Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63E7CC10F11 for ; Sat, 13 Apr 2019 07:54:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2C28C20869 for ; Sat, 13 Apr 2019 07:54:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PVt8yjd+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726936AbfDMHyx (ORCPT ); Sat, 13 Apr 2019 03:54:53 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:44139 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726833AbfDMHyx (ORCPT ); Sat, 13 Apr 2019 03:54:53 -0400 Received: by mail-ed1-f68.google.com with SMTP id d11so10290693edp.11 for ; Sat, 13 Apr 2019 00:54:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=aJb4tczxMNA+QUr45IgR+5rLSWRIn2DcufH5UFRPX4Q=; b=PVt8yjd+W5mlRaajZ1aBDKPWnl+QwbZoiGbEfLiIOdRPkKFU1gdk3QDQsFSOUVtzPo eveAy9Hip5p87BGWKhRq7CN5Ine0phxwho4HmoDU7SvoT3utZ70ZwkoMWgFcQGm1mAsB eVqvP0vqWK7gubeWTxvrnhqmeKSuA6mfhRDPxB9Zi2iMeWrMCr/VyDSjO8YOoaDQtdbe 6ueObkXSisnOWgjWQfBqFIZtYXoh4r/7NUVbkmqnc9ZPhQAyfy58j+S3H1jTJLKLoc6X Cb+IJjW+vXO0IACB00N4ajjmSzObpyUH1IeSN4gMe13eSCJPbmQU0TRBAgZIaMMQ84C9 dAYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to:user-agent; bh=aJb4tczxMNA+QUr45IgR+5rLSWRIn2DcufH5UFRPX4Q=; b=IXLqm9PfRvF4Cmg1kwJ8B8fzoAjHFsFBy6Jk1L2ZAOlczkfYkQnJ0X7yYwjYbUPP7z KwR3LKl3FxhXERuAEuTBzPT2S7/b8D10vPcTlXjut4Yunrs7GEyPHBp4Z0R0JxezMp8Z 8qgiwE+4Z75EpD3APFwWTSdtvJHkdnGtQnoY8Kb04NPrt4n6qzZWBm5ip7E99AARgjqm Hv2OuC0izKmw2rnd4rT8AXfeFXLbLO/ZmAG37oKXd2Zy/61pb+/iEMQuCjAXQnhPITHf OOq1Wbb8OU/3/A08QrheFxH50x+yOfFtgv39gTLFvGCrPHWoaymTYvWelA97RXEtyUN6 WF1Q== X-Gm-Message-State: APjAAAXZ5WCospjW8k3qylWTyZjIZRCRYhdRAWAJtlkZmXAzzrMPziGt XHHC8oLGOch/7nQC3pJNb0im5rZp X-Google-Smtp-Source: APXvYqwI5ZOigxVbRi2JCdVd0sbvTleimLcxmeYm+9xT0jmRO50eMV8idq7M0fdLLeod293EIy/cSg== X-Received: by 2002:a50:996d:: with SMTP id l42mr1136703edb.181.1555142091558; Sat, 13 Apr 2019 00:54:51 -0700 (PDT) Received: from brutus.lan (brutus.defensec.nl. [2001:985:d55d::438]) by smtp.gmail.com with ESMTPSA id x54sm13107198edd.35.2019.04.13.00.54.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 00:54:50 -0700 (PDT) Date: Sat, 13 Apr 2019 09:54:48 +0200 From: Dominick Grift To: Russell Coker Cc: "Sugar, David" , "selinux-refpolicy@vger.kernel.org" Subject: Re: [PATCH 3/3] Some items that seem they can be dontaudited for plymouthd Message-ID: <20190413075448.GB5901@brutus.lan> Mail-Followup-To: Russell Coker , "Sugar, David" , "selinux-refpolicy@vger.kernel.org" References: <20190412193917.23886-1-dsugar@tresys.com> <2319520.MOiGnKPAe5@liv> <14839769.DdiKdgLD4o@xev> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY" Content-Disposition: inline In-Reply-To: <14839769.DdiKdgLD4o@xev> User-Agent: Every email client sucks, this one just sucks less. X-PGP-Key: https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org --1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Apr 13, 2019 at 02:24:25PM +1000, Russell Coker wrote: > On Saturday, 13 April 2019 1:26:06 PM AEST Sugar, David wrote: > > On 4/12/19 10:33 PM, Russell Coker wrote: > > > What is netlink_kobject_uevent_socket? Do we have a place we can doc= ument > > > this sort of thing to make it easier to determine whether access is > > > required and what the implications of such access are? > >=20 > > I'm really not sure either. But, please note, that this patch is > > dontaudit rules to quiet some denials that didn't seem to have any > > negative side effect. If this patch isn't applied things will still > > function, just have some entries in the audit logs. >=20 > There's a good chance the action in question isn't an accident and some a= spect=20 > of the program's functionality will be changed. I think it's best to hav= e an=20 > idea of what the issue was before putting in a dontaudit rule, if some=20 > configuration of that program actually needs such functionality then a=20 > dontaudit will make it inconvenient to track it down. >=20 > Have you tried running strace or ltrace to see what it's doing? I agree that this probably shouldnt be dontaudited. This is a common patter= n for "udev clients" The kobject_uevent socket aspect is probably to monitor devices (equivalent= to `udevadm monitor`) >=20 > --=20 > My Main Blog http://etbe.coker.com.au/ > My Documents Blog http://doc.coker.com.au/ >=20 --=20 Key fingerprint =3D 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=3Dget&search=3D0x3B6C5F1D2C7B6B02 Dominick Grift --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEujmXliIBLFTc2Y4AJXSOVTf5R2kFAlyxlcQACgkQJXSOVTf5 R2mrAwwAuNQ5KTB39fVuvsp4bGE0p9Xw/3/tr46OJWxZY2/r+nrOSVxYIDYS7WRm X9WxGZvDDNHHeNwLDzYEL5XB1Uc97aOJ/3wSwzUYp6vLkYiPbTmpUwrdxpX/HOa0 bJddtBnXUuqOXd5rH3sGsgWEMjqO12FdRbUswBhJMG5OJ2f/qld/aBociLPUArEg sTmRyYMqByhf5w7F8O4G3bMElwqg1uJiS60VxHtp/I4Sp8Bq6gSLJZsc7G25wWp4 Wiqw8RuMV2p9kHR3LysJwMaAcNSYYDZvEap/+IO4VUiWH4yebTe9LOowEllZNrh0 F5JVB92DwCJw34QmmeW33DfzT71BfkNwo9hODBkrkiUiys01D2Hl1HYegknOSZW1 FrRoJCdIBygnHEH5L4X1egrTQmTG1UBN962sZZ6HgCocYorgJrUtwkjpEWmeBBzR 5hvwGKx/QK/nLI/Bt7QbVoLUXfCHj320I+L3MpWXxdQFWYZAELSTzoNfHe/DxZZF LMdZ+svu =kSZC -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY--