From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Sun,  7 Sep 2014 23:28:16 +0200
Subject: [refpolicy] [PATCH v2 7/7] Remove redundant Gentoo-specific
	term_append_unallocated_ttys(syslogd_t)
In-Reply-To: <1410125296-26728-1-git-send-email-nicolas.iooss@m4x.org>
References: <1410125296-26728-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <1410125296-26728-7-git-send-email-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Since commit 0fd9dc55, logging.te contains:

  term_write_all_user_ttys(syslogd_t)

As "write" is a superset of "append", this rule is no longer needed:

    term_append_unallocated_ttys(syslogd_t)

While at it, add a comment which explains why
term_dontaudit_setattr_unallocated_ttys is needed.
---
 policy/modules/system/logging.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index c2fb80d6062e..6b40bd5a146f 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -482,7 +482,7 @@ userdom_dontaudit_search_user_home_dirs(syslogd_t)
 ifdef(`distro_gentoo',`
 	# default gentoo syslog-ng config appends kernel
 	# and high priority messages to /dev/tty12
-	term_append_unallocated_ttys(syslogd_t)
+	# and chown/chgrp/chmod /dev/tty12, which is denied
 	term_dontaudit_setattr_unallocated_ttys(syslogd_t)
 ')
 
-- 
2.1.0