Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FBD4C43387 for ; Thu, 3 Jan 2019 01:19:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 46EEC20833 for ; Thu, 3 Jan 2019 01:19:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="MJxqBEby" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726857AbfACBTW (ORCPT ); Wed, 2 Jan 2019 20:19:22 -0500 Received: from smtp.sws.net.au ([46.4.88.250]:50648 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726049AbfACBTW (ORCPT ); Wed, 2 Jan 2019 20:19:22 -0500 Received: from xev.coker.com.au (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id D4B7DEC76; Thu, 3 Jan 2019 12:19:20 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1546478361; bh=UU10EeOUJoVwyiHpqxeX53nSe3A+ZoR+AFgaKdFeejI=; l=1147; h=From:To:Reply-To:Cc:Subject:Date:In-Reply-To:References:From; b=MJxqBEby15rykb/XPGKWl4+KbWAKF0jIauKj4dwrm9asMQJBSfXRZboSmYuN/TN+1 uGCkdYgRfCAnqMrYsguprD7knEp/K5mdZcAS+TAb8y6i2TuvnaE+E+eJSGBGFqxeDS wTq8Gq1CN755o6Oj/S8vAky1jvVlHdyEl39FJhyI= Received: by xev.coker.com.au (Postfix, from userid 1001) id 3B91AC37185; Thu, 3 Jan 2019 12:19:16 +1100 (AEDT) From: Russell Coker To: Chris PeBenito Reply-To: russell@coker.com.au Cc: selinux-refpolicy@vger.kernel.org Subject: Re: [PATCH misc 3/3] networkmanager apt bootloader dpkg raid modutils tor devicekit dicts irqbalance policykit and postfix Date: Thu, 03 Jan 2019 12:19:16 +1100 Message-ID: <2798399.SdR9s7MnL5@xev> In-Reply-To: References: <20190102092027.GC31076@aaa.coker.com.au> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Thursday, 3 January 2019 11:14:06 AM AEDT Chris PeBenito wrote: > On 1/2/19 4:20 AM, Russell Coker wrote: > > Trivial stuff. > > > > > > Index: refpolicy-2.20180701/policy/modules/services/networkmanager.te > > =================================================================== > > --- refpolicy-2.20180701.orig/policy/modules/services/networkmanager.te > > +++ refpolicy-2.20180701/policy/modules/services/networkmanager.te > > @@ -57,6 +57,7 @@ allow NetworkManager_t self:tcp_socket { > > > > allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom > > relabelto }; allow NetworkManager_t self:packet_socket > > create_socket_perms; > > allow NetworkManager_t self:socket create_socket_perms; > > > > +allow NetworkManager_t self:rawip_socket { create setopt getattr write > > read }; > This seems odd. Can you provide any more details on this? From memory it appeared to be some sort of ping functionality built in. Feel free to drop that section and apply the rest, I can do more testing on it if you like. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/