Closed cgzones closed 9 months ago
Role allow rules are not allowed in conditional policies, thus they should not be shown when filtering for booleans.
E.g.:
$ sesearch --role_allow -b secure_mode policy.33 allow auditadm_r secadm_r; allow auditadm_r sysadm_r; allow auditadm_r system_r; allow dbadm_r system_r; allow logadm_r system_r; allow secadm_r auditadm_r; allow secadm_r sysadm_r; allow staff_r auditadm_r; allow staff_r dbadm_r; allow staff_r secadm_r; allow staff_r sysadm_r; allow sysadm_r auditadm_r; allow sysadm_r secadm_r; allow sysadm_r staff_r; allow sysadm_r system_r; allow sysadm_r user_r; allow system_r auditadm_r; allow system_r dbadm_r; allow system_r guest_r; allow system_r logadm_r; allow system_r nx_server_r; allow system_r secadm_r; allow system_r staff_r; allow system_r sysadm_r; allow system_r unconfined_r; allow system_r user_r; allow system_r webadm_r; allow system_r xdm_r; allow system_r xguest_r; allow webadm_r system_r; $ sesearch --type_member -b secure_mode policy.33 <empty>
@cgzones please try out the above PR.
LGTM, thanks.
Role allow rules are not allowed in conditional policies, thus they should not be shown when filtering for booleans.
E.g.: