Christopher J. PeBenito wrote:
Interfaces should not have side effects. If you have a create interface and it does something else like filetrans, filetrans is a side effect. The tunable should be: tunable_policy( unprivuser_create_home_dirs() unprivuser_home_filetrans_home_dir() )
Ok, I think I get it now. Sorry for being kinda dense :) So, what I should have dome is something like this: tunable_policy ( unprivuser_home_filetrans_home_dir() unprivuser_create_home_dir() unprivuser_add_entry_home_dir() ) with two new interfaces: unprivuser_create_home_dir ( allow user_home_dir_t:dir create_dir_perms ) unprivuser_add_entry_home_dir ( allow user_home_dir_t:dir add_entry_dir_perms ) -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
