Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp245042ybl;
        Fri, 17 Jan 2020 23:11:11 -0800 (PST)
X-Google-Smtp-Source: APXvYqzXlTJipQ7Q7ILhKco1SGwMnwSj13TemzyKlqHcD9yHDGRJ6o//bGR30ALc5cXpadyndM4o
X-Received: by 2002:a05:6830:1116:: with SMTP id w22mr5589572otq.216.1579331471641;
        Fri, 17 Jan 2020 23:11:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579331471; cv=none;
        d=google.com; s=arc-20160816;
        b=FnuL25chDQtyFigQipDN6+re3fHMbxTb0uucxa4/XPSTjpWec59KGgqr4qCQu7w27P
         ozgwtyJToQE+56ac1OeAUPxoJccK/ZCsP32/remynp7ur6CnDzYm7RMQV21rID/WWygI
         sPran7sEWlCYBvcruhE6HColdnnp7urGznFrJoafffmA6jzz1VVCqukeUbGku9jCVHe0
         ZrZVrhDFoTbGjoNe/DD/6BjqaGXXSPpM2kSqTSpl5OUyuEk1SijEPYu3mCiCLZBzy9yB
         rZxfTZyOTrNhCgP5W69Awexl7GnnX9Ycibcm2uqHLyzF6ppwE6WpmazbqBGjcdBMBLJ8
         j7qQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:message-id
         :in-reply-to:date:references:organization:subject:to:from;
        bh=9fbGLkHFkh1Zob9y0v/sv94vsOK9OYilEPxQ5wnWyTU=;
        b=KWvJVv9JlBq5RFwFscU9hNNL8tzr95ExSX1h5r9p9JzI09g3mHS1T3HTcWB4L7uyRT
         l9so/e392/tlhK5YhCym+dyNfkGONrvPFc6XTu0Oqa+u8Bu7a6GuWjr58uzA6xvzj5ix
         bPNuksDLQc5MBC7G1iKxE6hZiD16rXpgopU39LjlNn0eh6yRyflHIY1ealNBoX04ktWA
         k+d9jDqe4tAI0KxfZLBJj8DWTsMF9HxJLd5kGo4VhQrbEG10RfVsNcCjcUch3ZYKVu5F
         tgoliqWfhWfqn8HIEK9dqha1gwrHKQjTQAwgV62xr/FyvOYct3X7Ou64p1KoWVsODog5
         9sPA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q20si18093287otn.297.2020.01.17.23.11.06;
        Fri, 17 Jan 2020 23:11:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725980AbgARHLE (ORCPT <rfc822;refpolicysuse@gmail.com>
        + 13 others); Sat, 18 Jan 2020 02:11:04 -0500
Received: from aer-iport-4.cisco.com ([173.38.203.54]:7919 "EHLO
        aer-iport-4.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725913AbgARHLE (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Sat, 18 Jan 2020 02:11:04 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B6BAChriJe/xbLJq1lHAEBAQEBBwE?=
 =?us-ascii?q?BEQEEBAEBgXsCg2ggEiqNFIZiBoE3lBOHJAkBAQEMAQEvAQGEQAKCLjkFDQI?=
 =?us-ascii?q?DDQEBBAEBAQIBBQRthUOFXgEBAQECAX4LCxUMJQ8BBCghE4V9BSCqboIniHq?=
 =?us-ascii?q?BPiKBFIwoBnmBB4QkPoEXg3+EfyIEr0yCQ5YwG5pyLak0AgQGBQIVgWohgVg?=
 =?us-ascii?q?zGggwgydQGA2IOY4PQAMwjWcBAQ?=
X-IronPort-AV: E=Sophos;i="5.70,333,1574121600"; 
   d="scan'208";a="21910426"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22])
  by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Jan 2020 07:11:03 +0000
Received: from nott (ams-henribak-nitro3.cisco.com [10.55.169.228])
        by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 00I7B2PV002719
        (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
        for <selinux-refpolicy@vger.kernel.org>; Sat, 18 Jan 2020 07:11:03 GMT
From:   Henrik Grindal Bakken <hgb@ifi.uio.no>
To:     <selinux-refpolicy@vger.kernel.org>
Subject: Re: [RFC] files: Make files_{relabel,manage}_non_security_types work on all file types
Organization: Sierra Fan Club
References: <20200117231500.59904-1-hgb@ifi.uio.no>
Date:   Sat, 18 Jan 2020 08:11:02 +0100
In-Reply-To: <20200117231500.59904-1-hgb@ifi.uio.no> (Henrik Grindal Bakken's
        message of "Sat, 18 Jan 2020 00:15:00 +0100")
Message-ID: <87v9p99r3t.fsf@cisco.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Outbound-SMTP-Client: 10.55.169.228, ams-henribak-nitro3.cisco.com
X-Outbound-Node: aer-core-3.cisco.com
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

Henrik Grindal Bakken <hgb@ifi.uio.no> writes:

> From: Henrik Grindal Bakken <henribak@cisco.com>
>
> This is the same behavious as files_*_non_auth_types have.

The rationale for changing this is that the systemd-tmpfiles rules use
files_manage_non_security_files() (and ..._relabel_...), which doesn't
work well if you use tmpfiles for somewhat more exotic paths that the
standard setup.

An alternative to this approach is to change the rules in systemd.te for
systemd_tmpfiles_t, but it seems to me like this change would be more in
line with what's done for the similar interfaces.

-- 
Henrik Grindal Bakken <hgb@ifi.uio.no>
PGP ID: 8D436E52
Fingerprint: 131D 9590 F0CF 47EF 7963  02AF 9236 D25A 8D43 6E52