From: dac.override@gmail.com (Dominick Grift) Date: Wed, 03 Dec 2014 15:33:30 +0100 Subject: [refpolicy] Syntax fixes in contrib In-Reply-To: <547ED76D.5010709@redhat.com> References: <1416983956-8770-1-git-send-email-jason@perfinion.com> <547DDB5A.3000307@tresys.com> <20141202161542.GA16393@e145.network2> <547ED76D.5010709@redhat.com> Message-ID: <1417617210.29096.4.camel@joe.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2014-12-03 at 10:27 +0100, Miroslav Grepl wrote: > > > > > > The problem with the admin interfaces (any interfaces for that matter) is that unless they are called they aren't tested. > > > > This is also one of the reasons why i prefer only adding interfaces that are actually used. > > > > On that other hand, adding interfaces even if they aren't used does make sense for audit2allow/sepolgen-ifgen, and for the confined admin support > > > > > We have tests for testing these _admin() interfaces in RHEL. I believe > we could add them to Fedora to have them available. Could be interesting. I fear however that the tests aren't going to be the problem, but rather running them consistently when a unused interface is added. I might be wrong with that assumption though