Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7251295ybi; Mon, 8 Jul 2019 17:56:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqwa+gAZyt+foexEsGDKETvWU8V1DJFc6XRSxHHF0wF8NLPw4/CqNujuYnZfKd8avQ8blIST X-Received: by 2002:a17:90a:8a84:: with SMTP id x4mr28777464pjn.105.1562633772159; Mon, 08 Jul 2019 17:56:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562633772; cv=none; d=google.com; s=arc-20160816; b=CowcjWDgND2pZ9okS00Ta6kogomY5rBn2iocU1T84xlyhUDmiNTizMKJYUscNukRPg JBO/j/6t1nl78KHMOtPPfUXBm/4QXB4uSuGNjiqM/TzB5r4w7j5TTEMQj/BwXZFOKuKS KgD/x4wIUIzUtjZvtP2LvY3HjFcUloX0sJcGaZWewDUD/D8bA9KzZthsjYBAU5Xaqgi/ jjQ33WW0bzBnjlWZNqAjiolMWD0S6P0iugkn367fEta0yfNu2sONVgcZEBRIjpKgMogU vf13iEf4J2/wNHJQuctXLoEAX1yAf3oRe5o65QqruSLrZeI2ANNNUI04XZQXdk7jNFKK 5ePA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature; bh=K0UJXwjSuwBmOUVPpyom1Wm2uyxCY5QFmzKo7gYZajQ=; b=wlomtx//vllhniEv+I8K8kTy5AU3pZykvFgi+zjV+ex5HdL+JN89z3xSwW6g6NrtC8 GDjQscvnkG0M5DN4DS3GsLIdB0ZC8LCbtNLQEKQQ2F/3Rz40Fi9F/917Ib/+QBkIyYo1 Tz4xcN0vxYcJAI48CoQi0gMElKQALa/PZRdDTOLnKpvGYkzJYfbU766tFvEzto6kr1UF PQf/Ga0a8neIZkXDAEEvWIurCYvleA8LHDbZ7u4qDrnLoDH33pk8v22cvqvTuQUx3rK8 x/aHvg/7Z9ftwC0EuFfxMkQOsfKJ2G7qK/gjAk1y5bHe1FYrs/pDKEnrFMILETvqG/wt m2zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=bHv8FZah; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 73si9541307pfa.123.2019.07.08.17.56.10; Mon, 08 Jul 2019 17:56:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=bHv8FZah; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727147AbfGIAuA (ORCPT + 11 others); Mon, 8 Jul 2019 20:50:00 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:38747 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725857AbfGIAt7 (ORCPT ); Mon, 8 Jul 2019 20:49:59 -0400 Received: by mail-qt1-f194.google.com with SMTP id n11so19962142qtl.5 for ; Mon, 08 Jul 2019 17:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=K0UJXwjSuwBmOUVPpyom1Wm2uyxCY5QFmzKo7gYZajQ=; b=bHv8FZahuyiKI1ZI4LVeZzj9WkBs+oyv7gc2TpBP4PWumxbb7eM4ZecfInHwXGzXGO vHnKIZqpkXFwulGh5ZVrwyCOti4M6/Nx6dc4Ub7JIRiI9e9m00w+R7NBblMDq0WvVZbG xtogaXArDaQmgyiZSmA1UlGRG18BtFtljFi3w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=K0UJXwjSuwBmOUVPpyom1Wm2uyxCY5QFmzKo7gYZajQ=; b=PXgwihp5mMF+KNUHMlLdGSiz0dGkMLRg7xdANMvCoCAAx/3MiviYjtOOL5gi2xzLCf rL733u4drLEJojbK81h8dXJQdCIoeB3vFC2OOggiCIN50QY+71lzvLT52wDpcSQjyVkf M/9lueyO89rkW5gfVIXf9pW7WFSfVpTUCpR/VGssrZxiBjvPZXuh9FsSs+6yFqqmWu3p uS6ZeUbbf0/DGTOu+rsvTWTGaNQuyd8nIPqDn30HOeXJui5tG7tEitKo5qdI5LueowkW ijdCzGyR9rcKabJhub3vfTGRfeSLgWZ5pfl0pmO0nvKfy24xysa7nUaeb+uGavNIC9Q8 CuYw== X-Gm-Message-State: APjAAAUC1StipFK1TNtqbVurlHPqttihDkktWD3z8cuREL++pSA1bRQ4 ND6qrK4hnWr2BsXInJyM+uOmOQ4DnEk= X-Received: by 2002:ac8:290c:: with SMTP id y12mr15814789qty.141.1562633398612; Mon, 08 Jul 2019 17:49:58 -0700 (PDT) Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id d26sm7960482qkl.97.2019.07.08.17.49.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jul 2019 17:49:58 -0700 (PDT) Subject: Re: [PATCH 4/5] Allow rpm to map file contexts To: "Sugar, David" , "selinux-refpolicy@vger.kernel.org" References: <20190702153014.14097-1-dsugar@tresys.com> <20190702153014.14097-5-dsugar@tresys.com> From: Chris PeBenito Message-ID: Date: Mon, 8 Jul 2019 20:40:03 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190702153014.14097-5-dsugar@tresys.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 7/2/19 11:30 AM, Sugar, David wrote: > type=AVC msg=audit(1560944465.365:270): avc: denied { map } for pid=1265 comm="rpm" path="/etc/selinux/clip/contexts/files/file_contexts.bin" dev="dm-0" ino=44911 scontext=system_u:system_r:rpm_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file permissive=1 > > Signed-off-by: Dave Sugar > --- > policy/modules/admin/rpm.te | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te > index 7020276c..111fcb01 100644 > --- a/policy/modules/admin/rpm.te > +++ b/policy/modules/admin/rpm.te > @@ -211,6 +211,7 @@ miscfiles_read_localization(rpm_t) > > seutil_manage_src_policy(rpm_t) > seutil_manage_bin_policy(rpm_t) > +seutil_read_file_contexts(rpm_t) > > userdom_use_user_terminals(rpm_t) > userdom_use_unpriv_users_fds(rpm_t) Merged. -- Chris PeBenito