[redhat-lspp] [Fwd: staff transitions]

Daniel J Walsh dwalsh at redhat.com
Thu Dec 7 14:19:13 UTC 2006 

A question last week came up about targeted policy versus strict.  This 
is a list of confined applications that a staff user would transition to 
when they are run, with current MLS policy.



-------- Original Message --------
Subject: 	staff transitions
Date: 	Thu, 7 Dec 2006 04:36:15 -0500
From: 	root <root at xxy.boston.devel.redhat.com>
To: 	dwalsh at redhat.com



   allow staff_t staff_crontab_t : process { transition sigchld signal getattr }; 
   allow staff_t loadkeys_t : process transition ; 
   allow staff_t pam_t : process transition ; 
   allow staff_t staff_dbusd_t : process { transition sigkill signal }; 
   allow staff_t staff_spamassassin_t : process transition ; 
   allow staff_t staff_gpg_t : process { transition signal getattr }; 
   allow staff_t utempter_t : process transition ; 
   allow staff_t staff_javaplugin_t : process { transition noatsecure siginh rlimitinh }; 
   allow staff_su_t staff_t : process { transition sigchld }; 
   allow staff_t newrole_t : process transition ; 
   allow staff_t staff_sudo_t : process { transition sigchld }; 
   allow staff_t passwd_t : process transition ; 
   allow staff_t chfn_t : process transition ; 
   allow staff_t staff_t : process { fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate }; 
   allow staff_t staff_spamc_t : process transition ; 
   allow staff_t staff_gpg_agent_t : process { transition sigkill signal getattr }; 
   allow staff_t staff_lpr_t : process { transition signull }; 
   allow staff_t staff_ssh_t : process { transition getattr }; 
   allow staff_t staff_ssh_agent_t : process { transition sigchld signal getattr }; 
   allow staff_t staff_chkpwd_t : process transition ; 
   allow staff_t staff_su_t : process { transition sigchld signal }; 
   allow staff_t staff_mail_t : process transition ; 
   allow staff_crontab_t staff_t : process { transition sigchld }; 
   allow staff_dbusd_t staff_t : process { transition sigchld }; 
   allow staff_sudo_t staff_t : process { transition sigchld }; 
   allow staff_ssh_agent_t staff_t : process { transition sigchld signull }; 
   allow staff_t ping_t : process transition ; 
   allow staff_t httpd_staff_script_t : process transition ; 
   allow staff_t httpd_staff_script_t : process transition ; 
   allow staff_t traceroute_t : process transition ; 
   allow staff_t pppd_t : process transition ; 
   allow staff_ssh_agent_t staff_t : process transition ; 
   allow staff_ssh_agent_t staff_t : process transition ;

More information about the redhat-lspp mailing list