Hi Andre, as you can see I set the severity of the "cosmetic" bug reports, where AVCs are logged but apparently no functional degradation happens to "minor". Often programs will use different codepaths (or do not actually care) when something is denied (think of the equivalent of "ls -la|grep etc" [or something along the lines which actually makes sense] where stat'ing /dev will be prohibited. It will log an AVC, but the program doesn't actually care). Therefore, in policy we have "dontaudit" rules, which do deny access, but don't log AVCs. So if functionality is not degraded, this actually looks like a missing dontaudit rule, which is arguably only a minor error.
Also please note that updates to Debian stable are only done for at least important bugs, so it is not really worth reporting minor bugs against versions in stable (other than for documentation purposes), we most likely will not actually fix them. If someone finds time, we will however try to test if they persist in testing/unstable to try to fix them in testing, such that the next stable release will have fewer bugs. If you could test minor/normal bugs you find in stable in testing/unstable (e.g. in a VM), that would actually help us a lot! If you need some help in setting up a test environment for that, I can help you with it (or even provide a vm to you which you can use for testing if you do not have necessary hardware). Cheers, Mika --
signature.asc
Description: PGP signature
