diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2014-09-07 23:28:16 +0200 |
|---|---|---|
| committer |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-09-13 11:30:22 +0200 |
| commit | d4e625e9ac332806fc907c4e6b4cbd24506078ca (patch) | |
| tree | 826ef6edca050c57e84663331e54e41cbdd03813 | |
| parent | Allow journald to access to the state of all processes (diff) | |
| download | hardened-refpolicy-d4e625e9ac332806fc907c4e6b4cbd24506078ca.tar.gz hardened-refpolicy-d4e625e9ac332806fc907c4e6b4cbd24506078ca.tar.bz2 hardened-refpolicy-d4e625e9ac332806fc907c4e6b4cbd24506078ca.zip | |
Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t)
Since commit 0fd9dc55, logging.te contains:
term_write_all_user_ttys(syslogd_t)
As "write" is a superset of "append", this rule is no longer needed:
term_append_unallocated_ttys(syslogd_t)
While at it, add a comment which explains why
term_dontaudit_setattr_unallocated_ttys is needed.
| -rw-r--r-- | policy/modules/system/logging.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 85c3c73fb..4008931b3 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -483,7 +483,7 @@ userdom_dontaudit_search_user_home_dirs(syslogd_t) ifdef(`distro_gentoo',` # default gentoo syslog-ng config appends kernel # and high priority messages to /dev/tty12 - term_append_unallocated_ttys(syslogd_t) + # and chown/chgrp/chmod /dev/tty12, which is denied term_dontaudit_setattr_unallocated_ttys(syslogd_t) ') |