[people/stevee/selinux-policy.git] / policy / modules / roles / sysadm.te

policy_module(sysadm, 2.2.1)

########################################
#
# Declarations
#

role sysadm_r;

userdom_admin_user_template(sysadm)

ifndef(`enable_mls',`
	userdom_security_admin_template(sysadm_t, sysadm_r)
')

########################################
#
# Local policy
#
kernel_read_fs_sysctls(sysadm_t)

corecmd_exec_shell(sysadm_t)

domain_dontaudit_read_all_domains_state(sysadm_t)

files_read_kernel_modules(sysadm_t)

dev_filetrans_all_named_dev(sysadm_t)
storage_filetrans_all_named_dev(sysadm_t)
term_filetrans_all_named_dev(sysadm_t)

mls_process_read_up(sysadm_t)
mls_file_read_to_clearance(sysadm_t)
mls_process_write_to_clearance(sysadm_t)

storage_setattr_fixed_disk_dev(sysadm_t)

ubac_process_exempt(sysadm_t)
ubac_file_exempt(sysadm_t)
ubac_fd_exempt(sysadm_t)

application_exec(sysadm_t)

init_exec(sysadm_t)
init_exec_script_files(sysadm_t)
init_dbus_chat(sysadm_t)
init_script_role_transition(sysadm_r)

miscfiles_filetrans_named_content(sysadm_t)
miscfiles_read_hwdata(sysadm_t)

sysnet_filetrans_named_content(sysadm_t)

# Add/remove user home directories
userdom_manage_user_home_dirs(sysadm_t)
userdom_home_filetrans_user_home_dir(sysadm_t)
userdom_manage_tmp_role(sysadm_r, sysadm_t)

optional_policy(`
	alsa_filetrans_named_content(sysadm_t)
')

optional_policy(`
	ssh_filetrans_admin_home_content(sysadm_t)
')

ifdef(`direct_sysadm_daemon',`
	optional_policy(`
		init_run_daemon(sysadm_t, sysadm_r)
	')
',`
	ifdef(`distro_gentoo',`
		optional_policy(`
			seutil_init_script_run_runinit(sysadm_t, sysadm_r)
		')
	')
')

ifndef(`enable_mls',`
	logging_manage_audit_log(sysadm_t)
	logging_manage_audit_config(sysadm_t)
	logging_run_auditctl(sysadm_t, sysadm_r)
	logging_stream_connect_syslog(sysadm_t)
')

tunable_policy(`deny_ptrace',`',`
	domain_ptrace_all_domains(sysadm_t)
')

optional_policy(`
	amanda_run_recover(sysadm_t, sysadm_r)
')

optional_policy(`
	apache_run_helper(sysadm_t, sysadm_r)
	apache_filetrans_home_content(sysadm_t)
	#apache_run_all_scripts(sysadm_t, sysadm_r)
	#apache_domtrans_sys_script(sysadm_t)
')

optional_policy(`
	# cjp: why is this not apm_run_client
	apm_domtrans_client(sysadm_t)
')

optional_policy(`
	auditadm_role_change(sysadm_r)
')

optional_policy(`
	bind_run_ndc(sysadm_t, sysadm_r)
')

optional_policy(`
	bootloader_run(sysadm_t, sysadm_r)
')

optional_policy(`
	certmonger_dbus_chat(sysadm_t)
')

optional_policy(`
	certwatch_run(sysadm_t, sysadm_r)
')

optional_policy(`
	clock_run(sysadm_t, sysadm_r)
')

optional_policy(`
	clockspeed_run_cli(sysadm_t, sysadm_r)
')

optional_policy(`
	cron_admin_role(sysadm_r, sysadm_t)
	#cron_role(sysadm_r, sysadm_t)
')

optional_policy(`
	consoletype_exec(sysadm_t)
')

optional_policy(`
    daemonstools_run_start(sysadm_t, sysadm_r)
')

optional_policy(`
	dbus_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	dcc_run_cdcc(sysadm_t, sysadm_r)
	dcc_run_client(sysadm_t, sysadm_r)
	dcc_run_dbclean(sysadm_t, sysadm_r)
')

optional_policy(`
	ddcprobe_run(sysadm_t, sysadm_r)
')

optional_policy(`
	devicekit_filetrans_named_content(sysadm_t)
')

optional_policy(`
	dmesg_exec(sysadm_t)
')

