From: dac.override@gmail.com (Dominick Grift) Date: Mon, 27 Apr 2015 21:05:15 +0200 Subject: [refpolicy] [PATCH] Role type statements no longer declare the role In-Reply-To: <20150427185518.GA8291@siphos.be> References: <1430157783-27471-1-git-send-email-dac.override@gmail.com> <20150427180534.GA27157@x131e> <20150427185518.GA8291@siphos.be> Message-ID: <20150427190514.GB27157@x131e> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Apr 27, 2015 at 08:55:18PM +0200, Sven Vermeulen wrote: > On Mon, Apr 27, 2015 at 08:05:35PM +0200, Dominick Grift wrote: > > On Mon, Apr 27, 2015 at 08:03:03PM +0200, Dominick Grift wrote: > > > Back in the older days, role type statements automatically declared the role. This was later changed. > > > > > > I expect that these macro date from that period and that they should be updated to declare the role. > > > > This is just a RFC patch. its untested and the indent is not conform refpolicy style rules > > > > just want to hear opinions > > I think I'm okay with the suggestion. At first I was wondering if it is more of > cosmetic nature than actually necessary, but then I found that kernel.te > is declaring the basic roles already as well, and that I had declared the > role specifically in some other modules that I'm using. > > Do you think the default role declarations in kernel.te can be dismissed if > your change is put through, or is the declaration of sysadm_r, staff_r, user_r > and unconfined_r in kernel.te needed due to other dependencies? > > I can confirm that a duplicate role declaration does not seem to give any > issues on 2.3 and 2.4 userspace, so the above question doesn't need to be > answered before going forward with the change. I suspect we could then, at least in theory, get rid of (at least some of the) declarations in kernel.te Only way to really find out if to test it. > > Wkr, > Sven Vermeulen > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150427/952f06e9/attachment.bin