')

optional_policy(`
    daemonstools_run_start(sysadm_t, sysadm_r)
')

optional_policy(`
	dbus_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	dcc_run_cdcc(sysadm_t, sysadm_r)
	dcc_run_client(sysadm_t, sysadm_r)
	dcc_run_dbclean(sysadm_t, sysadm_r)
')

optional_policy(`
	ddcprobe_run(sysadm_t, sysadm_r)
')

optional_policy(`
	devicekit_filetrans_named_content(sysadm_t)
')

optional_policy(`
	dmesg_exec(sysadm_t)
')

optional_policy(`
	dmidecode_run(sysadm_t, sysadm_r)
')

optional_policy(`
	dpkg_run(sysadm_t, sysadm_r)
')

optional_policy(`
	firstboot_run(sysadm_t, sysadm_r)
')

optional_policy(`
	fstools_run(sysadm_t, sysadm_r)
')

optional_policy(`
	hostname_run(sysadm_t, sysadm_r)
')

optional_policy(`
	hadoop_role(sysadm_r, sysadm_t)
')

optional_policy(`
	# allow system administrator to use the ipsec script to look
	# at things (e.g., ipsec auto --status)
	# probably should create an ipsec_admin role for this kind of thing
	ipsec_exec_mgmt(sysadm_t)
	ipsec_stream_connect(sysadm_t)
	# for lsof
	ipsec_getattr_key_sockets(sysadm_t)
	ipsec_run_setkey(sysadm_t, sysadm_r)
	ipsec_run_racoon(sysadm_t, sysadm_r)
	ipsec_stream_connect_racoon(sysadm_t)

	optional_policy(`
		ipsec_mgmt_dbus_chat(sysadm_t)
	')
')

optional_policy(`
	iptables_run(sysadm_t, sysadm_r)
')

optional_policy(`
	irc_role(sysadm_r, sysadm_t)
')

optional_policy(`
	kerberos_exec_kadmind(sysadm_t)
	kerberos_filetrans_named_content(sysadm_t)
')

optional_policy(`
	kudzu_run(sysadm_t, sysadm_r)
')

optional_policy(`
	libs_run_ldconfig(sysadm_t, sysadm_r)
')

optional_policy(`
	logrotate_run(sysadm_t, sysadm_r)
')

optional_policy(`
	lpd_run_checkpc(sysadm_t, sysadm_r)
	lpd_role(sysadm_r, sysadm_t)
')

optional_policy(`
	lvm_run(sysadm_t, sysadm_r)
')

optional_policy(`
	modutils_run_depmod(sysadm_t, sysadm_r)
	modutils_run_insmod(sysadm_t, sysadm_r)
	modutils_run_update_mods(sysadm_t, sysadm_r)
	modutils_read_module_deps(sysadm_t)
	modules_filetrans_named_content(sysadm_t)
')

optional_policy(`
	mount_run(sysadm_t, sysadm_r)
	mount_run_showmount(sysadm_t, sysadm_r)
')

optional_policy(`
	mta_role(sysadm_r, sysadm_t)
	# this is defined in userdom_common_user_template
	#mta_filetrans_home_content(sysadm_t)
	mta_filetrans_admin_home_content(sysadm_t)
')

optional_policy(`
	munin_stream_connect(sysadm_t)
')

optional_policy(`
	mysql_stream_connect(sysadm_t)
')

optional_policy(`
	ncftool_run(sysadm_t, sysadm_r)
')

optional_policy(`
	netutils_run(sysadm_t, sysadm_r)
	netutils_run_ping(sysadm_t, sysadm_r)
	netutils_run_traceroute(sysadm_t, sysadm_r)
')

optional_policy(`
	networkmanager_filetrans_named_content(sysadm_t)
')

optional_policy(`
	ntp_stub()
	corenet_udp_bind_ntp_port(sysadm_t)
')

optional_policy(`
	nx_filetrans_named_content(sysadm_t)
')

optional_policy(`
	oav_run_update(sysadm_t, sysadm_r)
')