optional_policy(`
	dmidecode_run(sysadm_t, sysadm_r)
')

optional_policy(`
	dpkg_run(sysadm_t, sysadm_r)
')

optional_policy(`
	firstboot_run(sysadm_t, sysadm_r)
')

optional_policy(`
	fstools_run(sysadm_t, sysadm_r)
')

optional_policy(`
	hostname_run(sysadm_t, sysadm_r)
')

optional_policy(`
	hadoop_role(sysadm_r, sysadm_t)
')

optional_policy(`
	# allow system administrator to use the ipsec script to look
	# at things (e.g., ipsec auto --status)
	# probably should create an ipsec_admin role for this kind of thing
	ipsec_exec_mgmt(sysadm_t)
	ipsec_stream_connect(sysadm_t)
	# for lsof
	ipsec_getattr_key_sockets(sysadm_t)
	ipsec_run_setkey(sysadm_t, sysadm_r)
	ipsec_run_racoon(sysadm_t, sysadm_r)
	ipsec_stream_connect_racoon(sysadm_t)

	optional_policy(`
		ipsec_mgmt_dbus_chat(sysadm_t)
	')
')

optional_policy(`
	iptables_run(sysadm_t, sysadm_r)
')

optional_policy(`
	irc_role(sysadm_r, sysadm_t)
')

optional_policy(`
	kerberos_exec_kadmind(sysadm_t)
	kerberos_filetrans_named_content(sysadm_t)
')

optional_policy(`
	libs_run_ldconfig(sysadm_t, sysadm_r)
')

optional_policy(`
	logrotate_run(sysadm_t, sysadm_r)
')

optional_policy(`
	lpd_run_checkpc(sysadm_t, sysadm_r)
	lpd_role(sysadm_r, sysadm_t)
')

optional_policy(`
	lvm_run(sysadm_t, sysadm_r)
')

optional_policy(`
	modutils_run_depmod(sysadm_t, sysadm_r)
	modutils_run_insmod(sysadm_t, sysadm_r)
	modutils_run_update_mods(sysadm_t, sysadm_r)
	modutils_read_module_deps(sysadm_t)
	modules_filetrans_named_content(sysadm_t)
')

optional_policy(`
	mount_run(sysadm_t, sysadm_r)
	mount_run_showmount(sysadm_t, sysadm_r)
')

optional_policy(`
	mta_role(sysadm_r, sysadm_t)
	# this is defined in userdom_common_user_template
	#mta_filetrans_home_content(sysadm_t)
	mta_filetrans_admin_home_content(sysadm_t)
')

optional_policy(`
	munin_stream_connect(sysadm_t)
')

optional_policy(`
	mysql_stream_connect(sysadm_t)
')

optional_policy(`
	ncftool_run(sysadm_t, sysadm_r)
')

optional_policy(`
	netutils_run(sysadm_t, sysadm_r)
	netutils_run_ping(sysadm_t, sysadm_r)
	netutils_run_traceroute(sysadm_t, sysadm_r)
')

optional_policy(`
	networkmanager_filetrans_named_content(sysadm_t)
')

optional_policy(`
	ntp_stub()
	corenet_udp_bind_ntp_port(sysadm_t)
')

optional_policy(`
	nx_filetrans_named_content(sysadm_t)
')

optional_policy(`
	oav_run_update(sysadm_t, sysadm_r)
')

optional_policy(`
	openvpn_run(sysadm_t, sysadm_r)
')

optional_policy(`
	pcmcia_run_cardctl(sysadm_t, sysadm_r)
')

optional_policy(`
	polipo_role(sysadm_r, sysadm_t)
	polipo_named_filetrans_admin_cache_home_dirs(sysadm_t)
	polipo_named_filetrans_admin_config_home_files(sysadm_t)
')

optional_policy(`
	portage_run(sysadm_t, sysadm_r)
	portage_run_gcc_config(sysadm_t, sysadm_r)
')

optional_policy(`
	portmap_run_helper(sysadm_t, sysadm_r)
')

optional_policy(`
	postfix_filetrans_named_content(sysadm_t)
')

optional_policy(`
	prelink_run(sysadm_t, sysadm_r)
')

optional_policy(`
	puppet_run_puppetca(sysadm_t, sysadm_r)
')

optional_policy(`
	quota_run(sysadm_t, sysadm_r)
')

