Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5861277ybp;
        Tue, 15 Oct 2019 06:13:46 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwkxSfvyistJwclelFJA/HH+aBplYK1qx/+tqftPumTzRkIORTokNM1gnRvYcBgJ4Kgmks2
X-Received: by 2002:a17:906:5292:: with SMTP id c18mr33771227ejm.129.1571145226226;
        Tue, 15 Oct 2019 06:13:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571145226; cv=none;
        d=google.com; s=arc-20160816;
        b=zCotygM8xa5D2nhpTnn8qD3g2MGqW8VmrKQJoBNYyDZrjOJdI4YwAHXS8K+rHtqbOC
         kkb8efNm1eYRQ/d5rqhBmal3HKqp4efi8wajcoAB9QckhvmOQpv5ppDpQhzGA2WRUiN4
         DelzGuVNPyWXawI/SPin+8UUMkEIDzvl8Rgp9rJPb5NTv+RgXlMX8sF+aaOMjeXUhutn
         q4enoWIPbD1GKs6OMWjB5Lo/6/++j+rbd4IrW13tboVsENsD9F4IaL6TbEqAKYU3Ja6D
         w8NuEFyOjcmQsFYobcrWFO4I8c05uDxpU79t24p4S2oni2SXToA4y1eEEEm2GQDbXzA3
         k4Mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date
         :message-id:autocrypt:from:references:to:subject;
        bh=H88Rs8Yz4QogF95f4ax3sD2R4SXqivjGtWVK+nWIm9A=;
        b=GmuksphTd8I4HdtCo8SAaNSXhYGaqg8pNLN9HnNn0gFER2u9sa2pSFmllMABkLhR4f
         gjU+MPL4yvKK5HRDUUlWycCi833rN3jwDBW/epI/7BbwOCcOdn3/d/PIkOyrmw3tLcRV
         lgso+BpEktco+cQ6VDCcY/IlLkBzY1+rUZb5IZNbnTqlWlO7vhelx+P+r0myRxPKXLpD
         1L6Kw6vO+h9av0MB1t4gw08qCiQDeWOjaG6thLzZ64mOz+fQwuMLOci7in2U7b2pKZFC
         SR8HomIPS8x61bxwm0wj72wns1vqf/L61i7oRJ+1hTXC9qOUea98t8/oEnig6HEPS2s+
         LFyw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l45si14483015edc.185.2019.10.15.06.13.42;
        Tue, 15 Oct 2019 06:13:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730137AbfJONJ0 (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 11 others); Tue, 15 Oct 2019 09:09:26 -0400
Received: from ithil.bigon.be ([163.172.57.153]:42028 "EHLO ithil.bigon.be"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725710AbfJONJ0 (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Tue, 15 Oct 2019 09:09:26 -0400
Received: from localhost (localhost [IPv6:::1])
        by ithil.bigon.be (Postfix) with ESMTP id 64AAC1FDEF;
        Tue, 15 Oct 2019 15:09:22 +0200 (CEST)
Received: from ithil.bigon.be ([IPv6:::1])
        by localhost (ithil.bigon.be [IPv6:::1]) (amavisd-new, port 10026)
        with ESMTP id Dy5fuoBj0Mri; Tue, 15 Oct 2019 15:09:22 +0200 (CEST)
Received: from [10.40.0.155] (unknown [193.53.238.198])
        (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        (Authenticated sender: bigon@bigon.be)
        by ithil.bigon.be (Postfix) with ESMTPSA;
        Tue, 15 Oct 2019 15:09:22 +0200 (CEST)
Subject: Re: [PATCH 05/10] Allow colord_t to read the color profile stored in
 ~/.local/share/icc/
To:     Chris PeBenito <pebenito@ieee.org>,
        selinux-refpolicy@vger.kernel.org
References: <20191011122416.14651-1-bigon@debian.org>
 <20191011122416.14651-5-bigon@debian.org>
 <20191011125423.GA279944@brutus.lan> <20191012075320.GA716332@brutus.lan>
 <f0b189cf-81d6-c567-2224-45ce70bcc796@ieee.org>
 <20191012160934.GA3589@brutus.lan>
From:   Laurent Bigonville <bigon@debian.org>
Autocrypt: addr=bigon@debian.org; keydata=
 mQINBEt3P9IBEAC883icAuxmVt4deGPxDeiEV2cT4pw4uXibIeZ1XNSrwrWcAgsK/o61nZWT
 hxIpTFe2c3/B+ijBdEHXqV9lZMsIgiAyExfkwM4DCamEtXoC3Cec9BlGuIJ/Eti8bb/wsvOt
 SQiQC7X/j51ExB7ag+f/9LINLcNgn1PP4kqAAo+d1zgEXyQLJmqqxaYwuwyJausPUu3UuSUH
 k6Gujhs3eB5lf5SNPR347JGLyv/L03EbwBgUxte4w0IkXfxxFSj93aOv69+mJNmPUgjNDn+A
 oYTLT5ddsls4iNzwd4zdqDJtCrNnlG7xXf1mkB+v4j96n00JTMYX2v+vN1TK2kAzo1WnMhhc
 WZv6f50uskCcdqzuNkSzEHBPoVZRX6FPtSfqbBcqRvyYwNn6Dv8V+k0LWLr6SJukl96a/C7u
 ZLOnIzie+B3/Oj+YQKJf7TLUJUi0tt6Z/LFZ4Qrwu2vJwprlhyKCsos2+rPs7BQHzg/JEROj
 j3wXkkILZSuBB+bFIIKJljVwIYM4Feqk0WDhiYbazRY7MWro7ZY8Pp4STjLgaWvJwaUnCrhh
 T4taVNl7ZxnohbFZhxgtgoK7XHijWbGJnG9Mkg5T4AnI0bQTkZfFR9gReKl2RPHLooHHILBg
 anj16MvZdebRP7S7JeAy/tpBTJ6chSu6dTevk7jGnxVT51YHHwARAQABtCVMYXVyZW50IEJp
 Z29udmlsbGUgPGJpZ29uQGRlYmlhbi5vcmc+iQI9BBMBCAAnAhsDBQsJCAcDBRUKCQgLBRYC
 AwEAAh4BAheABQJUsu1cBQkSz9NMAAoJEMf3+WYNgqaCGOMQAIzBswBywK8pTscmqYcDb6cg
 aJ8johh/ldRX5zVm0GPzwIAbBTVJxXtTODFbCUL1nDP2NzcbI1w/5m5lN/e3blu29BA+oc6d
 2/SM9JlBwmtRpD7DDBfiB40qbVIsDPEPVrM1i7HkBGJJ53hIIDnphdclAWSaJD1b/mJ0fuo1
 zxrs3ONxyq2aGyDhX4dT2PH+hoGUTIiQwcYR4yruwpYi+t8w9qb1d50ldWT7BUi+USPRStck
 Js4cV1cdumBLF29WgAHtHZ23uZ6bJ3Ck/OTk/ntWXPeEBnk2ZvBIHwAeOe5RHVFaR/PnNn26
 VyC+RH+Qa1byWJRo4ohd5MUHY0EEIMumT1x3vh6LxGoNaH/nT4KVN4MTMZjAtsKKYrV6UA7y
