On 1/12/21 9:15 AM, Daniel Burgener wrote:
On 1/12/21 5:31 AM, Russell Coker wrote:
Also remove the systemd_analyze_t domain which
does no good.
I proposed this same change on github:
https://github.com/SELinuxProject/refpolicy/pull/321
The consensus there was that having a separate domain for this access
would add value and the better direction would be to flesh out the
permissions it needs. We have a bit of a starting point locally on
that. I'm not sure what shape it's in with regard to upstreaming, but
I'll talk to the developer who worked on it.
-Daniel
My mistake - looks like we ended up granting the needed permissions to
the parent domain in our environment, so I don't have any
systemd-analyze policy available for upstream. I still might try
developing some, but I don't expect that I'm likely to get to it soon.
-Daniel
