https://bugzilla.redhat.com/show_bug.cgi?id=1550595
--- Comment #9 from Javier Martinez Canillas <fmart...@redhat.com> ---
(In reply to dac.override from comment #4)
> tpm2-abrmd-1.2.0/selinux/tabrmd.te:
>
> allow tabrmd_t self:unix_dgram_socket { create_socket_perms };
>
> redundant: provided by logging_send_syslog_msg(tabrmd_t)
>
> https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/
> system/logging.te#L691
>
> Questionable (can you reproduce this?):
>
> # This next bit doesn't belong here. It should be exposed through an
> # interface likely from the dbus policy module.
> gen_require(`
> type system_dbusd_t;
> ')
> allow system_dbusd_t tabrmd_t:unix_stream_socket { read write };
>
> If you can reproduce this then it should be inside the below optional block
> (no need to require type system_dbusd_t:
>
> optional_policy(`
> dbus_system_domain(tabrmd_t, tabrmd_exec_t)
> ')
>
Can you please take a look to the latest version of the policy module? Lukas
already fixed tpm2-abrmd upstream:
https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te
> Your tabrmd.if file is useless (its like a library providing interfaces
> required to interact with your domain).
Do you mean that it can just be removed? Sorry for the silly question but I'm
not that familiar with SELinux.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
