From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Sun, 7 Sep 2014 23:28:16 +0200 Subject: [refpolicy] [PATCH v2 7/7] Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t) In-Reply-To: <1410125296-26728-1-git-send-email-nicolas.iooss@m4x.org> References: <1410125296-26728-1-git-send-email-nicolas.iooss@m4x.org> Message-ID: <1410125296-26728-7-git-send-email-nicolas.iooss@m4x.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Since commit 0fd9dc55, logging.te contains: term_write_all_user_ttys(syslogd_t) As "write" is a superset of "append", this rule is no longer needed: term_append_unallocated_ttys(syslogd_t) While at it, add a comment which explains why term_dontaudit_setattr_unallocated_ttys is needed. --- policy/modules/system/logging.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index c2fb80d6062e..6b40bd5a146f 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -482,7 +482,7 @@ userdom_dontaudit_search_user_home_dirs(syslogd_t) ifdef(`distro_gentoo',` # default gentoo syslog-ng config appends kernel # and high priority messages to /dev/tty12 - term_append_unallocated_ttys(syslogd_t) + # and chown/chgrp/chmod /dev/tty12, which is denied term_dontaudit_setattr_unallocated_ttys(syslogd_t) ') -- 2.1.0