 Igcn9yHRoW7p16sYvteO+z68+ox3NSOOKerJawe72xDL8+UXmO4Frxuv7ugplPh2/l4LVVMq
 8V6maNz6Q62myMwsScye8zmk8M8R10LtvmT8tUty4ts9Naj9BSt9fRap0nqX/+PJ7KIOzCyZ
 pOi+shUvRye5PI/yjV+wN8gKQ/k2DMPvlX6PBuWFKxIX5cWloGvAkc0dIbj6ksRPo+Mh9SmA
 w0dqWtUF2LnMY/xugjvimdkrHJTVuG87gRp/sii/SMrYlF6rCkEEXtse+JEz3vICFuG2BRjN
 C5491zOTXK/NuQENBEt3QC4BCACpWl7cu9SkZWejaFEHehoZkTN44y5cSOCnptBtOA08tl4m
 UsWO7j/HmqTgseYAj6p1NO7lK5llcJShb05SWycVlDI/ekVLzE4pIwJ5R5JgxU6FrbT9UXuV
 8VAmKXGCtf9SByxRQIqdryJ5fOszrK+Bq/1JDdvNh6F0Ex1S9vjGNIuZGQKEcm8QvJl9EuGk
 87kWUlW9brf7eKao9WcJPP+cT2GCE0BFCzOGanBzi4kOSXATO4x1GUBoC0/9ny1ZqFJf9Jab
 dJDXJy6FzZ9yiUNeMLtqdwCVfXkVfL3BL4h2GgceAE+V1C5deYnA05Uil0IV/QO8zJmIhgYu
 KjRT08JXABEBAAGJA1sEGAEIACYCGwIWIQR+DtPSs0oDsV+fMSHH9/lmDYKmggUCXJ3U+QUJ
 EwprSwEpwF0gBBkBCAAGBQJLd0AuAAoJEB/FiR66sEPV7AcH/RwgUYPdxetaY0tOwE1hVIYE
 6+hiJXQ9r2SENy2JogTiiRWudzFoDbnQq5g12SGgFy2ANlr26X1/zrgjNkHxq+b3WO7l+8Gx
 YtSn9nyDfqSQu2AEPlLBrERt4Zqk2yMfosRnIaO+0rXytnsAJSz9SfMBjHT+W7PG0p5XTZaE
 odA5jvpj1OB4jjq1k3SvLc2MVJTFwi3cgYQBfLOT1hutlyyf/g1U/TZbvfVTKaRAKmUu5Vbr
 wVXWze+gfm9JUu6cG/43D4Xwi64clLbiLs0jlEjg91NiStGOsBdU7gRHx2f7l2dJhTZCT5le
 cOxo392L1YAZo9FF250uZ3niH799LfUJEMf3+WYNgqaCiesP/jlx0jEBk3O1y4TNaCUok0C+
 liC+o2egjwHvaU1nZzQ5ihT4Z1/2ka6fGkhBKy3Jzh/FctPTVHenaTbMRxikcEvwqm8e1RJW
 cw+WS8TEGn1iiUmPJ9fQOT0lJbzq9JRvG+wfSVyF2BYX0axttMtzKTVJtBExULh80NGtdETZ
 PS8oAX1DTLMqB2LKh27VNZwY/SmyXgI59bdy4rXH7bp7CYqmgx49zTcnY5JdKnqRlaVKW4K8
 g3qrBg+x8TpCngRTbFRWU8ZEH2qbrOdtLwnQHAwRYledLQOSgHcQbfjT3TXzm6dAPASmAbY6
 L7M9mzKKYJs+gr97l9HxHBgAPmlZifvbsPGKiw0nVdqjDypwCUABrg1ljEGHjDqRE3sr5oId
 3g+h2lB+XMylrhFJcG8M3nNQnJCCmqHJaiK6lj3WwvYVJ8JYNt9duZKPu82L9I/3c3jjPBKL
 rrPGjVVc+jmkJCug5vqenJeDu9wPLwHszm128u5cSn75DxPsqkRedP0VcnHYBFECVHXyx6r4
 H/4SBcpn8uyKb0gmnWMrvEISPYMn49tu7fIeS/cUdlsw0W7Z5wXW+CG1Y/CnwSxiuqbCUKij
 rwHPQcd82IJijNJTulI8jbd1CIvWc21HEnOjQcnE+jYkyAxeriC3tPlwafhJqvTzi6ql/pXB
 3RihKQ02trTJuQENBEt3QD0BCADDNTw/N1A48sO//JssmJpItyHrJnWdGJvDh5Uq5VqolS39
 B8aNdQjjCtIwKLX5afMYvCR5eUjEgEGlfwMcHzAPtLpZlXMoiDaCm/CpSxehUTlfyxWq9Fv8
 4dNbz1ecLLRsKodmbXj1D5ZBexIQU2lteV2ljCdy8GWQ0Tgh1LWjVmmK4qdYY9/SOUFlrnTO
 +CG0hJYm8H9GZSWxWfI/SJjUBJVFM5+U70d5rfKlwvtuFAW1rVWFEHY51XsV8NdUE5GaVLMB
 P1gvSf/F35LPw2ylyOD6yBy5qG9zFopXR3L1dSapzY9EUlfd6vLisF5oBiKcnO+9VzRcJVBm
