Received: by 2002:a17:90b:8d0:0:0:0:0 with SMTP id ds16csp380207pjb;
        Wed, 22 Jul 2020 02:15:49 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzHI6wO/zMsbtSSXF6L0YVXVkhlpq32Ukvt2y8GbRh3FsB7uya3dE9P4QBtf3gZTfdZFtjX
X-Received: by 2002:a17:906:9387:: with SMTP id l7mr28199372ejx.274.1595409348815;
        Wed, 22 Jul 2020 02:15:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1595409348; cv=none;
        d=google.com; s=arc-20160816;
        b=gtm/WlpNNXN3mE8rxOIvubu1XK4HkWsspg+7nLJjuAw51ongXnFKMLeNrlFGqDZl6I
         gjuyze6EF9iKjb6cfCuVP8oaAWGTfnUqpjYxiR2RsphYL7CmRlfJBNvc4qRwRFC4UPlV
         W8gPWF3w2dsW1IeK03XOaUegYTtdhXUPff7D0hlZokPnTf4gvVRPsM5FF2Gz1d6KIbDW
         fENNpBIYkKjiKnNQIPPlL88QlUVqjGpLZC65iQLpZCJwtHwTzTmUNGLDQr+BzN/wHBgI
         mFHftHbPpUXIpbI6oqH+Wa/H7ypMyne8PzlqV6rf1uZcU8mOfontFiG7tG31GzcH+/iO
         t6rA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:autocrypt:references:to:subject:from:dkim-signature;
        bh=//O90liAPOqL5TUe9mMrFEnTL7BvLjFFSV+qrRzn3ts=;
        b=vWQkouGs2Nqg4oZMIHtHZfSm7icAfcWTPCzbktRTfiJFobJoHgD88JqffoLhCvvhEj
         1s5swf33RraMaYbcsvzDQOmrud7FKkNro3RMkbiH3zJf03dLDZhVmAG7HhpeSVHW4pyS
         BY6tJUmN21EdmisAeO8OozT7PNQ1ADt60Uwdiy46KP+Omvgqwp8zqerIU8rYXjUKTw4+
         s+AOK1NUCqfrrpC/sAPQ68YwibA+Xm2v07fd78vh4U5ks//VXh9Y6qfC77MV9QXFUkeT
         YuJVeCkmTMdjjFfwwZFg/9M6sUD+Q6yycQ6/8MNf6wioF/BF9ZGsrhjXzYbqo22V7Nub
         uK+A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@googlemail.com header.s=20161025 header.b=IRUnnld5;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id de9si14761006edb.404.2020.07.22.02.15.44;
        Wed, 22 Jul 2020 02:15:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@googlemail.com header.s=20161025 header.b=IRUnnld5;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728100AbgGVJPm (ORCPT <rfc822;sbsubscribe2014@gmail.com>
        + 15 others); Wed, 22 Jul 2020 05:15:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59492 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726153AbgGVJPl (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Wed, 22 Jul 2020 05:15:41 -0400
Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBB22C0619DC
        for <selinux-refpolicy@vger.kernel.org>; Wed, 22 Jul 2020 02:15:40 -0700 (PDT)
Received: by mail-wr1-x442.google.com with SMTP id a14so1157276wra.5
        for <selinux-refpolicy@vger.kernel.org>; Wed, 22 Jul 2020 02:15:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=from:subject:to:references:autocrypt:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=//O90liAPOqL5TUe9mMrFEnTL7BvLjFFSV+qrRzn3ts=;
        b=IRUnnld5KHItVuKHm3lgKG4gF6SxNFsEXWSSOJaPOmO3tnCmVxc6mmyI08BWXa3PjA
