Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp832545ybi;
        Sat, 15 Jun 2019 12:46:12 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzy2Ic6FNTr3o12DYEU8FS/tvroeXfyy7tL5Z812tKfkHrnOpig4HlkBlOiRW38rM+jBMB2
X-Received: by 2002:a17:902:830b:: with SMTP id bd11mr47955505plb.202.1560627972661;
        Sat, 15 Jun 2019 12:46:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560627972; cv=none;
        d=google.com; s=arc-20160816;
        b=GAbyqcq8HcuAgiotTgxH4itqBjEVXVPSIng4Dv+n4xvBaS8b2TtgrqHXMuom4sEz56
         1Xdkr+DAqASZRCEwSNqLVAhhP4jV5C4aptveYYW28VaeLLm+OzVpC3oKRT6JWSlPUIva
         /1r3h2/J2U5C7zyx9v8Z9TmmndvzDK4VTKW+2FDAaM6D52Ur5NG9MdEaOaWNGXIUN6R4
         dTBacMWMqNlPHinDWvNN2LcLusj7gSWXP860LNya4T1i4P3Nuh0y1i/fAcXh5Z+mP+Rh
         zCJ9WvYmwKnWmknoJ3gDAIwQ53s1U9RFjBfr6IYdZjf7VxjTUzba5cMwyOTrD/usNUwH
         YsFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=zxzaV0hO/aYd2/kK90PyA3w4E0wkM2r5ltcfAC36SGI=;
        b=0RaD5Pt7emupDn5fHRpvNM9iSZX15/NlCIs3vM6m9XcjuTfv29CY68h9U0b9T7LLk4
         XPJvdMVD2D4MKn/pYc6IRdm0pMwZuz2MgAJDqh0g4INejzQfO9oT7TiB1t7WNfVZkWpR
         5OX2zVZ8864yg/Hu+vyg5pN8g7juCWzcIwavmzHpnTUruaKP+b2WhbOyIx/NCETVfywl
         DdolnsObTJIew0mrF4XEdnJY409A0WIRy+Uv+eS7r+qJeWgiGIP4h2PPcqMt3nN6H4TC
         JCtiUIZGGrbr6iaODMUtd9XrWDXt9dkjmG2+bcCdLIppvfUwO4cw7p8g5/+FPDpK7Ajj
         t4lQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=cHJ169bF;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y4si5618535plb.402.2019.06.15.12.46.08;
        Sat, 15 Jun 2019 12:46:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=cHJ169bF;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725944AbfFOTnw (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 11 others); Sat, 15 Jun 2019 15:43:52 -0400
Received: from mail-ed1-f68.google.com ([209.85.208.68]:37705 "EHLO
        mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725270AbfFOTnw (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Sat, 15 Jun 2019 15:43:52 -0400
Received: by mail-ed1-f68.google.com with SMTP id w13so8966352eds.4
        for <selinux-refpolicy@vger.kernel.org>; Sat, 15 Jun 2019 12:43:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:mail-followup-to:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=zxzaV0hO/aYd2/kK90PyA3w4E0wkM2r5ltcfAC36SGI=;
        b=cHJ169bFfMdR1kAhk97fxIUwaSL4ysizm1E7b8pFGe5YjL3A2p5gJ/nsP07fXi4o/y
         V9Xk9D3c4UiR4RLruPMYsSsRRV2oOx4Nj6disupSHlLFWoYn+N7UPE92/pXn9izm+36F
         dHgpvW0ktjhiOXnIcyx137m970owdBpb1iwvRc1HbNCEdcIKSTpVF+is14gd153MMq2S
         TQF/29k9MNPWliAshuSf882IrV3eH0LMDPSSSJh3hTi0+iVIJDRsY9kzZGLHfwsAbDbM
         AAi3/oWleLzJKFF4j/1g3ZwVJBKkAOlfYpDnTPU0u1Vc68FqH9RIh5wQoaFQcJ8LrVJI
         rraQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id
         :mail-followup-to:references:mime-version:content-disposition
         :in-reply-to:user-agent;
        bh=zxzaV0hO/aYd2/kK90PyA3w4E0wkM2r5ltcfAC36SGI=;
        b=PV4fTj7Raun+kAR9/JOX1/UiEMUppamGufj3Et4sW8qRbEjWDj5hDmNl4IvJw3Zobc
         TtQjVp8njrH6cRbx2y6yyBYAWSK9R/GT2V4yctL5tF+C/MB2tgWkLHJbwhv41hW4IHIO
         KAhhzaTxS+rcy1vngCnjOUN7p8sh2mmDhFs6Mifm/AgSHEFP5km4qZ+WDSvf8j1q1a5A
         dandQ8ujM1QidKAEeqexLStYIG5YsW2uywEYNBeg4SOSO9Zj6W25zyEzPmni90awLvPG
         25IokiqmvoLBe4WnsmrvTDqZxvJZwjQt0O2aNfdYxMHvaZoSHXx2PPCJtx3pQAV9VYWM
         Tpdg==
X-Gm-Message-State: APjAAAVCDv9k5tMdhsRmDuNaPzY+9XxpRd64cIJvnSXKQ97ZdJOTIkNH
        KuOIYlh93bQ+A/ihUOcEuMo=
X-Received: by 2002:a17:906:7043:: with SMTP id r3mr10510765ejj.135.1560627831264;
        Sat, 15 Jun 2019 12:43:51 -0700 (PDT)
Received: from brutus.lan (brutus.defensec.nl. [2001:985:d55d::438])
        by smtp.gmail.com with ESMTPSA id y2sm2251404edc.26.2019.06.15.12.43.49
        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
        Sat, 15 Jun 2019 12:43:49 -0700 (PDT)
Date:   Sat, 15 Jun 2019 21:43:48 +0200
From:   Dominick Grift <dac.override@gmail.com>
To:     Chris PeBenito <pebenito@ieee.org>
Cc:     Alexander Miroshnichenko <alex@millerson.name>,
        selinux-refpolicy@vger.kernel.org
Subject: Re: [PATCH] add lldpd policy
Message-ID: <20190615194348.GB2818@brutus.lan>
Mail-Followup-To: Chris PeBenito <pebenito@ieee.org>,
        Alexander Miroshnichenko <alex@millerson.name>,
        selinux-refpolicy@vger.kernel.org
References: <20190610142004.2719-1-alex@millerson.name>
 <749388e0-6da1-4b06-c62c-35302a5aba78@ieee.org>
 <20190615175859.GA2818@brutus.lan>
 <3d0d13b8-3090-558e-23b6-7edaeeff3f92@ieee.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
        protocol="application/pgp-signature"; boundary="cmJC7u66zC7hs+87"
Content-Disposition: inline
In-Reply-To: <3d0d13b8-3090-558e-23b6-7edaeeff3f92@ieee.org>
User-Agent: Every email client sucks, this one just sucks less.
X-PGP-Key: https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org