optional_policy(`
	raid_domtrans_mdadm(sysadm_t)
')

optional_policy(`
	rpc_domtrans_nfsd(sysadm_t)
')

optional_policy(`
	rpm_run(sysadm_t, sysadm_r)
	rpm_dbus_chat(sysadm_t, sysadm_r)
')

optional_policy(`
	rsync_exec(sysadm_t)
')

optional_policy(`
	samba_run_net(sysadm_t, sysadm_r)
	samba_run_winbind_helper(sysadm_t, sysadm_r)
')

optional_policy(`
	samhain_admin(sysadm_t)
')

optional_policy(`
	screen_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	secadm_role_change(sysadm_r)
')

optional_policy(`
	setroubleshoot_stream_connect(sysadm_t)
	setroubleshoot_dbus_chat(sysadm_t)
	setroubleshoot_dbus_chat_fixit(sysadm_t)
')

optional_policy(`
	seutil_run_setfiles(sysadm_t, sysadm_r)
	seutil_run_runinit(sysadm_t, sysadm_r)
')

optional_policy(`
	shutdown_run(sysadm_t, sysadm_r)
')

optional_policy(`
	ssh_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	staff_role_change(sysadm_r)
')

optional_policy(`
	su_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	sudo_role_template(sysadm, sysadm_r, sysadm_t)
')

optional_policy(`
	sysnet_run_ifconfig(sysadm_t, sysadm_r)
	sysnet_run_dhcpc(sysadm_t, sysadm_r)
')

optional_policy(`
	systemd_passwd_agent_run(sysadm_t, sysadm_r)
	systemd_config_all_services(sysadm_t)
	systemd_manage_all_unit_files(sysadm_t)
	systemd_manage_all_unit_lnk_files(sysadm_t)
')

optional_policy(`
	tripwire_run_siggen(sysadm_t, sysadm_r)
	tripwire_run_tripwire(sysadm_t, sysadm_r)
	tripwire_run_twadmin(sysadm_t, sysadm_r)
	tripwire_run_twprint(sysadm_t, sysadm_r)
')

optional_policy(`
	tzdata_domtrans(sysadm_t)
')

optional_policy(`
	unconfined_domtrans(sysadm_t)
')

optional_policy(`
	udev_run(sysadm_t, sysadm_r)
')

optional_policy(`
	unprivuser_role_change(sysadm_r)
')

optional_policy(`
	usbmodules_run(sysadm_t, sysadm_r)
')

optional_policy(`
	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
	usermanage_run_groupadd(sysadm_t, sysadm_r)
	usermanage_run_useradd(sysadm_t, sysadm_r)
')

optional_policy(`
	virt_stream_connect(sysadm_t)
	virt_filetrans_home_content(sysadm_t)
')

optional_policy(`
	vlock_run(sysadm_t, sysadm_r)
')

optional_policy(`
	vpn_run(sysadm_t, sysadm_r)
')

optional_policy(`
	webalizer_run(sysadm_t, sysadm_r)
')

optional_policy(`
	xserver_role(sysadm_r, sysadm_t)
')

optional_policy(`
	zebra_stream_connect(sysadm_t)
')

ifndef(`distro_redhat',`
	optional_policy(`
		apache_role(sysadm_r, sysadm_t)
	')
	optional_policy(`
		auth_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		bluetooth_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		cdrecord_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		dbus_role_template(sysadm, sysadm_r, sysadm_t)
	')

	optional_policy(`
		gpg_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		java_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		lockdev_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		mock_admin(sysadm_t)
	')

	optional_policy(`
		mplayer_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		pyzor_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		razor_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		rssh_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		spamassassin_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		uml_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		userhelper_role_template(sysadm, sysadm_r, sysadm_t)
	')

	optional_policy(`
		vmware_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		wireshark_role(sysadm_r, sysadm_t)
	')

