https://bugzilla.redhat.com/show_bug.cgi?id=1550595
--- Comment #9 from Javier Martinez Canillas <fmartine(a)redhat.com> ---
(In reply to dac.override from comment #4)
tpm2-abrmd-1.2.0/selinux/tabrmd.te:
allow tabrmd_t self:unix_dgram_socket { create_socket_perms };
redundant: provided by logging_send_syslog_msg(tabrmd_t)
https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modu...
system/logging.te#L691
Questionable (can you reproduce this?):
# This next bit doesn't belong here. It should be exposed through an
# interface likely from the dbus policy module.
gen_require(`
type system_dbusd_t;
')
allow system_dbusd_t tabrmd_t:unix_stream_socket { read write };
If you can reproduce this then it should be inside the below optional block
(no need to require type system_dbusd_t:
optional_policy(`
dbus_system_domain(tabrmd_t, tabrmd_exec_t)
')
Can you please take a look to the latest version of the policy module? Lukas
already fixed tpm2-abrmd upstream:
https://github.com/tpm2-software/tpm2-abrmd/blob/1.x/selinux/tabrmd.te
Your tabrmd.if file is useless (its like a library providing
interfaces
required to interact with your domain).
Do you mean that it can just be removed? Sorry for the silly question but I'm
not that familiar with SELinux.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component