From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 14 Nov 2017 18:32:33 -0500
Subject: [refpolicy] map permissions
In-Reply-To: <20171114035646.5664426e@vega.skynet.aixah.de>
References: <3850548.JCvBVk9sDr@xev>
	<20171104211601.083a0a96@vega.skynet.aixah.de>
	<472df9ba-2110-39ca-e540-4b165c4648c9@m4x.org>
	<9767fc1e-3461-6c6f-dc40-329fec8652e4@ieee.org>
	<20171114035646.5664426e@vega.skynet.aixah.de>
Message-ID: <4c8b6775-5237-111f-580c-ad23850bf430@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/13/2017 09:56 PM, Luis Ressel wrote:
> On Sun, 5 Nov 2017 13:09:58 -0500
> Chris PeBenito via refpolicy <refpolicy@oss.tresys.com> wrote:
> 
>> Thanks for looking in to that.  I'm inclined to dontaudit all that
>> stuff.
> 
> The only remaining question is whether we actually care about this.
> With the 2.26 release, glibc has deprecated libnss_compat, which was
> the source of this denial spam.
> 
> If a dontaudit is added, I'd suggest to add a comment alongside it
> stating that the dontaudit should be removed again (in 1-2 years,
> perhaps?).

In that case, I'd say no dontaudits.  2.26 didn't just come out 
yesterday, it came out 3 months ago.

-- 
Chris PeBenito