I was working through collapsing the user home and temp directories when I hit the polyinstantiation bits. It looks like a role_member statement may need to be added. However, polyinstantiation is still a little fuzzy to me, so I'm not sure. Thoughts? If so, that makes the list of code changes for rbacsep: * role attributes * role_transition on objects * objects correctly inherit role * role_change (similar to type_change) * role_member (similar to type_member) * genhomedircon updated for role not specifically required but may be more useful in the future now that we're using roles more: * working role dominance -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
