Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5041279ybe;
        Tue, 17 Sep 2019 01:21:50 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx8ZXBXy/drvcr279zOyK81KFHfqnDB62qsv65ZXw9uoYhCkwrpVtS7T7BjQn7Os431w1oD
X-Received: by 2002:a17:906:5146:: with SMTP id s6mr3658980ejl.1.1568708509939;
        Tue, 17 Sep 2019 01:21:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568708509; cv=none;
        d=google.com; s=arc-20160816;
        b=Xk/S+cW2qXvAH+4XDgamWdds7fETLIyIbWSQrUNfsdBnT+j6LPplvsHe+Ecucsn8qZ
         +BhvjZiLLW/Q60EGwptDQ0YmhyLaM9+CzAYRsmUSrVI7nWDD7TcGaAeZJy49WcactXWN
         PfUKMkwjMqyFpZPVTSlvdvYa8ipU2duamI5FFtczyBCBTa+shqZd6XCzPcKV/k3Mfc29
         Zn+GnBFaH3QVUBrigM1avGTOOLdbr1VqCmZV+uB6yLJubz0PlayJ4foRjQshGUL4jitQ
         EvBSUB3FfZF/D7jP2H+MKcka2LQJjzYpwOASo8IHz12rD6w1Hv/eQTcShUbLZmRQu0rC
         ZyBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=d92nc+zfz/6d6oYNkD+/X/7quH2j63IGMqR1r674M7k=;
        b=kE35NTmsf1q9BnbBYU3sPjBsRVf40YTXv/8c5INHqZd0nFxtRahvXoLY096IQ/+3yu
         sjYOIUieFmSJuTTg1xrypQ38R9PajkUdJq7oZNRWAO8tZx9FRaTMmJbsA4mUyGZzpuRu
         WXsoeOgf6LZ4ISc88zlpw+VdGwVrQyY5OvGhlZzaOiquXK0Qv3JaHUd4FRAivcTjC2XL
         DJVwIDHLNfue08XorPnQGfynC/35k06Emrg5nYFPXv7//BdQa5dgtN/s3GvICYNGcTF5
         xAZaT2Dd8HGKNODhfzlMOdRzTcQDkiEgJNQg66glYej7uYVpKmgGw6cTgNd6ZOKXd8KY
         AC/A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b=XPcCuEWP;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e22si722554ejr.19.2019.09.17.01.21.44;
        Tue, 17 Sep 2019 01:21:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b=XPcCuEWP;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729818AbfIQAwf (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 11 others); Mon, 16 Sep 2019 20:52:35 -0400
Received: from mail-qt1-f195.google.com ([209.85.160.195]:46343 "EHLO
        mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728402AbfIQAwf (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Mon, 16 Sep 2019 20:52:35 -0400
Received: by mail-qt1-f195.google.com with SMTP id u22so2183899qtq.13
        for <selinux-refpolicy@vger.kernel.org>; Mon, 16 Sep 2019 17:52:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ieee.org; s=google;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=d92nc+zfz/6d6oYNkD+/X/7quH2j63IGMqR1r674M7k=;
        b=XPcCuEWPprkyGkffavkv9F1r2VUiG3uF/iVlT2TUe5WJfZbY9FEoBiI1snr6v1Qu1f
         C7abRpNcgOWI4Tk+0WElX1G943SYSOouELFLz8M65HRMFfi+XI/glwG/ojZfT6e7hxjo
         ZZpecZaeiLfwsnQ1xrhqduhf9eTzoZHXgcQoY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=d92nc+zfz/6d6oYNkD+/X/7quH2j63IGMqR1r674M7k=;
        b=L+eEvOqnagUL+EnT+MzySOvvD+aItNtLa25cCvCw8SYHbE/3MdknWhyA16jYk/gTLh
         xjgi/DT+n212cf/WaoexW9fesxwxz1xywvt18bmkhYUw4j9ITJi5L4uOvmlVlwlbccrM
         bVhvyQQTZ7OXxMCFQdQ9BQMmxwK+yDV687vm6oJsSP9MDKvPBA/36GLe1YRNyek/Ab1G
         7U2hL7dpdz8ADx2ykhMh0+4vsqoSkE0sPv/7Hr8I2EaM0Kda6xttw/IRKOZZiAS89wA0
         Aer5tblngkvzf5fCm6LujXKo+/KjusFoFUTPebTlrH/vxibvZUFoHLSl+8GILU7daAqG
         IjBw==
X-Gm-Message-State: APjAAAVQYOnROjCYGHT0TqouQbbn6s+UzlCK3fnc/JONUQdoY7X9DnLz
        ZaWp72y76tPtgBI5NXZhAYnD69Bl81E=
X-Received: by 2002:a0c:a5a5:: with SMTP id z34mr1042539qvz.110.1568681553714;
        Mon, 16 Sep 2019 17:52:33 -0700 (PDT)
Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247])
        by smtp.gmail.com with ESMTPSA id d133sm369180qkg.31.2019.09.16.17.52.33
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 16 Sep 2019 17:52:33 -0700 (PDT)
Subject: Re: [RFC] Rename *_var_run_t to *_runtime_t
To:     Nicolas Iooss <nicolas.iooss@m4x.org>
Cc:     refpolicy <selinux-refpolicy@vger.kernel.org>
References: <581e9bcc-b5f9-1219-c520-d4dbf2b5f9eb@ieee.org>
 <CAJfZ7=khMjHJ01jCXkrTZ2sCypGjW9ZP2fZ0NOYTvynDFQhRCw@mail.gmail.com>
From:   Chris PeBenito <pebenito@ieee.org>
Message-ID: <7a4077a7-e889-226a-26c3-891db800755d@ieee.org>
Date:   Mon, 16 Sep 2019 20:52:32 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAJfZ7=khMjHJ01jCXkrTZ2sCypGjW9ZP2fZ0NOYTvynDFQhRCw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

On 9/15/19 6:33 AM, Nicolas Iooss wrote:
> On Sat, Sep 14, 2019 at 11:52 PM Chris PeBenito <pebenito@ieee.org> wrote:
>>
>> /var/run has moved to /run on most systems and it's use has increased
>> beyond pid files and sockets. Because of this, new types used in /run
>> have for some time followed the convention *_runtime_t. This change
>> would rename all *_var_run_t types to *_runtime_t.
>>
>> Since this adds many aliases to the policy, the patch set also drops all
>> old backwards-compatibility aliases.
>>
>> https://github.com/SELinuxProject/refpolicy/pull/106
>>
>> Any objections to this?
> 
> Hello,
> I agree with this change.
> 
> When I loaded the policy with your patch on my test system, my kernel
> logs issued a warning:
> 
> SELinux:  Context sysadm_u:sysadm_r:samba_net_t became invalid (unmapped).
> SELinux:  Context sysadm_u:sysadm_r:smbcontrol_t became invalid (unmapped).
> SELinux:  Context sysadm_u:sysadm_r:winbind_helper_t became invalid (unmapped).
> 
> This is because the following optional block from sysadm.te is now dropped:
> 
> optional_policy(`
> samba_admin(sysadm_t, sysadm_r)
> samba_run_smbcontrol(sysadm_t, sysadm_r)
> samba_run_smbmount(sysadm_t, sysadm_r)
> samba_run_net(sysadm_t, sysadm_r)
> samba_run_winbind_helper(sysadm_t, sysadm_r)
> ')
> 
> This block is dropped because it required two types that are not
> defined: nmbd_runtime_t and smbd_runtime_t.
> 
> In the current refpolicy (git master), there is:
> 
> typealias samba_var_run_t alias { nmbd_var_run_t smbd_var_run_t };
> 
> Your pull request changes this to:
> 
> typealias samba_runtime_t alias { nmbd_var_run_t smbd_var_run_t };
> 
> Should nmbd_runtime_t and smbd_runtime_t be changed to samba_runtime_t
> in interface samba_admin()?

Yes. There was another interface that also had that issue.  I updated 
the PR to fix it.


> Other than that, I did not find other issues.
> 
> Thanks,
> Nicolas
> 


-- 
Chris PeBenito