On 8/4/2022 7:54 AM, Ondrej Mosnacek wrote:
On Wed, Aug 3, 2022 at 10:53 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
On Tue, Aug 2, 2022 at 3:55 PM Daniel Burgener
<dburgener@xxxxxxxxxxxxxxxxxxx> wrote:
On 7/29/2022 8:02 AM, Ondrej Mosnacek wrote:
This is good to have for pretty much all domains, so remove the
individual calls and move it to test_general.te.
For whatever reason, test_sysnice.te uses
domain_transition_pattern(sysadm_t, test_file_t, setnicedomain)
instead of userdom_sysadm_entry_spec_domtrans_to(). I think the access
added in the global attribute here covers that and the
domain_transition_pattern() there can be deleted as well.
Between that and the change to test_setnice.te in Patch 9, this comment
above those two lines seems obsolete and can probably be deleted:
# Allow all of these domains to be entered from sysadm domain
# via a shell script in the test directory or by....]
Oh, true... I did carefully search and remove all individual
references to unconfined* but not sysadm*. I'll try to clean those up,
too.
OK, I pushed a new version (see the GitHub PR) with sysadm* references
removed + corecmd_* rules also moved to general policy + some groups
of superfluous macro calls removed as well. There are probably still
some small cleanup opportunities left, but this is where I'm going to
stop for now.
Awesome. I'll aim to take a look through the updated github PR today or
tomorrow and hopefully add my +1.
-Daniel
