Remove all init programs calls to sysadm_dontaudit_list_home_dirs and put that call in the init_system_domain and init_daemon_domain That way we can think about making role/sysadm a module. Of course I believe the /root should have a special context of admin_home_t and not be affected by whether or not you have sysadm policy defined. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
