excessively verbose policy

Bill Nottingham notting at redhat.com
Thu Feb 21 23:23:21 UTC 2008


I was writing policy today, and I couldn't help notice a lot of
repetitiveness in our policy:

	libs_use_ld_so(...)
	libs_use_shared_libs(...)

These are needed by, well, everything. Can't they be assumed-unless-denied?

Similarly, 99% of confined apps need:

	miscfiles_read_localization()
	files_read_etc_files(.)
        pipes & stream sockets

Is there a way to streamline policy so there is a lot less
repetition?

Bill




More information about the fedora-selinux-list mailing list