Blame policy/modules/roles/logadm.te
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
policy_module(logadm, 1.0.0)
|
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
########################################
|
|
Chris PeBenito |
3c9b2e |
#
|
|
Chris PeBenito |
3c9b2e |
# Declarations
|
|
Chris PeBenito |
3c9b2e |
#
|
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
role logadm_r;
|
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
userdom_base_user_template(logadm)
|
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
########################################
|
|
Chris PeBenito |
3c9b2e |
#
|
|
Chris PeBenito |
3c9b2e |
# logadmin local policy
|
|
Chris PeBenito |
3c9b2e |
#
|
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
|
|
Chris PeBenito |
3c9b2e |
|
|
Chris PeBenito |
3c9b2e |
logging_admin(logadm_t, logadm_r)
|