[Bug 1550595] Review Request: tpm2-abrmd-selinux - SELinux policies for tpm2-abrmd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1550595



--- Comment #26 from Javier Martinez Canillas <fmartine@xxxxxxxxxx> ---
(In reply to dac.override from comment #25)
> Basically the way I see it is that this modularization effort requires that
> the headers are alway's installed if policy is installed. That then means
> that the various policy-devel packages need to alway's be installed.

Right, and then selinux-policy would need a BuildRequires dependency with
tpm2-abrmd-selinux-devel (and all the -devel packages exporting interfaces).
But then it won't be an independent SELinux policy module anymore as explained
in the IndependentPolicy guideline...

So I think that we have these options:

a) Due as you propose and make selinux-policy-contrib to BuildRequires
tpm2-abrmd-selinux-devel

b) Not having a tpm2-abrmd-selinux package and instead add the tpm2-abrmd AV
rules to selinux-policy-contrib.

c) Just have "allow system_dbusd_t tabrmd_t:unix_stream_socket { read write }"
in optional_policy as you first suggested.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux