-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Right now, every domain that transitions to another domain gets the
following rule written.
dontaudit SOURCE TARGET : process { noatsecure siginh rlimitinh } ;
In Fedora 17 policy right now we have 2152 rules, out of Dontaudit:
9415
sesearch --dontaudit -p noatsecure | wc -l
2152
We could rewrite this with one rule.
dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
Of course this is more lenient then what we have now, although since
it is dontaudit rules, not sure it matters.
Comments?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6PQ80ACgkQrlYvE4MpobMn5ACeJMpRnEYe5nvpyWjhKbqpANw4
kB8AnA0ORPBkKS6Ww0AWzedMAnD+Teth
=Q6g9
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