optional_policy(`
	openvpn_run(sysadm_t, sysadm_r)
')

optional_policy(`
	pcmcia_run_cardctl(sysadm_t, sysadm_r)
')

optional_policy(`
	polipo_role(sysadm_r, sysadm_t)
	polipo_named_filetrans_admin_cache_home_dirs(sysadm_t)
	polipo_named_filetrans_admin_config_home_files(sysadm_t)
')

optional_policy(`
	portage_run(sysadm_t, sysadm_r)
	portage_run_gcc_config(sysadm_t, sysadm_r)
')

optional_policy(`
	portmap_run_helper(sysadm_t, sysadm_r)
')

optional_policy(`
	postfix_filetrans_named_content(sysadm_t)
')

optional_policy(`
	prelink_run(sysadm_t, sysadm_r)
')

optional_policy(`
	puppet_run_puppetca(sysadm_t, sysadm_r)
')

optional_policy(`
	quota_run(sysadm_t, sysadm_r)
')

optional_policy(`
	raid_domtrans_mdadm(sysadm_t)
')

optional_policy(`
	rpc_domtrans_nfsd(sysadm_t)
')

optional_policy(`
	rpm_run(sysadm_t, sysadm_r)
	rpm_dbus_chat(sysadm_t, sysadm_r)
')

optional_policy(`
	rsync_exec(sysadm_t)
')

optional_policy(`
	samba_run_net(sysadm_t, sysadm_r)
	samba_run_winbind_helper(sysadm_t, sysadm_r)
')

optional_policy(`
	samhain_admin(sysadm_t)
')

optional_policy(`
	screen_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	secadm_role_change(sysadm_r)
')

optional_policy(`
	setroubleshoot_stream_connect(sysadm_t)
	setroubleshoot_dbus_chat(sysadm_t)
	setroubleshoot_dbus_chat_fixit(sysadm_t)
')

optional_policy(`
	seutil_run_setfiles(sysadm_t, sysadm_r)
	seutil_run_runinit(sysadm_t, sysadm_r)
')

optional_policy(`
	shutdown_run(sysadm_t, sysadm_r)
')

optional_policy(`
	ssh_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	staff_role_change(sysadm_r)
')

optional_policy(`
	su_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	sudo_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	sysnet_run_ifconfig(sysadm_t, sysadm_r)
	sysnet_run_dhcpc(sysadm_t, sysadm_r)
')

optional_policy(`
	systemd_passwd_agent_run(sysadm_t, sysadm_r)
	systemd_config_all_services(sysadm_t)
	systemd_manage_all_unit_files(sysadm_t)
	systemd_manage_all_unit_lnk_files(sysadm_t)
')

optional_policy(`
	tripwire_run_siggen(sysadm_t, sysadm_r)
	tripwire_run_tripwire(sysadm_t, sysadm_r)
	tripwire_run_twadmin(sysadm_t, sysadm_r)
	tripwire_run_twprint(sysadm_t, sysadm_r)
')

optional_policy(`
	tzdata_domtrans(sysadm_t)
')

optional_policy(`
	unconfined_domtrans(sysadm_t)
')

optional_policy(`
	udev_run(sysadm_t, sysadm_r)
')

optional_policy(`
	unprivuser_role_change(sysadm_r)
')

optional_policy(`
	usbmodules_run(sysadm_t, sysadm_r)
')

optional_policy(`
	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
	usermanage_run_groupadd(sysadm_t, sysadm_r)
	usermanage_run_useradd(sysadm_t, sysadm_r)
')

optional_policy(`
	virt_stream_connect(sysadm_t)
	virt_filetrans_home_content(sysadm_t)
')

optional_policy(`
	vlock_run(sysadm_t, sysadm_r)
')

optional_policy(`
	vpn_run(sysadm_t, sysadm_r)
')

optional_policy(`
	webalizer_run(sysadm_t, sysadm_r)
')

optional_policy(`
	xserver_role(sysadm_r, sysadm_t)
')

optional_policy(`
	yam_run(sysadm_t, sysadm_r)
')

optional_policy(`
	zebra_stream_connect(sysadm_t)
')

ifndef(`distro_redhat',`
	optional_policy(`
		apache_role(sysadm_r, sysadm_t)
	')
	optional_policy(`
		auth_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		bluetooth_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		cdrecord_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		dbus_role_template(sysadm, sysadm_r, sysadm_t)
	')

	optional_policy(`
		gnome_role(sysadm_r, sysadm_t)
		gnome_filetrans_admin_home_content(sysadm_t)
	')

	optional_policy(`
		gpg_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		java_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		lockdev_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		mock_admin(sysadm_t)
	')

	optional_policy(`
		mplayer_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		pyzor_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		razor_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		rssh_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		spamassassin_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		thunderbird_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		tvtime_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		uml_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		userhelper_role_template(sysadm, sysadm_r, sysadm_t)
	')

	optional_policy(`
		vmware_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		wireshark_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		xserver_role(sysadm_r, sysadm_t)
	')
')
Commit	Line	Data
d5048bc7	1	policy_module(sysadm, 2.2.1)
e9c6cda7 CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
e9c6cda7 CP	8	role sysadm_r;
	9
	10	userdom_admin_user_template(sysadm)
	11
	12	ifndef(`enable_mls',`
296273a7	13	userdom_security_admin_template(sysadm_t, sysadm_r)
e9c6cda7 CP	14	')
	15
	16	########################################
	17	#
	18	# Local policy
	19	#
2968e068	20	kernel_read_fs_sysctls(sysadm_t)
e9c6cda7 CP	21
	22	corecmd_exec_shell(sysadm_t)
	23
3eaa9939 DW	24	domain_dontaudit_read_all_domains_state(sysadm_t)
3eaa9939 DW	25
2968e068 DW	26	files_read_kernel_modules(sysadm_t)
2968e068 DW	27
65f784aa DW	28	dev_filetrans_all_named_dev(sysadm_t)
	29	storage_filetrans_all_named_dev(sysadm_t)
	30	term_filetrans_all_named_dev(sysadm_t)
72eaebd0	31
e9c6cda7	32	mls_process_read_up(sysadm_t)
3eaa9939 DW	33	mls_file_read_to_clearance(sysadm_t)
3eaa9939 DW	34	mls_process_write_to_clearance(sysadm_t)
e9c6cda7	35
77b776ea DW	36	storage_setattr_fixed_disk_dev(sysadm_t)
77b776ea DW	37
296273a7 CP	38	ubac_process_exempt(sysadm_t)
	39	ubac_file_exempt(sysadm_t)
	40	ubac_fd_exempt(sysadm_t)
	41
3eaa9939 DW	42	application_exec(sysadm_t)
3eaa9939 DW	43
e9c6cda7	44	init_exec(sysadm_t)
3eaa9939 DW	45	init_exec_script_files(sysadm_t)
