typechange rules expect three types: sourcetype loginterminaltype targettype 1. you can use typeattributes for loginterminaltype fine 2. if you try to use typeattributes for targettype then cil wil refuse to build it with a helpful message along the lines of: targettype cannot be typeattribute 3. if you try to use typeattributes for sourcetype then cil wil not refuse to build it but it will result in the rule not being added scenario 3 is obviously less than optimal. although it would have been nice if you could use typeattributes for not just loginterminaltype, it should probably atleast fail to build with a helpful message such as in scenario 2 when you try to use a type attribute for source type. -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift
