Fix the files_manage_all_files() interface

The auth_*() and seutil_*() calls need to be inside an optional block. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
fedora-selinux · Jan 30, 2023 · f5ad795 · f5ad795
1 parent 71d551b
commit f5ad795
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
@@ -1788,10 +1788,14 @@ interface(`files_manage_all_files',`
 	manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
 
 	# satisfy the assertions:
-	seutil_create_bin_policy($1)
 	files_manage_kernel_modules($1)
-    auth_reader_shadow($1)
-    auth_writer_shadow($1)
+	optional_policy(`
+		seutil_create_bin_policy($1)
+	')
+	optional_policy(`
+		auth_reader_shadow($1)
+		auth_writer_shadow($1)
+	')
 ')
 
 ########################################