Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: * X-Spam-Status: No, score=1.0 required=3.0 tests=DKIM_ADSP_DISCARD,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E69CEC282C4 for ; Sun, 10 Feb 2019 00:04:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id ACB9821929 for ; Sun, 10 Feb 2019 00:04:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="JsDJce5w" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726956AbfBJAEZ (ORCPT ); Sat, 9 Feb 2019 19:04:25 -0500 Received: from smtp.sws.net.au ([46.4.88.250]:45282 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726940AbfBJAEY (ORCPT ); Sat, 9 Feb 2019 19:04:24 -0500 Received: from [10.64.20.211] (unknown [1.152.204.224]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 9B97BED8E; Sun, 10 Feb 2019 11:04:20 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1549757061; bh=mJF2cAstnLnGgwuh+HC+Ni10m6YlSJVpUjZFd4P1lQA=; l=999; h=Date:In-Reply-To:References:Subject:To:From:From; b=JsDJce5w7E7eVaa7Vuz67b3kaepwcGE5QY+Q2XB7Rlxb+MZNlzVYYXnXtbFnSgl5U gnOu9+Z+sBO75wE36bzOgb11HeqqhTgzCV/G6N116uLdZ6bITybSsSAs3J1Xq8k7YE mt6qhL0sxMbWrtAFrS5cPubfq9ZnJpF7ZkUUtkUc= Date: Sun, 10 Feb 2019 11:04:15 +1100 User-Agent: K-9 Mail for Android In-Reply-To: <402f8da9-de40-3a9d-f767-324bc6f0e60b@ieee.org> References: <1938152.zeI3LBqMHI@liv> <402f8da9-de40-3a9d-f767-324bc6f0e60b@ieee.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=russell@coker.com.au; keydata= mQGNBFrXA44BDADapoKLvoDy0JYhghKaxxHcQzft5FevbKwtwzNdP0s5CtHZtNvjjzf3hZUESyNW WA0pZfnrfB1aAjRGN5A0q8MRHC7X6lb/91r52OUoLHiZrqW4qxCiHBlDoiUmSSuTQD4reWPrHEPs F5EErLg7d9ETA8m/IUbvi2ZGpLFeV5U9wHaUyTQjzoPBgIIx4/Hm5ocpPq4NPNS7uVTp+SMLesQ1 A5vh/cYm0fFgYnwJ4XxNacNKbZYFIQrWJEPzvZHlwKvNLuQhSdWYJFeGmYRryOGGintCDoKqx3Ac jY8A8rQ0TDHiq+Cv2Oig0zMTta/TBUO2UNFQ99YhvqnfDETNF1D3FcujxtCuP5jZfmoAJLzy8L4J IycHbq1RyP/PSldSW1VVnU5nukWx/SZNCAlUWgId+w5rLpPmpqxqoVTwMgITMeQLAHkdwVGGKSkU DIeMrsUtcMbTEcDM+0NZBW13AxpClkbIfMxPmmzQUA09UPKdz2LHy07FRKN+dxTGsf44gOMAEQEA AbQqUnVzc2VsbCBDb2tlciBQaG9uZSA8cnVzc2VsbEBjb2tlci5jb20uYXU+iQGwBBMBCgAaBAsJ CAcCFQoCFgECGQEFglrXA44CngECmwEACgkQmDK/WUwry/WsBQwAjUbJslv3kQSCINhZJSNoXcQI 4LeRApUm5v9ClH25TM9L+pp6RTNiYnnKrc1HzyV6U5tujN9BEfDeXr2QP+h8ZLunBg4pDUaje/Xt