From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 6 Dec 2013 08:50:21 -0500 Subject: [refpolicy] [PATCH 18/39] unconfined: make direct_sysadm_daemon apply to unconfined_r:unconfined_t as well In-Reply-To: <1383990320-3340-18-git-send-email-dominick.grift@gmail.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-18-git-send-email-dominick.grift@gmail.com> Message-ID: <52A1D61D.9050207@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/09/13 04:44, Dominick Grift wrote: > Signed-off-by: Dominick Grift > --- > policy/modules/system/unconfined.te | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te > index 5fe902d..28a2188 100644 > --- a/policy/modules/system/unconfined.te > +++ b/policy/modules/system/unconfined.te > @@ -49,9 +49,17 @@ unconfined_domain(unconfined_t) > > userdom_user_home_dir_filetrans_user_home_content(unconfined_t, { dir file lnk_file fifo_file sock_file }) > > -ifdef(`distro_gentoo',` > - seutil_run_runinit(unconfined_t, unconfined_r) > - seutil_init_script_run_runinit(unconfined_t, unconfined_r) > +ifdef(`direct_sysadm_daemon',` > + optional_policy(` > + init_run_daemon(unconfined_t, unconfined_r) > + ') > +',` > + ifdef(`distro_gentoo',` > + optional_policy(` > + seutil_run_runinit(unconfined_t, unconfined_r) > + seutil_init_script_run_runinit(unconfined_t, unconfined_r) > + ') > + ') > ') I get an error: /usr/bin/checkpolicy: loading policy configuration from policy.conf policy/modules/system/unconfined.te":52:ERROR 'duplicate role transition for (unconfined_r,NetworkManager_exec_t,process)' at token ';' on line 2433460: #line 52 role_transition unconfined_r direct_init_entry system_r; checkpolicy: error(s) encountered while parsing configuration make: *** [policy.29] Error 1 -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com