Russell Coker <russell@xxxxxxxxxxxx> writes: > On Thursday, 21 January 2021 12:28:49 AM AEDT Dominick Grift wrote: >> > optional_policy(` >> > + init_dbus_chat(sysadm_t) >> >> Can you explain why you added this? > > Apart from the obvious that some program wanted it, no. I'll remove that bit > and add it again with a note if it's necessary. Did you like the rest of that > patch? Yes and thats my beef with this. "some program wanted it". sysadm_t is a shell domain. Any programs that need this should, in my view, ideally be targeted. If you dont want that then use unconfined_t instead and be done. I dont want sysadm_t to become a "drunken unconfined_t". -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift
