I think that this concern is legitimate, although I understand the
motivation for the current approach.
-------- Forwarded Message --------
From: Bill Nottingham <notting@xxxxxxxxxx>
To: fedora-selinux-list@xxxxxxxxxx
Subject: excessively verbose policy
Date: Thu, 21 Feb 2008 18:23:21 -0500
I was writing policy today, and I couldn't help notice a lot of
repetitiveness in our policy:
libs_use_ld_so(...)
libs_use_shared_libs(...)
These are needed by, well, everything. Can't they be assumed-unless-denied?
Similarly, 99% of confined apps need:
miscfiles_read_localization()
files_read_etc_files(.)
pipes & stream sockets
Is there a way to streamline policy so there is a lot less
repetition?
Bill
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
