Is there anything wrong with this patch?

It continues to remove stuff from x_client_domain. This time the type declaration is removed, along with the transboolean stuff. The transition stuff is placed in new macros called user_trans and user_trans_boolean.

Points of interest:

• can_exec($1_$2_t, $2_exec_t) I don't quite understand what this does, but I remember domains needed it. It was also in the x_client rules.
• nscd_client_domain was removed for mplayer and mozilla. I didn't see any problems.
• tmp_domain for tvtime now allows for fifo_file. This addresses a denial I noticed.

If there is nothing wrong with this patch, can I convert other domains in macros/program to use this macro? Is it a problem if they don't have the above can_exec rule?

-- 
Ivan Gyurdiev <ivg2@cornell.edu>
Cornell University




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



text/x-patch attachment: user_trans_v0.diff__charset_UTF-8