 NZ7Rp41NABEBAAGJAjwEGAEIACYCGwwWIQR+DtPSs0oDsV+fMSHH9/lmDYKmggUCXJ3VGQUJ
 EwprXAAKCRDH9/lmDYKmgidDD/0RWIHe9AMDcAG5vXBH8djXHgYGMXHKsbhRrMKejykKulK2
 Os3fz4ikWsOgNXwoMOXP1uVOMoh9db3hCfpBi8WRBAfBbzZEXTWBIfYj41wydQ+nTs96RWOJ
 wTPV741Mtv6farz7Uyl6NGn0TIrYvAuFAPGbl2eVAGuCM+gosjvThW4+iy8cIwYxPzjz68W9
 FbzSiBH6DDaOtqGJTzbpc5CYfqGHTOPbvzQ2uBHhQhwJWMdq1/0KkC9s3mE46ZiTyuEsTqmt
 XNCdV81/7fJxaEr+F4EZHuEPN/bvoPHyNx/IUuoIhxMQ0RnpLnjpopjogzy+KEugqLevc6XP
 5YSmVHoZlBtOa0X4m5ypLkJBGEVkGPV0QNhfmZDc0LgVlfULKqjFvhvO6R0Kt6AyoT/QeJ+V
 kXzW0uphVvXWKDvMmQGytMYgIzpcNOo0nDgzfgP7wduJlm5Kwqd0LIgJ27ejgblwJsqBEJ07
 RFViATm5VMioXA8CjUf4t8DIGGIAq6dEbkQ7/LGI1re6C6mrugrWbZxvy0SAyWPYhSn6uMll
 VdO90/1mLOUVme97oVnmoNgcrk44FkJeV/8kF6YQrlssk96KPjONpHyNPhERilAO2Y1yBC98
 pxDzQ7s5MrW77TSH81HT4+Jqqh/2LMRL2zeD7swT8llQw5u2AJ5XX+Eanpbk2g==
Message-ID: <5d2b0100-8991-9c2d-7916-5268504ff393@debian.org>
Date:   Tue, 15 Oct 2019 15:09:04 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.1.1
MIME-Version: 1.0
In-Reply-To: <20191012160934.GA3589@brutus.lan>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="5NBstwaxBZFCjqijm9ESYHryHdKuqhfdd"
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5NBstwaxBZFCjqijm9ESYHryHdKuqhfdd
Content-Type: multipart/mixed; boundary="5BODS6Jlqk0deODh7G6gLQ7YJKUnPKXjT"

--5BODS6Jlqk0deODh7G6gLQ7YJKUnPKXjT
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

Le 12/10/19 =E0 18:09, Dominick Grift a =E9crit=A0:
> On Sat, Oct 12, 2019 at 11:51:43AM -0400, Chris PeBenito wrote:
>> On 10/12/19 3:53 AM, Dominick Grift wrote:
>>> On Fri, Oct 11, 2019 at 02:54:23PM +0200, Dominick Grift wrote:
>>>> On Fri, Oct 11, 2019 at 02:24:11PM +0200, Laurent Bigonville wrote:
>>>>> From: Laurent Bigonville <bigon@bigon.be>
>>>>>
>>>>> colord reads the color profiles files that are stored in
>>>>> ~/.local/share/icc/, The file descriptor to that file is passed ove=
r
>>>>> D-Bus so it needs to be inherited
>>>> This patch is cutting corners a little. It only takes unconfined_t i=
nto account and not the confined users (an alternative would be to call "=
userdom_use_all_users_fds(colord_t)" instead. Which is arguable too broad=
 as well but closest you can get to "common users" without surgery.