         gC+KZoUuKsP5PPplGBFGzJWaDpT28rOu22ISB4slYtw2sbx+htRlSDIep7fvEADP3yyS
         d1Jb9LXwfg6tOFTxyLtlkYKReOfp3y01dMsYs8wY6pzqObMossyVpLh2BqshtUc77rh0
         68KLp14xW+HvPOXNkSL0SPavtmX+3pGISLHrKsh7AwjBEWowHpyJYweb8q0hZG9fcTTv
         b82NOzYbmeeTRQoOGnrIIMBLwhkDHI4Kuczd54MinGoVx1lKnd7glqhY84avRipo9ocK
         5P0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:subject:to:references:autocrypt:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=//O90liAPOqL5TUe9mMrFEnTL7BvLjFFSV+qrRzn3ts=;
        b=tL1VntDb0giMY94+JgeBf87naTyfBM/vIIiyJJ3xgcTyelXV5F+aqjXTR1d/JZzESd
         ktal2saYR8Ss2K1qiJoaCzRMgyMZmBjdPs/UZkF9jXF9GxtkVbiBGBAbu447eHhaJFA0
         13qLVyXew0pSko2K4seljchAVvoCc86/Ha1LmHOMpIW3oxilMc0Sr65/jzZ4N+d0RA4h
         nF/IAsJJJk4SD2ZOLhn5jbGU5c5BowFg6xW3GH1GgjsQrTq5nj/VY73Ece1KeGgzlDvz
         2tb9tLf1pTZ7b5RTJrGJKweS2tIwBYp9bCdGtBu+6xnmnB+tR4MxdaDpF5+nifuDGKzG
         Ej8A==
X-Gm-Message-State: AOAM533zqNlxeVOM6b8AqLhszFzQPDzFQZCf9Cy7K0ecQijWmXMJU0Tj
        ELCkMr+WeYYSPVRl3a7WDKB7lJwspqY=
X-Received: by 2002:a5d:6651:: with SMTP id f17mr32594307wrw.29.1595409339241;
        Wed, 22 Jul 2020 02:15:39 -0700 (PDT)
Received: from ?IPv6:2a02:810d:4bc0:8098:a226:5056:b008:9621? ([2a02:810d:4bc0:8098:a226:5056:b008:9621])
        by smtp.gmail.com with ESMTPSA id m4sm6437446wmi.48.2020.07.22.02.15.38
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 22 Jul 2020 02:15:38 -0700 (PDT)
From:   bauen1 <j2468h@googlemail.com>
X-Google-Original-From: bauen1 <j2468h@gmail.com>
Subject: Re: [PATCH] Also label polkit-agent-helper-1 when installed directly
 in /usr/libexec
To:     Laurent Bigonville <bigon@debian.org>,
        selinux-refpolicy@vger.kernel.org
References: <20200722085908.57820-1-bigon@debian.org>
Autocrypt: addr=j2468h@gmail.com; keydata=
 mQINBFhYO0UBEADB9FOvBFPceReJkioc/Wpgb+4jquqgLaYFCq30wMRlbbxRE6W5piQdJBS9
 1nHgehc1wKlpoX34I0fDYKmzhxU/wn7kPQqyIJ/x4Xc0un8rgLr6AB9J45+xYDAjTEP6wfzA
 DyCokyypi7knVSraYAUgmgBk+jEB/B1VpUxsE6X/tilqOLyPEkDX4dKUR/J2nPyfir3pYRFs
 siohNGbTOmwzwkA+rZClsUl9hO5n3oGAl3gJ352wIDJTDPd0YvyCTrHRpSTP9msKrFh3rILL
 aNgUNBr44QurGvxDuIrX6CIyqWUKO1tdnA1XOqsZDTEAa7IL6K7yoYRIzGZ+HmxemBhE/dxW
 qe4+nSru1QoucSNP6xa8F2HLeqvypD+xGerR4MELkBwa2XiGvS5OwF3XjevWcLQDztlXE1cW
 hK6fnK8XiXNcffG8YIhStSoW3dH3twPpEduqDAooLaCznxfNZFNcRU7iaoAk30xLv885jjga
 /FKs+jwlkzX/Xf6gvaLZhyIuF7x5yMFYZYKl/kA0XfY9x/d9YJe9MeBE5USZnssSGCgZXSt8
 +tikDjEWAw43ANOG5Au/4wEoMI9eQmRRrQ9AfIb6MS1irfUwU0yGgHCkFX7nN54+2Zunvy9u
 YBk55oGh1MbVlIU/rEs+te0Syb8faX53oAMFPljqnqtS71AOLQARAQABtBliYXVlbjEgPGoy
 NDY4aEBnbWFpbC5jb20+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE
 XtbYJqzUP47Z1Puy/wqvXggSupwFAl6R95kFCQgZO9sACgkQ/wqvXggSupxmvBAAuf5OKd70
 GGvwtg0IF0oZ5/ZomZuj/ULJo2wYXIfuWd6TVmJSPyGaWxkVZu+C4rQc43bCXigF9m7Ab8Sr
