From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 14 Nov 2017 18:32:33 -0500 Subject: [refpolicy] map permissions In-Reply-To: <20171114035646.5664426e@vega.skynet.aixah.de> References: <3850548.JCvBVk9sDr@xev> <20171104211601.083a0a96@vega.skynet.aixah.de> <472df9ba-2110-39ca-e540-4b165c4648c9@m4x.org> <9767fc1e-3461-6c6f-dc40-329fec8652e4@ieee.org> <20171114035646.5664426e@vega.skynet.aixah.de> Message-ID: <4c8b6775-5237-111f-580c-ad23850bf430@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/13/2017 09:56 PM, Luis Ressel wrote: > On Sun, 5 Nov 2017 13:09:58 -0500 > Chris PeBenito via refpolicy wrote: > >> Thanks for looking in to that. I'm inclined to dontaudit all that >> stuff. > > The only remaining question is whether we actually care about this. > With the 2.26 release, glibc has deprecated libnss_compat, which was > the source of this denial spam. > > If a dontaudit is added, I'd suggest to add a comment alongside it > stating that the dontaudit should be removed again (in 1-2 years, > perhaps?). In that case, I'd say no dontaudits. 2.26 didn't just come out yesterday, it came out 3 months ago. -- Chris PeBenito