	optional_policy(`
		xserver_role(sysadm_r, sysadm_t)
	')
')
Commit	Line	Data
d5048bc7	1	policy_module(sysadm, 2.2.1)
e9c6cda7 CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
e9c6cda7 CP	8	role sysadm_r;
	9
	10	userdom_admin_user_template(sysadm)
	11
	12	ifndef(`enable_mls',`
296273a7	13	userdom_security_admin_template(sysadm_t, sysadm_r)
e9c6cda7 CP	14	')
	15
	16	########################################
	17	#
	18	# Local policy
	19	#
2968e068	20	kernel_read_fs_sysctls(sysadm_t)
e9c6cda7 CP	21
	22	corecmd_exec_shell(sysadm_t)
	23
3eaa9939 DW	24	domain_dontaudit_read_all_domains_state(sysadm_t)
3eaa9939 DW	25
2968e068 DW	26	files_read_kernel_modules(sysadm_t)
2968e068 DW	27
65f784aa DW	28	dev_filetrans_all_named_dev(sysadm_t)
	29	storage_filetrans_all_named_dev(sysadm_t)
	30	term_filetrans_all_named_dev(sysadm_t)
72eaebd0	31
e9c6cda7	32	mls_process_read_up(sysadm_t)
3eaa9939 DW	33	mls_file_read_to_clearance(sysadm_t)
3eaa9939 DW	34	mls_process_write_to_clearance(sysadm_t)
e9c6cda7	35
77b776ea DW	36	storage_setattr_fixed_disk_dev(sysadm_t)
77b776ea DW	37
296273a7 CP	38	ubac_process_exempt(sysadm_t)
	39	ubac_file_exempt(sysadm_t)
	40	ubac_fd_exempt(sysadm_t)
	41
3eaa9939 DW	42	application_exec(sysadm_t)
3eaa9939 DW	43
e9c6cda7	44	init_exec(sysadm_t)
3eaa9939 DW	45	init_exec_script_files(sysadm_t)
3eaa9939 DW	46	init_dbus_chat(sysadm_t)
2968e068 DW	47	init_script_role_transition(sysadm_r)
2968e068 DW	48
91a6f708	49	miscfiles_filetrans_named_content(sysadm_t)
2968e068	50	miscfiles_read_hwdata(sysadm_t)
e9c6cda7	51
9c7e72de	52	sysnet_filetrans_named_content(sysadm_t)
72eaebd0	53
296273a7 CP	54	# Add/remove user home directories
	55	userdom_manage_user_home_dirs(sysadm_t)
	56	userdom_home_filetrans_user_home_dir(sysadm_t)
2010eb96	57	userdom_manage_tmp_role(sysadm_r, sysadm_t)
e9c6cda7	58
76d53813	59	optional_policy(`
5b3ec473	60	alsa_filetrans_named_content(sysadm_t)
76d53813 DW	61	')
76d53813 DW	62
72eaebd0	63	optional_policy(`
a11cc065	64	ssh_filetrans_admin_home_content(sysadm_t)
72eaebd0 DW	65	')
72eaebd0 DW	66
e9c6cda7 CP	67	ifdef(`direct_sysadm_daemon',`
e9c6cda7 CP	68	optional_policy(`
296273a7	69	init_run_daemon(sysadm_t, sysadm_r)
e9c6cda7 CP	70	')
	71	',`
	72	ifdef(`distro_gentoo',`
	73	optional_policy(`
296273a7	74	seutil_init_script_run_runinit(sysadm_t, sysadm_r)
e9c6cda7 CP	75	')
	76	')
	77	')
	78
	79	ifndef(`enable_mls',`
	80	logging_manage_audit_log(sysadm_t)
	81	logging_manage_audit_config(sysadm_t)
296273a7	82	logging_run_auditctl(sysadm_t, sysadm_r)
3eaa9939	83	logging_stream_connect_syslog(sysadm_t)
e9c6cda7 CP	84	')
e9c6cda7 CP	85
995bdbb1	86	tunable_policy(`deny_ptrace',`',`
e9c6cda7 CP	87	domain_ptrace_all_domains(sysadm_t)
	88	')
	89
	90	optional_policy(`
296273a7	91	amanda_run_recover(sysadm_t, sysadm_r)
e9c6cda7 CP	92	')
	93
	94	optional_policy(`
296273a7	95	apache_run_helper(sysadm_t, sysadm_r)
3ad2a285	96	apache_filetrans_home_content(sysadm_t)