yDsSLJ+z14WHggRuQFHSXgesONCi3xk0/U1D1m2byr54X9vKXoabfdLv611IemcICERNjS1N1Fdc V1E1hSCm9Svcy92TFiMswj3zhQBy7kbr6mScTZp5MBRRzer+QbkebaBx+UOvlkj5LBWMjPLYEC54 H15nljiZIlacT3Code570Vq3yqFoPWDys9r6AOmPR/Znpy2ODxSQJ8wSeeEciivuOhJCyOEa7XBN jMvY9+U6O9Z4SN9FhmWHYOYznuO7i2ROpgyOb+W7qV4ekiB44T9LMuoL8+KJmpFNFZ6uQSSM1DyO 9DZLHVyVpnAarL5EVMlf5I/3pHMR+jfOIRLCz2/QwMPWKWKMTUkKbHkeHRuDno7YyE6R4tpoP6Hi FLHhalleP2RIaCm2PS5kz2aPywagTa1cuQGNBFrXA44BDAC/FT5fMehSsongB3z01T11AaJ/epQq 7TdIlV2C6BsYY/U+q7fexUIeK83pYZP6kU6owsWryHRnxVk8PEkQQR+2GkL+7j9P/MFU+ZmxT8Ko lR2hCmQ3LV2kQRCqeWQ9Imk5SRA98aoPaijF/HB/EMP5a90vpMF0mNpjPr29UYodwWIvgHV/0dUk RkqbJFH5bS60YjlmxOD/xb4ThdP3zmlghf32lBOi1//QPHvM+rpHUvBQcE/y0wzvbSHgfZD2rsiI jUkHwKI38KbMf+hlNxcRtgBQH+dEsW10qlzZPcskyF6g5CbD1aAqhWs1lWG1aPJQ9h1g7ogxLKL2 ar3Hs8kWHEapuobW2B1+R0ZqLvNH729MwouDs8tmI0ieQjmhg5lsujz3mOO3vn4G2bX3YfoAcRXv C6nOfmUMFhvfFbbxVLJozyMA3DDTE0QmLr92Hbi3jPgK+cd7lhq0UCGyuEnw2d/pRA0uQ1mpftlM swHSwPIeryWcmh7l5Bbns8TVsDMAEQEAAYkBnwQYAQoACQWCWtcDjgKbDAAKCRCYMr9ZTCvL9bUZ DADO02t05jvPEiWglW96WXZJ2yzGiQMYSTyYe6Ac8X626lLeu2CpFk29CJPdfMW8Fn0xZPZ4aesg 0S1FsRBKK2S1KNyaOK9wVs/F8JSrPTOLmV621+CG6Q3vTP7dm3PzveNK3oc+UHdaOxvQAPRlDLKR CTddxrHES7MYpGCF0XPDjfj/lAyUethHdkQ3F40OM3MiYZjO/VP/7iSMjvaCyB6NdlhVRqZfJMVS Os7pcHRUNTvctmznfJ4bx5yv58YBjlAmVNlcFhmMKEjBOsRbrm+qpwJ4+O0grAbC3nixVdCIzKRr 0P+7CrIyRcUpJqYIxfs06BRfPDnV3LxlShgoS23V36AlFblK8+BleGQ/XZ5U+nkjF/LIqYh3Zfc/ aqiipfl4y1e5LE3HW/cpvgVGc/lNnrNb28ZGx8ES13kfDu5hOQie6Y+EVbVNcl7Mk8SoBEIkvp6J rtFXwA89ptK4QEHyRFY1EV4QDX/2zbDHBQT37OaGsiza4tYxc5FM3D687jW5AY0EWtcDjgEMAJ3J So9YDXq2kzOFAYal5qd/S8mieLYIypx2PrjbT9HSI5MbJsxhLRSxyJLpI0PRrm2yOPv0JKlN3wSL 4DYGqtP/ozCkza5qWETVP/9Jl2hv23XfQ6fsOBgASJkoNXEolKgSXfykDy8qIivWrRNyXs7uRVqg itp7sq/VN9EUxgMCHGIJryPEskypNy6GRfweuWJ0jQbDqWCzBEw68t5BxGivZq7epN/fddxTamg4 J7hp7iOw9lq0qGUQaNZwE6XJGx7oGO/UrOiYBj8NpZkl5cHklyAzX7hJFN2igifnah2ILyvGOXd3 /UFWfkN2dSZeHOwp4HYUEWSCEN1kbvCYWxIEBhwuSsT9UXQWG8g4QaK9nydVRVL4dIGXNU3CzqnN REnf92BkjLIUfLRkB9c1zbxVYsE5c+tr9dYq2FjFkTEvqsSf0p4bo8lTv3NZa9bhnXxVAPhlS6Mz UTxhDxJTsSXhg80NbD0dbwTcRTOchLoir2YGY00UGB2Tbllxz7thYQARAQABiQM+BBgBCgAJBYJa 1wOOApsCAakJEJgyv1lMK8v1wN2gBBkBCgAGBQJa1wOOAAoJEBza2d+WHDIYZ6QL/2FObYj3NyIg cm9+VzcIccrb04Q6motaINd+ec6R/5B3YL4nGvsgil2A9AvmXwrj4YIE0zcN7VZAyJnTASU1smQi