https://bugzilla.redhat.com/show_bug.cgi?id=1550595 --- Comment #15 from dac.override@xxxxxxxxx --- it should be clarified because it is questionable. If a "system_dbusd_domain" would need this permission then the permission would have been enclosed with "system_dbusd_domain()" Looking at https://github.com/tpm2-software/tpm2-abrmd/commit/51a3c55d772b it seems that this file descriptor gets passed to dbusd So at least now that part is explained. ideally the dbusd.if header would have exported an "dbus_rw_inherited_system_unix_stream_sockets()" interface for you to call, but there is not so just change line: https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te#L20 to look like: allow system_dbusd_t tabrmd_t:unix_stream_socket { read write}; Optionally add a comment: # TODO: add to dbus.if: dbus_rw_inherited_system_unix_stream_sockets() and call that instead -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
