From: jason@perfinion.com (Jason Zaman) Date: Tue, 2 Dec 2014 22:17:16 +0400 Subject: [refpolicy] Syntax fixes in contrib In-Reply-To: <20141202161542.GA16393@e145.network2> References: <1416983956-8770-1-git-send-email-jason@perfinion.com> <547DDB5A.3000307@tresys.com> <20141202161542.GA16393@e145.network2> Message-ID: <20141202181716.GA30946@meriadoc.Home> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, Dec 02, 2014 at 05:15:43PM +0100, Dominick Grift wrote: > On Tue, Dec 02, 2014 at 10:31:38AM -0500, Christopher J. PeBenito wrote: > > On 11/26/2014 1:38 AM, Jason Zaman wrote: > > > I was going through the policy and adding all the _admin interfaces to sysadm > > > in the gentoo policy and hit quite a number of syntax errors. They are mostly > > > just typos and missing types in gen_require. > > The problem with the admin interfaces (any interfaces for that matter) is that unless they are called they aren't tested. > > This is also one of the reasons why i prefer only adding interfaces that are actually used. > > On that other hand, adding interfaces even if they aren't used does make sense for audit2allow/sepolgen-ifgen, and for the confined admin support > > -- > Dominick Grift Would a patch for adding all of the foo_admin() interfaces to sysadm.te in refpol be accepted? and if i send a patch to add them, where in sysadm.te would be the best? put them directly in the main part of the file or should they go in the ifndef(distro_redhat section? -- Jason