On Tue, Aug 2, 2022 at 3:55 PM Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx> wrote: > On 7/29/2022 8:02 AM, Ondrej Mosnacek wrote: > > This is good to have for pretty much all domains, so remove the > > individual calls and move it to test_general.te. > > > > For whatever reason, test_sysnice.te uses > > domain_transition_pattern(sysadm_t, test_file_t, setnicedomain) > > instead of userdom_sysadm_entry_spec_domtrans_to(). I think the access > added in the global attribute here covers that and the > domain_transition_pattern() there can be deleted as well. > > Between that and the change to test_setnice.te in Patch 9, this comment > above those two lines seems obsolete and can probably be deleted: > > # Allow all of these domains to be entered from sysadm domain > # via a shell script in the test directory or by....] Oh, true... I did carefully search and remove all individual references to unconfined* but not sysadm*. I'll try to clean those up, too. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
