Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1201000ybb; Fri, 10 Apr 2020 20:25:43 -0700 (PDT) X-Received: by 2002:a37:7202:: with SMTP id n2mr6203927qkc.427.1586575303604; Fri, 10 Apr 2020 20:21:43 -0700 (PDT) X-Google-Smtp-Source: APiQypIsY4bKc2ivuF63IPQnTtTOy3zNhy2Fl+xmfxXqwkvyaOOF+xNKtDRmgrE/rWNEY6chh0Zl X-Received: by 2002:a37:7202:: with SMTP id n2mr6203900qkc.427.1586575302771; Fri, 10 Apr 2020 20:21:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586575302; cv=none; d=google.com; s=arc-20160816; b=TBzRI09lOqxx7E9ov/XByix3kkLJXfbCyl+MjFOl09dS7CXbok4I7cEfvsYBmmgTrT r0SW0gYvJRAeYcwgOw/umfxG73e2lzfUa2iwC7W/S2bXJkB7/4pvTGZhOYqc/7Hpo8E+ tNX9uyGUwqmM1g+kpqYLw4l+Tc2wtvXbdtyvnCFjbaDH47UX/e6HvPXhc2xl8/UbKf7e O5O71NZHoJPXoW+PaG5J70E4B7czzF1sL8Lp3aIsdcEzMa/IApLDnPwILSwFacyftHNw jskeOyNQ6MCmFc0Aama+TV5YOoiD5qhvCC+7H4JvZAcntt/GSY/br4t5F9Q2nEq7NRlZ Xu9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature; bh=D/9ukKeNSsRvODbrgAWK+i0pB7D7HbJ5w0y9y4PEnQk=; b=HN/XJRIAvZ6+nGOyJ5r9pnAGFTgm7pEA+dytJ+trtn6Ow7sK2od5+iFmUZuhcZ8xEm Lh7jcV3SwNXXK21rnFm133xc3/WmKPZH9pt09l9t/DHYv3V1srJpRWayURqlgOWRtECP +/hC7bjPEnlnAi/0RApT2PuysMubUcPJk3bMZcgGSgH0aGkxOBV83Hhrq7+TsDJYMRxu WjkL8/0s9CubPcil6wL/82zwlcJM3g5fGnBeyBozuLMXxlbrW62csP3YRHBfI/rf538N mauDMaSxW1G3clAGt5AQEitRzbI6C6Fo0CIiVSLYGkadTCNk1KYS2r1OAx0n1cOrYJUo xXFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b="R80gKl9/"; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n45si2151388qtb.252.2020.04.10.20.21.38; Fri, 10 Apr 2020 20:21:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b="R80gKl9/"; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726663AbgDKDVd (ORCPT + 13 others); Fri, 10 Apr 2020 23:21:33 -0400 Received: from smtp.sws.net.au ([46.4.88.250]:39122 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726657AbgDKDVd (ORCPT ); Fri, 10 Apr 2020 23:21:33 -0400 Received: from liv.localnet (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id 37FCBF153 for ; Sat, 11 Apr 2020 13:21:31 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1586575292; bh=D/9ukKeNSsRvODbrgAWK+i0pB7D7HbJ5w0y9y4PEnQk=; l=234; h=From:To:Subject:Date:From; b=R80gKl9/inC54vcaRrvv6D2LJJaQh1chIrubct9e/gUSFo3AFhkO8rFv16R4Zovbd ZikSCfYvsffAH7iFwli+aDmUT26SV1AFN3Yiw49uzjbfgFYGXUgcKuXknjpKYZYRgL tdHVDvp1vKtPGPi/A3xnfZot5dpqON4pqiYZ8kYU= From: Russell Coker To: selinux-refpolicy@vger.kernel.org Subject: what is cap_userns? Date: Sat, 11 Apr 2020 13:21:22 +1000 Message-ID: <2010201.2WdYGfYjWX@liv> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org allow sysadm_t self:cap_userns sys_ptrace; The above is from audit2allow. Do we need macros to grant all user domains this sort of access? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/