uAnSgcw976r3icA4FzsSQBM0ZjBItv3N64JY6hTz6cwJXPHs7PqnOCSxvGoJROBzCbPRfiosETqU 6dmMHnHB4sFi4n3mgvXOLPB9XgMcnhrqQEAVGdX1bXm/umu0uo49U56L0OtV75EOOUNLEcUhGyxm lm8+kqbUPKTvZSU6zqOZWnpPwgLf//b+TlRJrVT68SkM28gKwRfwh4Sg6sgwxppn6jlb6Q7i//LI jAo+PoDqyfIMw2Z9OrnuE0N525S18r+NoTXwKbcwIzIBSdaATaqhYrtO9zQ7NSNE21e9zD8t0wf6 U7rb0D4qHR8RONIoe51zYCaSGtAOMMkYZrbCoEdL3D6ktoZf7ulDXKNDmO7MIWGx0QO3g6T/lcQk rdr2KXSeoZHz+a8SHkWprU38WBXEuUuKSJhsOzvpZdeB9PdmDADGqCV7WaoAq4K9Dl/sNcqwTqta LO7JcdjBCHhNZW5M47wd7RfAE4WVtDiNfsb3DFvSoqmYhCV896UD5c5cN1c149dvTM0SLtpJ6p1V 3zN/sUAyLBFayAjyiZ1UtczYNtQZSNPtGok0QOXAluQF2/A04BvXJVIhNROmlbV3DoVvdhujXco6 z6/3++fHG/EwC+Z9/Wzynwd4SzEO+w/i+BGV31+rZTgoA9na5U/SElEpZBZU9xUnEOzJ57QnMEA+ QWZAKdRlUBt1UMbpnX1Bc8tM6GC1OhLnI4sQ0apHzOjil/0hYzZNdUCl4zObD8zCg9sHEKw0tC4/ 1x7rTUvSgwrqsB+UBQop6HY03ItXgptwslrkT/XE6KI3qa8QL8ACe8Z2JPO4VgfGZx6JoQnxrSnc vkvUI2BpcCax0+7GOdYXQdBppGNgC6dav4PYXXxR4iuAh+114bcrzx//wNpeV7kVn3uL+cFpt8rG M/EAeJlmNNrw3VlU5soxvQhaCIArsNI= Subject: Re: read_file_perms vs mmap_read_file_perms To: Chris PeBenito , "selinux-refpolicy@vger.kernel.org" From: Russell Coker Message-ID: X-Virus-Scanned: clamav-milter 0.100.2 at swssmtp X-Virus-Status: Clean Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Now that we have just had a release it's a good time for changes that have = the potential to break things=2E So removing lock now would be ok I guess= =2E On 10 February 2019 1:07:22 am AEDT, Chris PeBenito = wrote: >On 2/9/19 5:25 AM, Russell Coker wrote: >> define(`read_file_perms',`{ getattr open read lock ioctl }') >> define(`mmap_read_file_perms',`{ getattr open map read ioctl }') >>=20 >> I think that the general expectation would be that >mmap_read_file_perms is a >> superset of read_file_perms=2E Is there any reason why >mmap_read_file_perms >> doesn't include lock permission? If not I think we should add it to >avoid >> surprises=2E > >You are correct, it should be a proper superset=2E However, my >preference=20 >would be to go the other way and eliminate lock from read_file_perms,=20 >which is what I'm trying to do with mmap_read_file_perms not being a=20 >proper superset=2E --=20 Sent from my Huawei Mate 9 with K-9 Mail=2E