On Fri, Mar 25, 2016 at 9:14 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > On 03/25/2016 08:31 AM, Stephen Smalley wrote: >> On 03/25/2016 06:38 AM, Dominick Grift wrote: >>> >>> I noticed that object what is it for? >> >> Red Hat reserved a policy capability when they were testing >> ptrace_child, which they ultimately discarded. So it is presently >> unused and maybe could be reclaimed? I assume ptrace_child never made >> it into any RHEL release? >> >> Oddly, I see that current Fedora policy still defines a ptrace_child >> permission in class process, even though the kernel knows nothing about >> it. > > We should probably drop it. I just added a note to the BZ below to get the permission removed from the Fedora policy. * https://bugzilla.redhat.com/show_bug.cgi?id=802072 As for the "redhat1" policycap and the kernel, we could remove it, but I would just assume leave it there until we have a new policycap to take its place. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
