From 0cd1ea9596b7508f7cacd6d8f5c4754982ffd0ea Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sun, 7 Sep 2014 23:28:16 +0200
Subject: [PATCH] Remove redundant Gentoo-specific
 term_append_unallocated_ttys(syslogd_t)

Since commit 0fd9dc55, logging.te contains:

  term_write_all_user_ttys(syslogd_t)

As "write" is a superset of "append", this rule is no longer needed:

    term_append_unallocated_ttys(syslogd_t)

While at it, add a comment which explains why
term_dontaudit_setattr_unallocated_ttys is needed.
---
 policy/modules/system/logging.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 733a8bb73..8bcb2872c 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -483,7 +483,7 @@ userdom_dontaudit_search_user_home_dirs(syslogd_t)
 ifdef(`distro_gentoo',`
 	# default gentoo syslog-ng config appends kernel
 	# and high priority messages to /dev/tty12
-	term_append_unallocated_ttys(syslogd_t)
+	# and chown/chgrp/chmod /dev/tty12, which is denied
 	term_dontaudit_setattr_unallocated_ttys(syslogd_t)
 ')