From: bigon@debian.org (Laurent Bigonville) Date: Tue, 9 Oct 2012 20:57:18 +0200 Subject: [refpolicy] [PATCH] Add system_r role to unconfined_u and staff_u users In-Reply-To: <50742DF5.6010402@tresys.com> References: <1348320092-15953-1-git-send-email-bigon@debian.org> <20121008232132.15ade879@fornost.bigon.be> <50742DF5.6010402@tresys.com> Message-ID: <20121009205718.4ada847d@fornost.bigon.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Le Tue, 9 Oct 2012 10:00:21 -0400, "Christopher J. PeBenito" a ?crit : > On 10/08/12 17:21, Laurent Bigonville wrote: > > > > Any thoughts on that patch? > > The patch would need to be updated to be controlled by the > direct_sysadm_daemon build option, as it is with the root seuser. > My initial issue was that when dbus was starting pulseaudio and libvirt, logged-in using my unconfined user, it was trying to transition the process to unconfined_u:system_r:{pulseaudio_t,virtd_t} and it was exploding as the label was invalid. So if the policy is compiled without direct_sysadm_daemon I guess that this issue will persist. Also I've added the system_r role to the staff_u to be consistant (and because it's also done in the Fedora policy) Laurent Bigonville