e9c6cda7 CP	97	#apache_run_all_scripts(sysadm_t, sysadm_r)
	98	#apache_domtrans_sys_script(sysadm_t)
	99	')
	100
	101	optional_policy(`
	102	# cjp: why is this not apm_run_client
	103	apm_domtrans_client(sysadm_t)
	104	')
	105
296273a7 CP	106	optional_policy(`
	107	auditadm_role_change(sysadm_r)
	108	')
	109
e9c6cda7	110	optional_policy(`
296273a7	111	bind_run_ndc(sysadm_t, sysadm_r)
e9c6cda7 CP	112	')
e9c6cda7 CP	113
e9c6cda7	114	optional_policy(`
296273a7	115	bootloader_run(sysadm_t, sysadm_r)
e9c6cda7 CP	116	')
e9c6cda7 CP	117
3eaa9939 DW	118	optional_policy(`
	119	certmonger_dbus_chat(sysadm_t)
	120	')
	121
e9c6cda7	122	optional_policy(`
296273a7	123	certwatch_run(sysadm_t, sysadm_r)
e9c6cda7 CP	124	')
	125
	126	optional_policy(`
296273a7	127	clock_run(sysadm_t, sysadm_r)
e9c6cda7 CP	128	')
	129
	130	optional_policy(`
296273a7	131	clockspeed_run_cli(sysadm_t, sysadm_r)
e9c6cda7 CP	132	')
e9c6cda7 CP	133
0351e043 DW	134	optional_policy(`
0351e043 DW	135	cron_admin_role(sysadm_r, sysadm_t)
a9b17c21	136	#cron_role(sysadm_r, sysadm_t)
0351e043 DW	137	')
0351e043 DW	138
e9c6cda7	139	optional_policy(`
e200bcc0	140	consoletype_exec(sysadm_t)
e9c6cda7 CP	141	')
e9c6cda7 CP	142
3eaa9939 DW	143	optional_policy(`
3eaa9939 DW	144	daemonstools_run_start(sysadm_t, sysadm_r)
e9c6cda7 CP	145	')
e9c6cda7 CP	146
4ec3fa73 DW	147	optional_policy(`
	148	dbus_role_template(sysadm, sysadm_r, sysadm_t)
	149	')
	150
e9c6cda7	151	optional_policy(`
296273a7 CP	152	dcc_run_cdcc(sysadm_t, sysadm_r)
	153	dcc_run_client(sysadm_t, sysadm_r)
	154	dcc_run_dbclean(sysadm_t, sysadm_r)
	155	')
	156
4ad28653	157	optional_policy(`
4ec3fa73	158	ddcprobe_run(sysadm_t, sysadm_r)
4ad28653 DW	159	')
4ad28653 DW	160
296273a7	161	optional_policy(`
d6091320	162	devicekit_filetrans_named_content(sysadm_t)
e9c6cda7 CP	163	')
	164
	165	optional_policy(`
	166	dmesg_exec(sysadm_t)
	167	')
	168
	169	optional_policy(`
296273a7 CP	170	dmidecode_run(sysadm_t, sysadm_r)
	171	')
	172
	173	optional_policy(`
	174	dpkg_run(sysadm_t, sysadm_r)
e9c6cda7 CP	175	')
e9c6cda7 CP	176
e9c6cda7	177	optional_policy(`
296273a7	178	firstboot_run(sysadm_t, sysadm_r)
e9c6cda7 CP	179	')
	180
	181	optional_policy(`
296273a7	182	fstools_run(sysadm_t, sysadm_r)
e9c6cda7 CP	183	')
e9c6cda7 CP	184
296273a7 CP	185	optional_policy(`
296273a7 CP	186	hostname_run(sysadm_t, sysadm_r)
e9c6cda7 CP	187	')
e9c6cda7 CP	188
bc71a042	189	optional_policy(`
641ac054	190	hadoop_role(sysadm_r, sysadm_t)
bc71a042 PN	191	')
bc71a042 PN	192
e9c6cda7 CP	193	optional_policy(`
	194	# allow system administrator to use the ipsec script to look
	195	# at things (e.g., ipsec auto --status)
	196	# probably should create an ipsec_admin role for this kind of thing
	197	ipsec_exec_mgmt(sysadm_t)
	198	ipsec_stream_connect(sysadm_t)
	199	# for lsof
	200	ipsec_getattr_key_sockets(sysadm_t)
3eaa9939 DW	201	ipsec_run_setkey(sysadm_t, sysadm_r)