--cmJC7u66zC7hs+87
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jun 15, 2019 at 03:24:03PM -0400, Chris PeBenito wrote:
> On 6/15/19 1:58 PM, Dominick Grift wrote:
> > On Sat, Jun 15, 2019 at 12:08:16PM -0400, Chris PeBenito wrote:
> > > On 6/10/19 10:20 AM, Alexander Miroshnichenko wrote:
>=20
> > > > +allow lldpd_t self:process { fork signal_perms };
> > > > +allow lldpd_t self:fifo_file rw_fifo_file_perms;
> > > > +allow lldpd_t self:unix_stream_socket { accept listen };
> > >=20
> > > These perms should probably be create_stream_socket_perms.
> >=20
> > the other permissions are already provided with logging_send_syslog_msg=
() so would be reduntant
>=20
> This is true.  However,the syslog socket is not the only socket in use.
> Since it also listens on its own stream socket, the
> create_stream_socket_perms more clearly shows the intent.

The compiler will remove the duplicate rules, and yes the intent is more cl=
ear.
It just feels strange writing and reading duplicate policy.

>=20
>=20
> --=20
> Chris PeBenito

--=20
Key fingerprint =3D 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=3Dget&search=3D0x3B6C5F1D2C7B6B02
Dominick Grift

--cmJC7u66zC7hs+87
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCAAdFiEEujmXliIBLFTc2Y4AJXSOVTf5R2kFAl0FSm8ACgkQJXSOVTf5
R2mO+Av/f+4AsXpaH3QWN6JIorar8oHHPiBA50SFAoiy3YkREpVeUQr179geWo9W
AN8S0x826+QufYRUgiwX6wBExQ9gg6YU6B2ZC0dJaFK5ad9ys1Enele/fYTovIuV
HTiaKVULWtZrb4mGNqwo7YPM6dhrpHapIAysZ8I1NcbFBNS5YCS5mj3yP6zjEtzY
PT5opCqj2MOQRKoDhFSqV2NXcV6Q8ipEmscDujvcOYs7yW+YOWFphW1OFp3X7Km4
cSIem1snpcIdT+6jCcUQAYLqK1XdpbP6AbPfox5APNiAE/A5sK+vAznCVJ0AP8pd
9kRA5pqeHqYc+5ke1u+nJRPN2Vdsq618qDdD9UDFJ/ATGemhH3qKEYGrtO6AzWbp
eA26p+GhPEYlLFk3NELso1V0VcEZUS2v78sWZ6Y5VmX4QUrM2xncP94Xzosh5N55
par+KsrJZvTlXSVgFfqIK6PsydMZSwupU7O+tNZizF2e5fpFkbsmJ4ymtlfx/oyi
2ibe4ZJ4
=wSN1
-----END PGP SIGNATURE-----

--cmJC7u66zC7hs+87--