[refpolicy] [PATCH 3/8] Label systemd-journald files and directories

Nicolas Iooss nicolas.iooss at m4x.org
Fri Aug 29 15:43:29 EDT 2014


2014-08-25 14:32 GMT+02:00 Christopher J. PeBenito:
> On 8/23/2014 11:41 AM, Nicolas Iooss wrote:
> > (a) refpolicy already supports reading devlog_t symlinks [1].
>
> It a vestige of the NSA example policy.  Since we don't label the
> symlink devlog_t anymore, we should remove the rules.

Actually it seems that this rule has been added a few days after the
initial SVN import, by commit 5a9522111548 ("add devlog_t symlink to
loggers") [1].  If the arguments which explain this commit from 2005 no
longer apply, I agree we should remove this rule to prevent future
confusion.

Wkr,

Nicolas

[1]
https://github.com/TresysTechnology/refpolicy/commit/5a952211154895a2da79c78ad6ee45b8dca089a2



More information about the refpolicy mailing list