https://bugzilla.redhat.com/show_bug.cgi?id=1550595 --- Comment #26 from Javier Martinez Canillas <fmartine@xxxxxxxxxx> --- (In reply to dac.override from comment #25) > Basically the way I see it is that this modularization effort requires that > the headers are alway's installed if policy is installed. That then means > that the various policy-devel packages need to alway's be installed. Right, and then selinux-policy would need a BuildRequires dependency with tpm2-abrmd-selinux-devel (and all the -devel packages exporting interfaces). But then it won't be an independent SELinux policy module anymore as explained in the IndependentPolicy guideline... So I think that we have these options: a) Due as you propose and make selinux-policy-contrib to BuildRequires tpm2-abrmd-selinux-devel b) Not having a tpm2-abrmd-selinux package and instead add the tpm2-abrmd AV rules to selinux-policy-contrib. c) Just have "allow system_dbusd_t tabrmd_t:unix_stream_socket { read write }" in optional_policy as you first suggested. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx