excessively verbose policy
Bill Nottingham
notting at redhat.com
Thu Feb 21 23:23:21 UTC 2008
I was writing policy today, and I couldn't help notice a lot of
repetitiveness in our policy:
libs_use_ld_so(...)
libs_use_shared_libs(...)
These are needed by, well, everything. Can't they be assumed-unless-denied?
Similarly, 99% of confined apps need:
miscfiles_read_localization()
files_read_etc_files(.)
pipes & stream sockets
Is there a way to streamline policy so there is a lot less
repetition?
Bill
More information about the fedora-selinux-list
mailing list