From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 18 Mar 2011 09:35:57 -0400
Subject: [refpolicy] Question: and the policy grows...
In-Reply-To: <1300392941.31755.17.camel@tesla.lan>
References: <1300369855.30425.14.camel@tesla.lan>	
	<4D8219D9.7080504@redhat.com>
	<1300377867.30425.40.camel@tesla.lan>	
	<4D823A60.9020107@redhat.com> <4D824AC3.4070502@tresys.com>
	<1300392941.31755.17.camel@tesla.lan>
Message-ID: <4D835FBD.4020704@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/17/11 16:15, Guido Trentalancia wrote:
> On Thu, 17/03/2011 at 13.54 -0400, Christopher J. PeBenito wrote:
>> On 03/17/11 12:44, Daniel J Walsh wrote:
>>> On 03/17/2011 12:04 PM, Guido Trentalancia wrote:
>>>> On Thu, 17/03/2011 at 10.25 -0400, Daniel J Walsh wrote:
>>>>> On 03/17/2011 09:50 AM, Guido Trentalancia wrote:

>> Right.  There was ~6 years of policy development that happened before
>> Refpolicy started and we didn't want to lose the effort that went into
>> it.  The idea being that after a rigorous structure was applied, there
>> is a better chance of identifying excessive permissions.  That did
>> happen, and we did remove a lot of policy.  But its hard finding the
>> little excessive bits that are sprinkled around the policy.
> 
> So when did that happen last ?

Its ongoing.

> And yes, the little excessive bits. Any idea on a method to help
> spotting that out ?

If they were easy to find, they would have been removed already.  The
point is that its not obvious.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com