3eaa9939 DW	46	init_dbus_chat(sysadm_t)
2968e068 DW	47	init_script_role_transition(sysadm_r)
2968e068 DW	48
91a6f708	49	miscfiles_filetrans_named_content(sysadm_t)
2968e068	50	miscfiles_read_hwdata(sysadm_t)
e9c6cda7	51
9c7e72de	52	sysnet_filetrans_named_content(sysadm_t)
72eaebd0	53
296273a7 CP	54	# Add/remove user home directories
	55	userdom_manage_user_home_dirs(sysadm_t)
	56	userdom_home_filetrans_user_home_dir(sysadm_t)
2010eb96	57	userdom_manage_tmp_role(sysadm_r, sysadm_t)
e9c6cda7	58
76d53813	59	optional_policy(`
5b3ec473	60	alsa_filetrans_named_content(sysadm_t)
76d53813 DW	61	')
76d53813 DW	62
72eaebd0	63	optional_policy(`
a11cc065	64	ssh_filetrans_admin_home_content(sysadm_t)
72eaebd0 DW	65	')
72eaebd0 DW	66
e9c6cda7 CP	67	ifdef(`direct_sysadm_daemon',`
e9c6cda7 CP	68	optional_policy(`
296273a7	69	init_run_daemon(sysadm_t, sysadm_r)
e9c6cda7 CP	70	')
	71	',`
	72	ifdef(`distro_gentoo',`
	73	optional_policy(`
296273a7	74	seutil_init_script_run_runinit(sysadm_t, sysadm_r)
e9c6cda7 CP	75	')
	76	')
	77	')
	78
	79	ifndef(`enable_mls',`
	80	logging_manage_audit_log(sysadm_t)
	81	logging_manage_audit_config(sysadm_t)
296273a7	82	logging_run_auditctl(sysadm_t, sysadm_r)
3eaa9939	83	logging_stream_connect_syslog(sysadm_t)
e9c6cda7 CP	84	')
e9c6cda7 CP	85
995bdbb1	86	tunable_policy(`deny_ptrace',`',`
e9c6cda7 CP	87	domain_ptrace_all_domains(sysadm_t)
	88	')
	89
	90	optional_policy(`
296273a7	91	amanda_run_recover(sysadm_t, sysadm_r)
e9c6cda7 CP	92	')
	93
	94	optional_policy(`
296273a7	95	apache_run_helper(sysadm_t, sysadm_r)
3ad2a285	96	apache_filetrans_home_content(sysadm_t)
e9c6cda7 CP	97	#apache_run_all_scripts(sysadm_t, sysadm_r)
	98	#apache_domtrans_sys_script(sysadm_t)
	99	')
	100
	101	optional_policy(`
	102	# cjp: why is this not apm_run_client
	103	apm_domtrans_client(sysadm_t)
	104	')
	105
	106	optional_policy(`
296273a7 CP	107	apt_run(sysadm_t, sysadm_r)
	108	')
	109
	110	optional_policy(`
	111	auditadm_role_change(sysadm_r)
	112	')
	113
296273a7 CP	114	optional_policy(`
296273a7 CP	115	backup_run(sysadm_t, sysadm_r)
e9c6cda7 CP	116	')
	117
	118	optional_policy(`
296273a7	119	bind_run_ndc(sysadm_t, sysadm_r)
e9c6cda7 CP	120	')
e9c6cda7 CP	121
e9c6cda7	122	optional_policy(`
296273a7	123	bootloader_run(sysadm_t, sysadm_r)
e9c6cda7 CP	124	')
e9c6cda7 CP	125
3eaa9939 DW	126	optional_policy(`
	127	certmonger_dbus_chat(sysadm_t)
	128	')
	129
e9c6cda7	130	optional_policy(`
296273a7	131	certwatch_run(sysadm_t, sysadm_r)
e9c6cda7 CP	132	')
	133
	134	optional_policy(`
296273a7	135	clock_run(sysadm_t, sysadm_r)
e9c6cda7 CP	136	')
	137
	138	optional_policy(`
296273a7	139	clockspeed_run_cli(sysadm_t, sysadm_r)
e9c6cda7 CP	140	')
e9c6cda7 CP	141
0351e043 DW	142	optional_policy(`
0351e043 DW	143	cron_admin_role(sysadm_r, sysadm_t)
