It doesn't seem to be useful and is unlikely to work without extra rules anyway. Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> --- policy/test_global.te | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/policy/test_global.te b/policy/test_global.te index dae20d6..800e55f 100644 --- a/policy/test_global.te +++ b/policy/test_global.te @@ -9,13 +9,11 @@ policy_module(test_policy,1.0.0) attribute testdomain; gen_require(` - role system_r; role sysadm_r; ') -# Authorize sysadm_r and system_r for the test domains. +# Authorize sysadm_r for the test domains. role sysadm_r types testdomain; -role system_r types testdomain; # Allow the test domains to access the sysadm terminal. # This allows read and write sysadm ttys and ptys. -- 2.37.1