	202	ipsec_run_racoon(sysadm_t, sysadm_r)
	203	ipsec_stream_connect_racoon(sysadm_t)
	204
	205	optional_policy(`
	206	ipsec_mgmt_dbus_chat(sysadm_t)
	207	')
e9c6cda7 CP	208	')
	209
	210	optional_policy(`
296273a7 CP	211	iptables_run(sysadm_t, sysadm_r)
	212	')
	213
f8f030aa DG	214	optional_policy(`
	215	irc_role(sysadm_r, sysadm_t)
	216	')
	217
3eaa9939 DW	218	optional_policy(`
3eaa9939 DW	219	kerberos_exec_kadmind(sysadm_t)
d141ac47	220	kerberos_filetrans_named_content(sysadm_t)
3eaa9939 DW	221	')
3eaa9939 DW	222
e9c6cda7	223	optional_policy(`
296273a7	224	libs_run_ldconfig(sysadm_t, sysadm_r)
e9c6cda7 CP	225	')
e9c6cda7 CP	226
e9c6cda7	227	optional_policy(`
296273a7	228	logrotate_run(sysadm_t, sysadm_r)
e9c6cda7 CP	229	')
	230
	231	optional_policy(`
296273a7 CP	232	lpd_run_checkpc(sysadm_t, sysadm_r)
296273a7 CP	233	lpd_role(sysadm_r, sysadm_t)
e9c6cda7 CP	234	')
	235
	236	optional_policy(`
296273a7	237	lvm_run(sysadm_t, sysadm_r)
e9c6cda7 CP	238	')
	239
	240	optional_policy(`
296273a7 CP	241	modutils_run_depmod(sysadm_t, sysadm_r)
	242	modutils_run_insmod(sysadm_t, sysadm_r)
	243	modutils_run_update_mods(sysadm_t, sysadm_r)
2371d8d8	244	modutils_read_module_deps(sysadm_t)
c66c51f7	245	modules_filetrans_named_content(sysadm_t)
e9c6cda7 CP	246	')
	247
	248	optional_policy(`
296273a7	249	mount_run(sysadm_t, sysadm_r)
3eaa9939	250	mount_run_showmount(sysadm_t, sysadm_r)
296273a7 CP	251	')
296273a7 CP	252
296273a7 CP	253	optional_policy(`
296273a7 CP	254	mta_role(sysadm_r, sysadm_t)
7c702088 MG	255	# this is defined in userdom_common_user_template
7c702088 MG	256	#mta_filetrans_home_content(sysadm_t)
780198a1	257	mta_filetrans_admin_home_content(sysadm_t)
e9c6cda7 CP	258	')
	259
	260	optional_policy(`
	261	munin_stream_connect(sysadm_t)
	262	')
	263
	264	optional_policy(`
	265	mysql_stream_connect(sysadm_t)
	266	')
	267
3eaa9939 DW	268	optional_policy(`
	269	ncftool_run(sysadm_t, sysadm_r)
	270	')
	271
e9c6cda7	272	optional_policy(`
296273a7 CP	273	netutils_run(sysadm_t, sysadm_r)
	274	netutils_run_ping(sysadm_t, sysadm_r)
	275	netutils_run_traceroute(sysadm_t, sysadm_r)
e9c6cda7 CP	276	')
e9c6cda7 CP	277
0ddcd8f6 DW	278	optional_policy(`
	279	networkmanager_filetrans_named_content(sysadm_t)
	280	')
	281
e9c6cda7 CP	282	optional_policy(`
	283	ntp_stub()
	284	corenet_udp_bind_ntp_port(sysadm_t)
	285	')
	286
e4b8dbb3	287	optional_policy(`
7e67b9c9	288	nx_filetrans_named_content(sysadm_t)
e4b8dbb3 DW	289	')
e4b8dbb3 DW	290
e9c6cda7	291	optional_policy(`
296273a7 CP	292	oav_run_update(sysadm_t, sysadm_r)
	293	')
	294
87f49770 MG	295	optional_policy(`
	296	openvpn_run(sysadm_t, sysadm_r)
	297	')
	298
296273a7 CP	299	optional_policy(`
296273a7 CP	300	pcmcia_run_cardctl(sysadm_t, sysadm_r)
e9c6cda7 CP	301	')
e9c6cda7 CP	302
f1b7d092 DG	303	optional_policy(`
	304	polipo_role(sysadm_r, sysadm_t)
	305	polipo_named_filetrans_admin_cache_home_dirs(sysadm_t)
