From: aranea@aixah.de (Luis Ressel) Date: Tue, 14 Nov 2017 03:56:46 +0100 Subject: [refpolicy] map permissions In-Reply-To: <9767fc1e-3461-6c6f-dc40-329fec8652e4@ieee.org> References: <3850548.JCvBVk9sDr@xev> <20171104211601.083a0a96@vega.skynet.aixah.de> <472df9ba-2110-39ca-e540-4b165c4648c9@m4x.org> <9767fc1e-3461-6c6f-dc40-329fec8652e4@ieee.org> Message-ID: <20171114035646.5664426e@vega.skynet.aixah.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 5 Nov 2017 13:09:58 -0500 Chris PeBenito via refpolicy wrote: > Thanks for looking in to that. I'm inclined to dontaudit all that > stuff. The only remaining question is whether we actually care about this. With the 2.26 release, glibc has deprecated libnss_compat, which was the source of this denial spam. If a dontaudit is added, I'd suggest to add a comment alongside it stating that the dontaudit should be removed again (in 1-2 years, perhaps?). Regards, Luis Ressel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20171114/34920dc4/attachment.bin