I was writing policy today, and I couldn't help notice a lot of
repetitiveness in our policy:
libs_use_ld_so(...)
libs_use_shared_libs(...)
These are needed by, well, everything. Can't they be assumed-unless-denied?
Similarly, 99% of confined apps need:
miscfiles_read_localization()
files_read_etc_files(.)
pipes & stream sockets
Is there a way to streamline policy so there is a lot less
repetition?
Bill