Hello, After some debugging on Debian to figure out why D-Bus why denying messages between my user session and policykit with SELinux in permissive mode, eparis pointed me that Fedora has a patch for this in the avc_has_perm() function. The patch[0] itself seems pretty trivial and I was wondering if it (or something similar) could be merged in the upstream codebase. But, if I'm not wrong, this patch makes avc_has_perm() and avc_has_perm_noaudit() have different behavior when the machine is running in permissive mode, shouldn't this be tested in the avc_has_perm_noaudit() function instead? my 2¢, Laurent Bigonville [0] http://pkgs.fedoraproject.org/cgit/libselinux.git/tree/libselinux-rhat.patch#n704 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
