fedora-selinux February 2008 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: excessively verbose policy

excessively verbose policy

From: Bill Nottingham <notting_at_nospam>
Date: Thu Feb 21 2008 - 23:23:21 GMT
To: fedora-selinux-list@redhat.com


I was writing policy today, and I couldn't help notice a lot of repetitiveness in our policy: libs_use_ld_so(...) libs_use_shared_libs(...)

These are needed by, well, everything. Can't they be assumed-unless-denied?

Similarly, 99% of confined apps need: miscfiles_read_localization() files_read_etc_files(.) pipes & stream sockets

Is there a way to streamline policy so there is a lot less repetition?

Bill -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list