From: jason@perfinion.com (Jason Zaman) Date: Thu, 16 Jul 2015 17:44:16 +0400 Subject: [refpolicy] Calling _run() inside _admin() interfaces Message-ID: <20150716134416.GA30747@meriadoc.Home> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com There are quite a few modules that call foo_run() or foo_exec() inside their admin interface. Previously some were removed because they caused problems if both the _admin and _run interface are added to a role but some still remain. In the previous patch [1] that added all the rest of the admin interfaces, some new things now have a transition in _run. eg, rsync_admin was added which currently calls rsync_run, so sysadm using rsync has a transition when previously it did not. Should I send a patch to remove them? and if yes, remove all or remove only the _run and leave the _exec? Also do you want a patch to add the removed interfaces back to sysadm.te directly? Or only add the ones that were there before patch [1]? [1]: http://oss.tresys.com/pipermail/refpolicy/2015-June/007660.html