	306	polipo_named_filetrans_admin_config_home_files(sysadm_t)
	307	')
	308
e9c6cda7	309	optional_policy(`
296273a7 CP	310	portage_run(sysadm_t, sysadm_r)
296273a7 CP	311	portage_run_gcc_config(sysadm_t, sysadm_r)
e9c6cda7 CP	312	')
	313
	314	optional_policy(`
296273a7	315	portmap_run_helper(sysadm_t, sysadm_r)
e9c6cda7 CP	316	')
e9c6cda7 CP	317
7dd47a9a DW	318	optional_policy(`
	319	postfix_filetrans_named_content(sysadm_t)
	320	')
	321
3eaa9939 DW	322	optional_policy(`
	323	prelink_run(sysadm_t, sysadm_r)
	324	')
	325
51b8b4c0 DW	326	optional_policy(`
	327	puppet_run_puppetca(sysadm_t, sysadm_r)
	328	')
	329
e9c6cda7	330	optional_policy(`
296273a7	331	quota_run(sysadm_t, sysadm_r)
e9c6cda7 CP	332	')
	333
	334	optional_policy(`
	335	raid_domtrans_mdadm(sysadm_t)
	336	')
	337
	338	optional_policy(`
	339	rpc_domtrans_nfsd(sysadm_t)
	340	')
	341
	342	optional_policy(`
296273a7	343	rpm_run(sysadm_t, sysadm_r)
4e889ea1	344	rpm_dbus_chat(sysadm_t, sysadm_r)
296273a7 CP	345	')
296273a7 CP	346
e9c6cda7 CP	347	optional_policy(`
	348	rsync_exec(sysadm_t)
	349	')
	350
	351	optional_policy(`
296273a7 CP	352	samba_run_net(sysadm_t, sysadm_r)
296273a7 CP	353	samba_run_winbind_helper(sysadm_t, sysadm_r)
e9c6cda7 CP	354	')
e9c6cda7 CP	355
b2f8897d HC	356	optional_policy(`
	357	samhain_admin(sysadm_t)
	358	')
	359
e9c6cda7	360	optional_policy(`
296273a7	361	screen_role_template(sysadm, sysadm_r, sysadm_t)
e9c6cda7 CP	362	')
	363
	364	optional_policy(`
296273a7	365	secadm_role_change(sysadm_r)
e9c6cda7 CP	366	')
e9c6cda7 CP	367
7c525b65 DW	368	optional_policy(`
	369	setroubleshoot_stream_connect(sysadm_t)
	370	setroubleshoot_dbus_chat(sysadm_t)
	371	setroubleshoot_dbus_chat_fixit(sysadm_t)
	372	')
	373
e9c6cda7	374	optional_policy(`
296273a7 CP	375	seutil_run_setfiles(sysadm_t, sysadm_r)
296273a7 CP	376	seutil_run_runinit(sysadm_t, sysadm_r)
e9c6cda7 CP	377	')
e9c6cda7 CP	378
3eaa9939 DW	379	optional_policy(`
	380	shutdown_run(sysadm_t, sysadm_r)
	381	')
	382
e9c6cda7	383	optional_policy(`
296273a7 CP	384	ssh_role_template(sysadm, sysadm_r, sysadm_t)
	385	')
	386
	387	optional_policy(`
	388	staff_role_change(sysadm_r)
	389	')
	390
	391	optional_policy(`
	392	su_role_template(sysadm, sysadm_r, sysadm_t)
	393	')
	394
	395	optional_policy(`
	396	sudo_role_template(sysadm, sysadm_r, sysadm_t)
	397	')
	398
	399	optional_policy(`
	400	sysnet_run_ifconfig(sysadm_t, sysadm_r)
	401	sysnet_run_dhcpc(sysadm_t, sysadm_r)
	402	')
	403
d7441a41 DW	404	optional_policy(`
d7441a41 DW	405	systemd_passwd_agent_run(sysadm_t, sysadm_r)
faaa4a27 DW	406	systemd_config_all_services(sysadm_t)
	407	systemd_manage_all_unit_files(sysadm_t)
	408	systemd_manage_all_unit_lnk_files(sysadm_t)
d7441a41 DW	409	')
d7441a41 DW	410
296273a7 CP	411	optional_policy(`
	412	tripwire_run_siggen(sysadm_t, sysadm_r)
	413	tripwire_run_tripwire(sysadm_t, sysadm_r)
	414	tripwire_run_twadmin(sysadm_t, sysadm_r)
	415	tripwire_run_twprint(sysadm_t, sysadm_r)
