Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC844C10F11 for ; Sat, 13 Apr 2019 04:24:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8B09E20848 for ; Sat, 13 Apr 2019 04:24:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="d51ycgrh" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725789AbfDMEYc (ORCPT ); Sat, 13 Apr 2019 00:24:32 -0400 Received: from smtp.sws.net.au ([46.4.88.250]:57710 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725776AbfDMEYb (ORCPT ); Sat, 13 Apr 2019 00:24:31 -0400 Received: from xev.coker.com.au (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id DBFC3ED83; Sat, 13 Apr 2019 14:24:29 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1555129470; bh=hmAYWyNbz14f3RlKNpKyCwpX8x1Tyf6j0eIPU4Jjz5Q=; l=1104; h=From:To:Reply-To:Cc:Subject:Date:In-Reply-To:References:From; b=d51ycgrhqFcO/9rA6m4NXZknsebXGEE6koMkTXEjeSmc0T6QVjmzROuuZjZiXvtQa Vx16kt2G+6V1X5sBJ4zx+zL5WoVSzK070/YmvyjIimD2qBJkpww/ZlvzhYUVRLWY71 gS3yFCR6rslyeCexgjIBQXIcrbVc3UHIRUk9Qo9M= Received: by xev.coker.com.au (Postfix, from userid 1001) id 57D68D0E773; Sat, 13 Apr 2019 14:24:25 +1000 (AEST) From: Russell Coker To: "Sugar, David" Reply-To: russell@coker.com.au Cc: "selinux-refpolicy@vger.kernel.org" Subject: Re: [PATCH 3/3] Some items that seem they can be dontaudited for plymouthd Date: Sat, 13 Apr 2019 14:24:25 +1000 Message-ID: <14839769.DdiKdgLD4o@xev> In-Reply-To: References: <20190412193917.23886-1-dsugar@tresys.com> <2319520.MOiGnKPAe5@liv> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Saturday, 13 April 2019 1:26:06 PM AEST Sugar, David wrote: > On 4/12/19 10:33 PM, Russell Coker wrote: > > What is netlink_kobject_uevent_socket? Do we have a place we can document > > this sort of thing to make it easier to determine whether access is > > required and what the implications of such access are? > > I'm really not sure either. But, please note, that this patch is > dontaudit rules to quiet some denials that didn't seem to have any > negative side effect. If this patch isn't applied things will still > function, just have some entries in the audit logs. There's a good chance the action in question isn't an accident and some aspect of the program's functionality will be changed. I think it's best to have an idea of what the issue was before putting in a dontaudit rule, if some configuration of that program actually needs such functionality then a dontaudit will make it inconvenient to track it down. Have you tried running strace or ltrace to see what it's doing? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/