a9b17c21	144	#cron_role(sysadm_r, sysadm_t)
0351e043 DW	145	')
0351e043 DW	146
e9c6cda7	147	optional_policy(`
e200bcc0	148	consoletype_exec(sysadm_t)
e9c6cda7 CP	149	')
e9c6cda7 CP	150
3eaa9939 DW	151	optional_policy(`
3eaa9939 DW	152	daemonstools_run_start(sysadm_t, sysadm_r)
e9c6cda7 CP	153	')
e9c6cda7 CP	154
4ec3fa73 DW	155	optional_policy(`
	156	dbus_role_template(sysadm, sysadm_r, sysadm_t)
	157	')
	158
e9c6cda7	159	optional_policy(`
296273a7 CP	160	dcc_run_cdcc(sysadm_t, sysadm_r)
	161	dcc_run_client(sysadm_t, sysadm_r)
	162	dcc_run_dbclean(sysadm_t, sysadm_r)
	163	')
	164
4ad28653	165	optional_policy(`
4ec3fa73	166	ddcprobe_run(sysadm_t, sysadm_r)
4ad28653 DW	167	')
4ad28653 DW	168
296273a7	169	optional_policy(`
d6091320	170	devicekit_filetrans_named_content(sysadm_t)
e9c6cda7 CP	171	')
	172
	173	optional_policy(`
	174	dmesg_exec(sysadm_t)
	175	')
	176
	177	optional_policy(`
296273a7 CP	178	dmidecode_run(sysadm_t, sysadm_r)
	179	')
	180
	181	optional_policy(`
	182	dpkg_run(sysadm_t, sysadm_r)
e9c6cda7 CP	183	')
e9c6cda7 CP	184
e9c6cda7	185	optional_policy(`
296273a7	186	firstboot_run(sysadm_t, sysadm_r)
e9c6cda7 CP	187	')
	188
	189	optional_policy(`
296273a7	190	fstools_run(sysadm_t, sysadm_r)
e9c6cda7 CP	191	')
e9c6cda7 CP	192
296273a7 CP	193	optional_policy(`
296273a7 CP	194	hostname_run(sysadm_t, sysadm_r)
e9c6cda7 CP	195	')
e9c6cda7 CP	196
bc71a042	197	optional_policy(`
641ac054	198	hadoop_role(sysadm_r, sysadm_t)
bc71a042 PN	199	')
bc71a042 PN	200
e9c6cda7 CP	201	optional_policy(`
	202	# allow system administrator to use the ipsec script to look
	203	# at things (e.g., ipsec auto --status)
	204	# probably should create an ipsec_admin role for this kind of thing
	205	ipsec_exec_mgmt(sysadm_t)
	206	ipsec_stream_connect(sysadm_t)
	207	# for lsof
	208	ipsec_getattr_key_sockets(sysadm_t)
3eaa9939 DW	209	ipsec_run_setkey(sysadm_t, sysadm_r)
	210	ipsec_run_racoon(sysadm_t, sysadm_r)
	211	ipsec_stream_connect_racoon(sysadm_t)
	212
	213	optional_policy(`
	214	ipsec_mgmt_dbus_chat(sysadm_t)
	215	')
e9c6cda7 CP	216	')
	217
	218	optional_policy(`
296273a7 CP	219	iptables_run(sysadm_t, sysadm_r)
	220	')
	221
f8f030aa DG	222	optional_policy(`
	223	irc_role(sysadm_r, sysadm_t)
	224	')
	225
3eaa9939 DW	226	optional_policy(`
3eaa9939 DW	227	kerberos_exec_kadmind(sysadm_t)
d141ac47	228	kerberos_filetrans_named_content(sysadm_t)
3eaa9939 DW	229	')
3eaa9939 DW	230
e9c6cda7	231	optional_policy(`
296273a7	232	kudzu_run(sysadm_t, sysadm_r)
e9c6cda7 CP	233	')
	234
	235	optional_policy(`
296273a7	236	libs_run_ldconfig(sysadm_t, sysadm_r)
e9c6cda7 CP	237	')
e9c6cda7 CP	238
e9c6cda7	239	optional_policy(`
296273a7	240	logrotate_run(sysadm_t, sysadm_r)
e9c6cda7 CP	241	')
	242
	243	optional_policy(`
296273a7 CP	244	lpd_run_checkpc(sysadm_t, sysadm_r)
