From: mgrepl@redhat.com (Miroslav Grepl)
Date: Thu, 1 Oct 2015 11:58:25 +0200
Subject: [refpolicy]  modules_object_t vs. modules_dep_t labeling
Message-ID: <560D03C1.9060102@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

We have more and more bugs with mislabeled /lib/modules/*/modules.dep*
files. There is a default label for them - modules_dep_t but we get them
labeled as modules_object_t. Yes, we can add filename transition rules
and also find a reason why they get wrong labeling (in progress).

But is there a big advantage to have these two labels. At least I don't
see it from the policy point of view (sesearch).

Thank you.


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.