On 1/12/21 5:31 AM, Russell Coker wrote:
Also remove the systemd_analyze_t domain which does no good.
I proposed this same change on github: https://github.com/SELinuxProject/refpolicy/pull/321
The consensus there was that having a separate domain for this access would add value and the better direction would be to flesh out the permissions it needs. We have a bit of a starting point locally on that. I'm not sure what shape it's in with regard to upstreaming, but I'll talk to the developer who worked on it.
-Daniel