296273a7 CP	245	lpd_role(sysadm_r, sysadm_t)
e9c6cda7 CP	246	')
	247
	248	optional_policy(`
296273a7	249	lvm_run(sysadm_t, sysadm_r)
e9c6cda7 CP	250	')
	251
	252	optional_policy(`
296273a7 CP	253	modutils_run_depmod(sysadm_t, sysadm_r)
	254	modutils_run_insmod(sysadm_t, sysadm_r)
	255	modutils_run_update_mods(sysadm_t, sysadm_r)
2371d8d8	256	modutils_read_module_deps(sysadm_t)
c66c51f7	257	modules_filetrans_named_content(sysadm_t)
e9c6cda7 CP	258	')
	259
	260	optional_policy(`
296273a7	261	mount_run(sysadm_t, sysadm_r)
3eaa9939	262	mount_run_showmount(sysadm_t, sysadm_r)
296273a7 CP	263	')
296273a7 CP	264
296273a7 CP	265	optional_policy(`
296273a7 CP	266	mta_role(sysadm_r, sysadm_t)
7c702088 MG	267	# this is defined in userdom_common_user_template
7c702088 MG	268	#mta_filetrans_home_content(sysadm_t)
780198a1	269	mta_filetrans_admin_home_content(sysadm_t)
e9c6cda7 CP	270	')
	271
	272	optional_policy(`
	273	munin_stream_connect(sysadm_t)
	274	')
	275
	276	optional_policy(`
	277	mysql_stream_connect(sysadm_t)
	278	')
	279
3eaa9939 DW	280	optional_policy(`
	281	ncftool_run(sysadm_t, sysadm_r)
	282	')
	283
e9c6cda7	284	optional_policy(`
296273a7 CP	285	netutils_run(sysadm_t, sysadm_r)
	286	netutils_run_ping(sysadm_t, sysadm_r)
	287	netutils_run_traceroute(sysadm_t, sysadm_r)
e9c6cda7 CP	288	')
e9c6cda7 CP	289
0ddcd8f6 DW	290	optional_policy(`
	291	networkmanager_filetrans_named_content(sysadm_t)
	292	')
	293
e9c6cda7 CP	294	optional_policy(`
	295	ntp_stub()
	296	corenet_udp_bind_ntp_port(sysadm_t)
	297	')
	298
e4b8dbb3	299	optional_policy(`
7e67b9c9	300	nx_filetrans_named_content(sysadm_t)
e4b8dbb3 DW	301	')
e4b8dbb3 DW	302
e9c6cda7	303	optional_policy(`
296273a7 CP	304	oav_run_update(sysadm_t, sysadm_r)
	305	')
	306
87f49770 MG	307	optional_policy(`
	308	openvpn_run(sysadm_t, sysadm_r)
	309	')
	310
296273a7 CP	311	optional_policy(`
296273a7 CP	312	pcmcia_run_cardctl(sysadm_t, sysadm_r)
e9c6cda7 CP	313	')
e9c6cda7 CP	314
f1b7d092 DG	315	optional_policy(`
	316	polipo_role(sysadm_r, sysadm_t)
	317	polipo_named_filetrans_admin_cache_home_dirs(sysadm_t)
	318	polipo_named_filetrans_admin_config_home_files(sysadm_t)
	319	')
	320
e9c6cda7	321	optional_policy(`
296273a7 CP	322	portage_run(sysadm_t, sysadm_r)
296273a7 CP	323	portage_run_gcc_config(sysadm_t, sysadm_r)
e9c6cda7 CP	324	')
	325
	326	optional_policy(`
296273a7	327	portmap_run_helper(sysadm_t, sysadm_r)
e9c6cda7 CP	328	')
e9c6cda7 CP	329
7dd47a9a DW	330	optional_policy(`
	331	postfix_filetrans_named_content(sysadm_t)
	332	')
	333
3eaa9939 DW	334	optional_policy(`
	335	prelink_run(sysadm_t, sysadm_r)
	336	')
	337
51b8b4c0 DW	338	optional_policy(`
	339	puppet_run_puppetca(sysadm_t, sysadm_r)
	340	')
	341
e9c6cda7	342	optional_policy(`
296273a7	343	quota_run(sysadm_t, sysadm_r)
e9c6cda7 CP	344	')
	345
	346	optional_policy(`
	347	raid_domtrans_mdadm(sysadm_t)
	348	')
	349
	350	optional_policy(`
	351	rpc_domtrans_nfsd(sysadm_t)
	352	')
	353
	354	optional_policy(`
296273a7	355	rpm_run(sysadm_t, sysadm_r)
4e889ea1	356	rpm_dbus_chat(sysadm_t, sysadm_r)
296273a7 CP	357	')
296273a7 CP	358
e9c6cda7 CP	359	optional_policy(`
	360	rsync_exec(sysadm_t)
	361	')
	362
	363	optional_policy(`
296273a7 CP	364	samba_run_net(sysadm_t, sysadm_r)
296273a7 CP	365	samba_run_winbind_helper(sysadm_t, sysadm_r)
e9c6cda7 CP	366	')
e9c6cda7 CP	367
b2f8897d HC	368	optional_policy(`
	369	samhain_admin(sysadm_t)
	370	')
	371
e9c6cda7	372	optional_policy(`
296273a7	373	screen_role_template(sysadm, sysadm_r, sysadm_t)
e9c6cda7 CP	374	')
	375
	376	optional_policy(`
296273a7	377	secadm_role_change(sysadm_r)
e9c6cda7 CP	378	')
e9c6cda7 CP	379
7c525b65 DW	380	optional_policy(`
	381	setroubleshoot_stream_connect(sysadm_t)
	382	setroubleshoot_dbus_chat(sysadm_t)
	383	setroubleshoot_dbus_chat_fixit(sysadm_t)
	384	')
	385
e9c6cda7	386	optional_policy(`
296273a7 CP	387	seutil_run_setfiles(sysadm_t, sysadm_r)
296273a7 CP	388	seutil_run_runinit(sysadm_t, sysadm_r)
e9c6cda7 CP	389	')
e9c6cda7 CP	390
3eaa9939 DW	391	optional_policy(`
	392	shutdown_run(sysadm_t, sysadm_r)
	393	')
	394
e9c6cda7	395	optional_policy(`
296273a7 CP	396	ssh_role_template(sysadm, sysadm_r, sysadm_t)
	397	')
	398
	399	optional_policy(`
	400	staff_role_change(sysadm_r)
	401	')
	402
	403	optional_policy(`
	404	su_role_template(sysadm, sysadm_r, sysadm_t)
	405	')
	406
	407	optional_policy(`
	408	sudo_role_template(sysadm, sysadm_r, sysadm_t)
	409	')
	410
	411	optional_policy(`
	412	sysnet_run_ifconfig(sysadm_t, sysadm_r)
	413	sysnet_run_dhcpc(sysadm_t, sysadm_r)
	414	')
	415
d7441a41 DW	416	optional_policy(`
d7441a41 DW	417	systemd_passwd_agent_run(sysadm_t, sysadm_r)
faaa4a27 DW	418	systemd_config_all_services(sysadm_t)
	419	systemd_manage_all_unit_files(sysadm_t)
	420	systemd_manage_all_unit_lnk_files(sysadm_t)
d7441a41 DW	421	')
d7441a41 DW	422
296273a7 CP	423	optional_policy(`
	424	tripwire_run_siggen(sysadm_t, sysadm_r)
	425	tripwire_run_tripwire(sysadm_t, sysadm_r)
	426	tripwire_run_twadmin(sysadm_t, sysadm_r)
	427	tripwire_run_twprint(sysadm_t, sysadm_r)
	428	')
	429
e9c6cda7 CP	430	optional_policy(`
	431	tzdata_domtrans(sysadm_t)
	432	')
	433
	434	optional_policy(`
b34db7a8	435	unconfined_domtrans(sysadm_t)
e9c6cda7 CP	436	')
e9c6cda7 CP	437
9427adb7 MG	438	optional_policy(`
	439	udev_run(sysadm_t, sysadm_r)
	440	')
	441
e9c6cda7	442	optional_policy(`
296273a7 CP	443	unprivuser_role_change(sysadm_r)
	444	')
	445
	446	optional_policy(`
	447	usbmodules_run(sysadm_t, sysadm_r)
	448	')
e9c6cda7	449
296273a7 CP	450	optional_policy(`
	451	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
	452	usermanage_run_groupadd(sysadm_t, sysadm_r)
	453	usermanage_run_useradd(sysadm_t, sysadm_r)
	454	')
	455
3eaa9939	456	optional_policy(`
7c525b65 DW	457	virt_stream_connect(sysadm_t)
7c525b65 DW	458	virt_filetrans_home_content(sysadm_t)
e9c6cda7 CP	459	')
	460
	461	optional_policy(`
7c525b65	462	vlock_run(sysadm_t, sysadm_r)
e9c6cda7 CP	463	')
e9c6cda7 CP	464
3eaa9939	465	optional_policy(`
7c525b65	466	vpn_run(sysadm_t, sysadm_r)
3eaa9939 DW	467	')
3eaa9939 DW	468
d35e2ee0	469	optional_policy(`
7c525b65	470	webalizer_run(sysadm_t, sysadm_r)
d35e2ee0 HC	471	')
d35e2ee0 HC	472
e9c6cda7	473	optional_policy(`
296273a7	474	xserver_role(sysadm_r, sysadm_t)
e9c6cda7 CP	475	')
	476
	477	optional_policy(`
296273a7	478	yam_run(sysadm_t, sysadm_r)
e9c6cda7	479	')
c87e1502	480
3eaa9939 DW	481	optional_policy(`
3eaa9939 DW	482	zebra_stream_connect(sysadm_t)
c87e1502 JS	483	')
c87e1502 JS	484
2968e068 DW	485	ifndef(`distro_redhat',`
	486	optional_policy(`
	487	apache_role(sysadm_r, sysadm_t)
	488	')
	489	optional_policy(`
	490	auth_role(sysadm_r, sysadm_t)
	491	')
3eaa9939	492
2968e068 DW	493	optional_policy(`
	494	bluetooth_role(sysadm_r, sysadm_t)
	495	')
	496
	497	optional_policy(`
	498	cdrecord_role(sysadm_r, sysadm_t)
	499	')
	500
2968e068 DW	501	optional_policy(`
	502	dbus_role_template(sysadm, sysadm_r, sysadm_t)
	503	')
	504
2968e068 DW	505	optional_policy(`
2968e068 DW	506	gnome_role(sysadm_r, sysadm_t)
a11cc065	507	gnome_filetrans_admin_home_content(sysadm_t)
2968e068 DW	508	')
	509
	510	optional_policy(`
	511	gpg_role(sysadm_r, sysadm_t)
	512	')
	513
2968e068 DW	514	optional_policy(`
	515	java_role(sysadm_r, sysadm_t)
	516	')
	517
	518	optional_policy(`
	519	lockdev_role(sysadm_r, sysadm_t)
	520	')
	521
dd323694 DW	522	optional_policy(`
	523	mock_admin(sysadm_t)
	524	')
	525
2968e068 DW	526	optional_policy(`
	527	mplayer_role(sysadm_r, sysadm_t)
	528	')
	529
	530	optional_policy(`
	531	pyzor_role(sysadm_r, sysadm_t)
	532	')
	533
	534	optional_policy(`
	535	razor_role(sysadm_r, sysadm_t)
	536	')
	537
	538	optional_policy(`
	539	rssh_role(sysadm_r, sysadm_t)
	540	')
	541
	542	optional_policy(`
	543	spamassassin_role(sysadm_r, sysadm_t)
	544	')
	545
	546	optional_policy(`
	547	thunderbird_role(sysadm_r, sysadm_t)
	548	')
	549
	550	optional_policy(`
	551	tvtime_role(sysadm_r, sysadm_t)
	552	')
	553
	554	optional_policy(`
	555	uml_role(sysadm_r, sysadm_t)
	556	')
	557
	558	optional_policy(`
	559	userhelper_role_template(sysadm, sysadm_r, sysadm_t)
	560	')
	561
	562	optional_policy(`
	563	vmware_role(sysadm_r, sysadm_t)
	564	')
	565
	566	optional_policy(`
	567	wireshark_role(sysadm_r, sysadm_t)
	568	')
	569
	570	optional_policy(`
	571	xserver_role(sysadm_r, sysadm_t)
	572	')
	573	')