On all my machines and using various daemons, the denial messages always have fsuid==ouid. As such, I believe it would be OK to use the 'owner' specifier like this:
owner @{PROC}/sys/kernel/random/boot_id r,
On all my machines and using various daemons, the denial messages always have fsuid==ouid. As such, I believe it would be OK to use the 'owner' specifier like this:
owner @{PROC} /sys/kernel/ random/ boot_id r,