>>>> Secondly xdg_read_data_files() is a little broad.
>>>> Also if this patch implies that whatever maintains XDG_DATA_DIR/icc =
is able to maintain generic xdg data files, which is arguable broad as we=
ll.
>>>>
>>>> The second and third argument are subject to how far you want to tak=
e things, and so I won't object if that is not addressed.
>>>> The fd use issue, in my view, should be addressed for all login (com=
mon) users with colord access.
>>> Actually, I take this review back. I am not sure how to best deal wit=
h this fd.
>> It seems that going to a colord_role() would be the way to go.  There
>> already is a colord_dbus_chat($1_t) in userdomain.if, so you could put=
 those
>> dbus rules plus the rules to address the fds together.
>>
>> I agree the xdg_read_data_files() is somewhat broad, but it seems like=

>> xdg_data_t files aren't sensitive.  Maybe that's just how it is on sys=
tem?
>> I don't feel strongly on this.
> Yes it depends i guess. The thing is that like /usr theres really all k=
inds of things below  ~/.local, like bin, lib, doc etc (pip for example i=
nstalls to ~/.local/{bin,lib}).
> So I would surely at least consider that beforehand
>
> ls -aZ ~/.local/
> wheel.id:wheel.role:users.generic_home_data.home_data_file:s0 .        =
    wheel.id:wheel.role:users.home_libraries.home_file:s0 lib
>                     wheel.id:wheel.role:users.home_dir.file:s0 ..   whe=
el.id:wheel.role:users.generic_home_data.home_data_file:s0 share
>           wheel.id:wheel.role:users.home_commands.home_file:s0 bin
>
> There's also other gotchas, take for example your personal libvirt pool=
 in ~/.local, this content may potentially also be need to be accessible =
by the qemu user.
>
> I guess what i am saying is that not everything below /usr is always ju=
st "data"
>
> I dont have enough experience with colord to give advice, looking at my=
 policy there's also a colord --user instance, it seems also heavily inte=
grated with gnome-settings-daemon.
>
> I think this patch is probably alright as is for now (maybe its best to=
 just ignore confined users in this stage) as for further partitioning ~/=
=2Elocal, i suppose we can alway's revisit these changes later as this on=
ly applies to ~/.local/share/icc anyway.
>
> If this change is one of the few controversial changes that are needed =
to make gnome work on debian with unconfined, then i think it might be wo=
rth it to just accept this and make a note about it to address this prope=
rly when someone wants to work on the confined support for this aspect.

This patch is not "the last patch to make GNOME work", there are still=20
other stuff to fix, so we might want to take some time to do that properl=
y.



--5BODS6Jlqk0deODh7G6gLQ7YJKUnPKXjT--

--5NBstwaxBZFCjqijm9ESYHryHdKuqhfdd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAl2lxP0ACgkQH8WJHrqw
Q9U+5gf9HmlMaxRehoVVFlvWwhaEDFUdQ4R3ZHcQVvWpJSpa1q1gC26QOHsDyUQJ
YcST5jp8WXgj+LsNszCKQOno7BNHs0fgPtEYUz7Nmotl/9bn2tkug8GeLdD6HhVj
LzDHLxUwYoZCo2rr2CJtvWiRS4aw6xPRLQNi4/okyBj3/lo6OfxTFeFQJlEXFLYE
FzoKRhMctYZCwYXDWQ0xeuN20UtaMfb+W42FWCSIXgKQPiKahwE5XOBe2Fos+Tvn
Os2i2+VbpWUk8O9dtffzVbD4xKkUdPchgc2p5WJgtremCLrNYQofXm7zw16TW/IS
txrzDwfHszDJMRADTJlkxE5A4aHKag==
=hTKB
-----END PGP SIGNATURE-----

--5NBstwaxBZFCjqijm9ESYHryHdKuqhfdd--