I was going through and doing refactoring on the rbacsep with the goal of making the branch compilable again after doing all the derived type collapsing. I ran into a problem with type transition conflicts. There are several domains which have a type transition back to the caller domain, such as su, sudo, (session) dbus, ssh-agent. But now that the derived types are collapsed, we get conflicts such as: type_transition sudo_t shell_exec_t:process auditadm_t; type_transition sudo_t shell_exec_t:process secadm_t; type_transition sudo_t shell_exec_t:process staff_t; type_transition sudo_t shell_exec_t:process sysadm_t; type_transition sudo_t shell_exec_t:process user_t; It would seem that there are two solutions for this: 1. keep derived types for these affected domains 2. make these applications SELinux aware We can't collapse user domains because of their vast differences. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
