The scenario: (in user (macro obj_type_transition_mytmp1 ((type ARG1)(class ARG2)) (call .file.tmp_obj_type_transition (ARG1 tmp ARG2 "thisworks"))) (macro obj_type_transition_mytmp2 ((type ARG1)(class ARG2)(name ARG3)) (call .file.tmp_obj_type_transition (ARG1 tmp ARG2 ARG3)))) (call .user.obj_type_transition_mytmp1 (user.subj chr_file)) (call .user.obj_type_transition_mytmp2 (user.subj chr_file "thisdoesntwork")) The outcome: [root@myguest ~]# sesearch -T -s user.subj -c chr_file,blk_file | grep tmp type_transition user.subj file.tmp:chr_file user.tmp ARG3; type_transition user.subj file.tmp:chr_file user.tmp thisworks; [root@myguest ~]# uname -a Linux myguest 5.5.5-200.fc31.x86_64 #1 SMP Wed Feb 19 23:28:07 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@myguest ~]# rpm -qa libsepol libsepol-3.0-3.fc32.x86_64 [root@myguest ~]# rpm -qa libselinux libselinux-3.0-3.fc32.x86_64 -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
