From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Fri, 29 Aug 2014 21:43:29 +0200
Subject: [refpolicy] [PATCH 3/8] Label systemd-journald files and
	directories
In-Reply-To: <53FB2CCB.7060005@tresys.com>
References: <1408802382-10212-1-git-send-email-nicolas.iooss@m4x.org>
	<1408802382-10212-4-git-send-email-nicolas.iooss@m4x.org>
	<20140823142925.GA2492@e145.network2>
	<53F8B61D.1090401@m4x.org> <53FB2CCB.7060005@tresys.com>
Message-ID: <5400D7E1.7020606@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

2014-08-25 14:32 GMT+02:00 Christopher J. PeBenito:
> On 8/23/2014 11:41 AM, Nicolas Iooss wrote:
> > (a) refpolicy already supports reading devlog_t symlinks [1].
>
> It a vestige of the NSA example policy.  Since we don't label the
> symlink devlog_t anymore, we should remove the rules.

Actually it seems that this rule has been added a few days after the
initial SVN import, by commit 5a9522111548 ("add devlog_t symlink to
loggers") [1].  If the arguments which explain this commit from 2005 no
longer apply, I agree we should remove this rule to prevent future
confusion.

Wkr,

Nicolas

[1]
https://github.com/TresysTechnology/refpolicy/commit/5a952211154895a2da79c78ad6ee45b8dca089a2