Negation is part of the SELinux policy grammar, not an M4-ism.

Port policy.26 to RHEL 6


I like what you did for FC by removing occasions of negation
in m4 macros. Amazing amount of stuff removed from policy.

Although RHEL 6 server uses will not benefit (much) from
shorter reboot times, they will benefit from: less memory
required to load policy, and shorter times for rebuilding
policy whenever changes are made.

I believe there is a positive psychological effect of having
a smaller set of allow rules too.


