commit: d4e625e9ac332806fc907c4e6b4cbd24506078ca
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sun Sep 7 21:28:16 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Sep 13 09:30:22 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d4e625e9
Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t)
Since commit 0fd9dc55, logging.te contains:
term_write_all_user_ttys(syslogd_t)
As "write" is a superset of "append", this rule is no longer needed:
term_append_unallocated_ttys(syslogd_t)
While at it, add a comment which explains why
term_dontaudit_setattr_unallocated_ttys is needed.
---
policy/modules/system/logging.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 85c3c73..4008931 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -483,7 +483,7 @@ userdom_dontaudit_search_user_home_dirs(syslogd_t)
ifdef(`distro_gentoo',`
# default gentoo syslog-ng config appends kernel
# and high priority messages to /dev/tty12
- term_append_unallocated_ttys(syslogd_t)
+ # and chown/chgrp/chmod /dev/tty12, which is denied
term_dontaudit_setattr_unallocated_ttys(syslogd_t)
')
