[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

excessively verbose policy

From: Bill Nottingham <notting redhat com>
To: fedora-selinux-list redhat com
Subject: excessively verbose policy
Date: Thu, 21 Feb 2008 18:23:21 -0500

I was writing policy today, and I couldn't help notice a lot of
repetitiveness in our policy:

	libs_use_ld_so(...)
	libs_use_shared_libs(...)

These are needed by, well, everything. Can't they be assumed-unless-denied?

Similarly, 99% of confined apps need:

	miscfiles_read_localization()
	files_read_etc_files(.)
        pipes & stream sockets

Is there a way to streamline policy so there is a lot less
repetition?

Bill

Follow-Ups:
- Re: excessively verbose policy
  - From: Daniel J Walsh
- RE: excessively verbose policy
  - From: Clarkson, Mike R \(US SSA\)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]