Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp339283ybh; Sat, 18 Jul 2020 05:44:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz8Wc7VIheqYLHB9WlvqSux3vaYFpRvNZDmzMmgrRFxnf+zRKCxPNR5ZUDFaoEL4x5NLBKR X-Received: by 2002:aa7:d2c9:: with SMTP id k9mr13144949edr.98.1595076277923; Sat, 18 Jul 2020 05:44:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595076277; cv=none; d=google.com; s=arc-20160816; b=fi9qG1mBb57xji4fA9Io+XNLUoCCIuM0saHpW8WJTWdkH7HfQzE0x/rkBtKQYnyde6 J0FX1BkV854u/Sfa3Mjah9iqe+YAXsWe0bvubjGbHxxRQzKdQj0sGPkfTGiTKjf/LHtV ulV03W3g6KOVqOKI+VfyvdIjzPTScmBFe0ng9wMcXrwAKpH26+IyPMWJSpelUuX76PJI V9UqmtMiVxYg6IJPu8GRD3vnWdAkHVuM887IbkBgiE1V8febpjsoCCO5+yIHvpgm1mpk TVAJ6fqgeTjJg3vRNBTyOj+dsqQgI2oS/hz1MyrOATzVVCJLVzAbgZ26o6H0OfhrTnhf B1QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature; bh=ZbX/cTv4Iz/kb7MPTZ9pNY4KYfUhUw22kTNJxCLi3Tk=; b=eqbb2w175t7HcrSf2XKYtPrBSMlpc/Mg/CogcWVqusdVWCFD09hHwEocBcY6y47sUk BAijcG8NyrC5jiLKVsPi6cDbX6OFOtT3fZhaqOC/3RtDs8Jl6+wsa6j7PiciNBjbwHWO mtko6oLsQu08oyCwpnK1bkXoQIIk8BAgtrSyqWBJ71uruyWlf0wk7rRdkpQkFMpOMmT0 zRln6zzK6JIAoO7P0lzKpVBkx/ny1tUPx6lAzC37Qw0Qoqf8r26kfcDVZRBfcZOPIOPN P/6SqN+fQNk8cCh45KnENuThGd07RghSZxyb4lM4LihQEeI1Crs3aAjUu46Uc++co/Pj AkaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=KIQsW4OT; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v2si7385877eda.484.2020.07.18.05.44.29; Sat, 18 Jul 2020 05:44:37 -0700 (PDT) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=KIQsW4OT; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726493AbgGRMo0 (ORCPT + 15 others); Sat, 18 Jul 2020 08:44:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726524AbgGRMo0 (ORCPT ); Sat, 18 Jul 2020 08:44:26 -0400 Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32A31C0619D2 for ; Sat, 18 Jul 2020 05:44:25 -0700 (PDT) Received: by mail-qt1-x831.google.com with SMTP id i3so9659367qtq.13 for ; Sat, 18 Jul 2020 05:44:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=ZbX/cTv4Iz/kb7MPTZ9pNY4KYfUhUw22kTNJxCLi3Tk=; b=KIQsW4OTpVgRhHw5UGOEjzBDubVt4gpOCAu5PhxUgSKxaBWg5roWOajqZxqYHSDCA/ l7rfNOB/Q74S2oQFL0H/CZgnEaasfWQnLgq0csVp6BjYYj1rbi+5UXBIzqm3gMgtuZX2 fyMG7jJN2E8qLpSC/+skPtfcQ8H0z22ZNTGks= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ZbX/cTv4Iz/kb7MPTZ9pNY4KYfUhUw22kTNJxCLi3Tk=; b=EpQ1FDUmmKh8NN23t7Lkj9JAVc77ws6+jl3AIFyI9Qscki9CSdPyg1ymW11D83YoXM 5B8j8vpd25OGgDi2dtCCmo4R0F1qEvpRdXCq/sSYowuHdXS3r9T6h5ZlEMVOQ/qz2UEz RJBS773unbMyU87bDzyjPFMmNpckwZGCI/uYx4OfiBJ/cEu6SlxrGFWRWom67XwFJ36V K6zF3uqhgFidyNP/xX+PF5DfVh0JP8v5GRF3slS4Ewy1vQ0W7ETUAfAJE1W08JqXZt6E EVve/TkYrODHlJ7fmQEuNh2KMowfCJSbqfyJRquKSzVuHMesQcj3N9gno2MVLaLAulsx Vq9Q== X-Gm-Message-State: AOAM532UVNcSkL5ffhhtxhFemDlVw1Cl45y7YwGwCrlFgVU5z81rYGu1 YJOYlzsfZOF8L/ArKzEerM4n2GN+Vsw= X-Received: by 2002:ac8:5212:: with SMTP id r18mr14940323qtn.389.1595076264006; Sat, 18 Jul 2020 05:44:24 -0700 (PDT) Received: from fedora.pebenito.net (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id 16sm12952568qkv.48.2020.07.18.05.44.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 18 Jul 2020 05:44:23 -0700 (PDT) Subject: Re: virt_use_sysfs To: Russell Coker , selinux-refpolicy@vger.kernel.org References: <2061951.59CCVTTc8E@liv> From: Chris PeBenito Message-ID: <333e81e8-8e04-1ab0-2d15-fd9b2a540946@ieee.org> Date: Sat, 18 Jul 2020 08:44:21 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <2061951.59CCVTTc8E@liv> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 7/17/20 8:20 AM, Russell Coker wrote: > Does it make sense to not have this enabled by default? Getting meminfo from > sysfs seems like a very reasonable and useful thing for a virtualisation > system to do. Not allowing that doesn't seem to give any benefit but does > have potential for serious problems if things even work like that. Perhaps the answer is to unconditionally allow reading of sysfs instead. Then writes to sysfs would still be conditional and disabled by default. -- Chris PeBenito