https://bugzilla.redhat.com/show_bug.cgi?id=1550595 --- Comment #9 from Javier Martinez Canillas <fmartine@xxxxxxxxxx> --- (In reply to dac.override from comment #4) > tpm2-abrmd-1.2.0/selinux/tabrmd.te: > > allow tabrmd_t self:unix_dgram_socket { create_socket_perms }; > > redundant: provided by logging_send_syslog_msg(tabrmd_t) > > https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/ > system/logging.te#L691 > > Questionable (can you reproduce this?): > > # This next bit doesn't belong here. It should be exposed through an > # interface likely from the dbus policy module. > gen_require(` > type system_dbusd_t; > ') > allow system_dbusd_t tabrmd_t:unix_stream_socket { read write }; > > If you can reproduce this then it should be inside the below optional block > (no need to require type system_dbusd_t: > > optional_policy(` > dbus_system_domain(tabrmd_t, tabrmd_exec_t) > ') > Can you please take a look to the latest version of the policy module? Lukas already fixed tpm2-abrmd upstream: https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te > Your tabrmd.if file is useless (its like a library providing interfaces > required to interact with your domain). Do you mean that it can just be removed? Sorry for the silly question but I'm not that familiar with SELinux. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