	416	')
	417
e9c6cda7 CP	418	optional_policy(`
	419	tzdata_domtrans(sysadm_t)
	420	')
	421
	422	optional_policy(`
b34db7a8	423	unconfined_domtrans(sysadm_t)
e9c6cda7 CP	424	')
e9c6cda7 CP	425
9427adb7 MG	426	optional_policy(`
	427	udev_run(sysadm_t, sysadm_r)
	428	')
	429
e9c6cda7	430	optional_policy(`
296273a7 CP	431	unprivuser_role_change(sysadm_r)
	432	')
	433
	434	optional_policy(`
	435	usbmodules_run(sysadm_t, sysadm_r)
	436	')
e9c6cda7	437
296273a7 CP	438	optional_policy(`
	439	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
	440	usermanage_run_groupadd(sysadm_t, sysadm_r)
	441	usermanage_run_useradd(sysadm_t, sysadm_r)
	442	')
	443
3eaa9939	444	optional_policy(`
7c525b65 DW	445	virt_stream_connect(sysadm_t)
7c525b65 DW	446	virt_filetrans_home_content(sysadm_t)
e9c6cda7 CP	447	')
	448
	449	optional_policy(`
7c525b65	450	vlock_run(sysadm_t, sysadm_r)
e9c6cda7 CP	451	')
e9c6cda7 CP	452
3eaa9939	453	optional_policy(`
7c525b65	454	vpn_run(sysadm_t, sysadm_r)
3eaa9939 DW	455	')
3eaa9939 DW	456
d35e2ee0	457	optional_policy(`
7c525b65	458	webalizer_run(sysadm_t, sysadm_r)
d35e2ee0 HC	459	')
d35e2ee0 HC	460
e9c6cda7	461	optional_policy(`
296273a7	462	xserver_role(sysadm_r, sysadm_t)
e9c6cda7 CP	463	')
e9c6cda7 CP	464
3eaa9939 DW	465	optional_policy(`
3eaa9939 DW	466	zebra_stream_connect(sysadm_t)
c87e1502 JS	467	')
c87e1502 JS	468
2968e068 DW	469	ifndef(`distro_redhat',`
	470	optional_policy(`
	471	apache_role(sysadm_r, sysadm_t)
	472	')
	473	optional_policy(`
	474	auth_role(sysadm_r, sysadm_t)
	475	')
3eaa9939	476
2968e068 DW	477	optional_policy(`
	478	bluetooth_role(sysadm_r, sysadm_t)
	479	')
	480
	481	optional_policy(`
	482	cdrecord_role(sysadm_r, sysadm_t)
	483	')
	484
2968e068 DW	485	optional_policy(`
	486	dbus_role_template(sysadm, sysadm_r, sysadm_t)
	487	')
	488
2968e068 DW	489	optional_policy(`
	490	gpg_role(sysadm_r, sysadm_t)
	491	')
	492
2968e068 DW	493	optional_policy(`
	494	java_role(sysadm_r, sysadm_t)
	495	')
	496
	497	optional_policy(`
	498	lockdev_role(sysadm_r, sysadm_t)
	499	')
	500
dd323694 DW	501	optional_policy(`
	502	mock_admin(sysadm_t)
	503	')
	504
2968e068 DW	505	optional_policy(`
	506	mplayer_role(sysadm_r, sysadm_t)
	507	')
	508
	509	optional_policy(`
	510	pyzor_role(sysadm_r, sysadm_t)
	511	')
	512
	513	optional_policy(`
	514	razor_role(sysadm_r, sysadm_t)
	515	')
	516
	517	optional_policy(`
	518	rssh_role(sysadm_r, sysadm_t)
	519	')
	520
	521	optional_policy(`
	522	spamassassin_role(sysadm_r, sysadm_t)
	523	')
	524
2968e068 DW	525	optional_policy(`
	526	uml_role(sysadm_r, sysadm_t)
	527	')
	528
	529	optional_policy(`
	530	userhelper_role_template(sysadm, sysadm_r, sysadm_t)
	531	')
	532
	533	optional_policy(`
	534	vmware_role(sysadm_r, sysadm_t)
	535	')
	536
	537	optional_policy(`
	538	wireshark_role(sysadm_r, sysadm_t)
	539	')
	540
	541	optional_policy(`
	542	xserver_role(sysadm_r, sysadm_t)
	543	')
	544	')