--- Comment #9 from Javier Martinez Canillas <> ---
(In reply to dac.override from comment #4)
> tpm2-abrmd-1.2.0/selinux/tabrmd.te:
> allow tabrmd_t self:unix_dgram_socket { create_socket_perms };
> redundant: provided by logging_send_syslog_msg(tabrmd_t)
> system/logging.te#L691
> Questionable (can you reproduce this?): 
> # This next bit doesn't belong here. It should be exposed through an
> # interface likely from the dbus policy module.
> gen_require(`
>     type system_dbusd_t;
> ')
> allow system_dbusd_t tabrmd_t:unix_stream_socket { read write };
> If you can reproduce this then it should be inside the below optional block
> (no need to require type system_dbusd_t:
> optional_policy(`
>     dbus_system_domain(tabrmd_t, tabrmd_exec_t)
> ')

Can you please take a look to the latest version of the policy module? Lukas
already fixed tpm2-abrmd upstream:

 > Your tabrmd.if file is useless (its like a library providing interfaces
> required to interact with your domain).

Do you mean that it can just be removed? Sorry for the silly question but I'm
not that familiar with SELinux.

You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
package-review mailing list --
To unsubscribe send an email to

Reply via email to