From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 13 Sep 2017 18:43:22 -0400
Subject: [refpolicy] [PATCH] mandb: fixes for systemd timer and
 /usr/local/man label
In-Reply-To: <CAJ2a_DcV=21Nvx=QXT-RC+cHDVrFOTedK9aXxpkptp9oQyNPyw@mail.gmail.com>
References: <20170912092403.3951-1-cgzones@googlemail.com>
	<6a4807dc-08c8-9f6f-5638-869332e5615a@ieee.org>
	<CAJ2a_DcV=21Nvx=QXT-RC+cHDVrFOTedK9aXxpkptp9oQyNPyw@mail.gmail.com>
Message-ID: <d96a0118-0515-2198-eda6-388f172acbdb@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/13/2017 04:08 AM, Christian G?ttsche wrote:
> 2017-09-13 1:59 GMT+02:00 Chris PeBenito <pebenito@ieee.org>:
>> On 09/12/2017 05:24 AM, Christian G?ttsche via refpolicy wrote:
>>>
>>> ---
>>>    mandb.te | 4 +++-
>>>    1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/mandb.te b/mandb.te
>>> index 5c759da..de1ac65 100644
>>> --- a/mandb.te
>>> +++ b/mandb.te
>>> @@ -10,7 +10,7 @@ roleattribute system_r mandb_roles;
>>>      type mandb_t;
>>>    type mandb_exec_t;
>>> -application_domain(mandb_t, mandb_exec_t)
>>> +init_system_domain(mandb_t, mandb_exec_t)
>>
>>
>> The way the policy is written, it seems like mandb is both an application
>> domain and a system domain.
>>
> 
> Should be both calls present, although `init_system_domain` calls
> `application_domain`?

Sorry, I looked if that was the case and still somehow missed it.


-- 
Chris PeBenito