From: jason@perfinion.com (Jason Zaman)
Date: Tue, 2 Dec 2014 22:17:16 +0400
Subject: [refpolicy] Syntax fixes in contrib
In-Reply-To: <20141202161542.GA16393@e145.network2>
References: <1416983956-8770-1-git-send-email-jason@perfinion.com>
	<547DDB5A.3000307@tresys.com>
	<20141202161542.GA16393@e145.network2>
Message-ID: <20141202181716.GA30946@meriadoc.Home>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, Dec 02, 2014 at 05:15:43PM +0100, Dominick Grift wrote:
> On Tue, Dec 02, 2014 at 10:31:38AM -0500, Christopher J. PeBenito wrote:
> > On 11/26/2014 1:38 AM, Jason Zaman wrote:
> > > I was going through the policy and adding all the _admin interfaces to sysadm
> > > in the gentoo policy and hit quite a number of syntax errors. They are mostly
> > > just typos and missing types in gen_require.
> 
> The problem with the admin interfaces (any interfaces for that matter) is that unless they are called they aren't tested.
> 
> This is also one of the reasons why i prefer only adding interfaces that are actually used.
> 
> On that other hand, adding interfaces even if they aren't used does make sense for audit2allow/sepolgen-ifgen, and for the confined admin support
> 
> -- 
> Dominick Grift

Would a patch for adding all of the foo_admin() interfaces to sysadm.te
in refpol be accepted? and if i send a patch to add them, where in
sysadm.te would be the best? put them directly in the main part of the
file or should they go in the ifndef(distro_redhat section?

-- Jason