 7PH5O3ZKbrYiFwgASjL62osCleoEeUBWOnXquB/SfA//KumtUeNfGoMv45xlP3YiEEqYtYLd
 Q1JWtkdxbf2n2fxhD25YUheZvRxZPCMnOZ0t8OVHmiq2G9go935UW96ogp5TuT/VmRFTd5+L
 nWKNOmXh6kLTwkc5pbYX+6DagNI0b8b9AwNInZ7A4Dc3tKR5cdb4FtJ6d4UZgq9l7sSbP38j
 P7LXBHU1JBmALomN1WD1jtLJa1i19BTscuxvtlfVYyNw1WJVERFQYMR0EBonv1jDIjpNIz+Q
 I4Ectri3Ac0d4FTB2wb7SHShZq+pYe1+jNiGaayaL14CvapGar1mTfEYnA1JMhhM5Vd/myRx
 mxUvred8BVijHgLWPSLX4FOaNDyQzgqBMkF/nugfDpqqIU/pxQ65AjVDnmxUFxNrWbeMYxUx
 rUgS9c+k7840Z8BHr8Cd0DfzJRv7k5YfSjK5POLB+rWf6ibL9Mg1QzxGRFZRWnQTrtLSH9dy
 RG27cUX7fn43onkRkB8TSlAovDpP/jnk52TL44s05acvw2rEOa4/ygU53Pud8i2870naMaHu
 n7ZHUJrGZ0BcCGwQ98HsSRm06BC5Ag0EWFg7RQEQANuS3Qmbp63gCD7WHWWedBAY5t/FVrPR
 mf426pq2xAbms1WBHUeQB9r7F4fUMBFU03WNk8JWi4nSl8p0z4rZaZD1TEsenbYx2IohTxi0
 qtZ/eaTydVzPfBIY3awBxaS3GuV8xUgR/8VdJATpEUF2BnDKGihXBl9pPM8l46vG6HsqWpeZ
 /hw/zwaGi8cSXY6PlFRL/fcpiGLR5RefH5VhDwZ5YrwDCYNhWYDKXL++IkDja0NW3s2yRUJM
 bRib0r8hq87lA7N+HHwgOOYd/sJbCZObZzL/n+lR+VTHLxGmJHbk+JRdagFH1l+x+Vp1zhVM
 XJDUci7Wcx/kCzCWu08t5t4Lef7rWvYJCf9JQaKJQcKyXr6ky3d4mYfV8AcA/9fat9NzQB6e
 7cHw8yOc/1e4xN/h3cGNLWiGb8HCAR0SH22Gb2epyfq+txdn3cwm2ot2lhOXK3l48T081x/q
 kWOw86ig9dIVxi0RUv3CUaV0/N4SVumVD3GwzMSI0rfwuUb7tOqMGQFxe/k9Fc9uFPP7LfTe
 ZTOayuZg9oHO6Ju3x+KSXPwYcXAfuy0elZQPyqMZwshC3l1sfwG7Di+98sPzsbVUm9eTjTfN
 x2r7N/a958W0h+1SuE172qfuabLu8vMMWIuo8RaQG/OVF2bRR8yEPSyUTqS7Aj2osSX5CFB/
 4TVLABEBAAGJAjwEGAEKACYCGwwWIQRe1tgmrNQ/jtnU+7L/Cq9eCBK6nAUCXpH3lAUJCBk7
 2wAKCRD/Cq9eCBK6nIS9EACIMM/w9yai6OzWr/8yGAFvTGb3eAXTt0W1af2u0wuKpZwLT6mb
 lSdmy+6Unw0g5V/pa9ckKor4qzz+Bt8TAyV/bTvcdT8UrTOLmYOnD9EzaQ4HmgDK84Tsvlix
 0JgAh62udn9obUvId5m/HaKKTg0zwP/RWS+L8kr9kDWPf3la4DPQ8Ni2wyIcwXyKdi0Fasl4
 fO4jEEM00XZPFwin5yfAU42fmePKt9dtFd6jxOV9WjeyMTaxYr85viXo9YI1tvvErDMmqCjl
 uw+cAXP0bTKd4CAXTZ6lEUemPBo1A/UE2rxh+BOgfkKtZWxmOdiRj58n6F1lTKArS09DxNCP
 piqv8vG6cp+C5I7+XQSy8L21e5ZWCqBH5t/PXFFS8zoCS+OB0sdMfK6ytLA3U1e7UoOdC8cp
 la3N25xMXged7+1Dr3xliQKIDNAi/Y5EWCokshhwSoFTbcZoJyjo35HLQnQFcYXA14R/B3hd
 WA31VJlJxdzof4SuMElt4mAoaPzEkQovYzRU8+AKdk0gqjXth3BABvT403wj8Dt2Y73H1JaI
 1gJO/cb9LHsB6DkhbQQZ5Dtir+L6t5Fy7u74xb7XDu4gXTJcE3zRSZJUy9dplxXLBj2s8S8v
 QatWOE7bzVfc5o1YqTJcchLqRbMDoKRPaf+GAmldrTM02RAJtebsBcauurkCDQRYWDtFARAA
 25LdCZunreAIPtYdZZ50EBjm38VWs9GZ/jbqmrbEBuazVYEdR5AH2vsXh9QwEVTTdY2TwlaL
 idKXynTPitlpkPVMSx6dtjHYiiFPGLSq1n95pPJ1XM98EhjdrAHFpLca5XzFSBH/xV0kBOkR
 QXYGcMoaKFcGX2k8zyXjq8boeypal5n+HD/PBoaLxxJdjo+UVEv99ymIYtHlF58flWEPBnli
 vAMJg2FZgMpcv74iQONrQ1bezbJFQkxtGJvSvyGrzuUDs34cfCA45h3+wlsJk5tnMv+f6VH5
 VMcvEaYkduT4lF1qAUfWX7H5WnXOFUxckNRyLtZzH+QLMJa7Ty3m3gt5/uta9gkJ/0lBoolB
 wrJevqTLd3iZh9XwBwD/19q303NAHp7twfDzI5z/V7jE3+HdwY0taIZvwcIBHRIfbYZvZ6nJ
 +r63F2fdzCbai3aWE5creXjxPTzXH+qRY7DzqKD10hXGLRFS/cJRpXT83hJW6ZUPcbDMxIjS
 t/C5Rvu06owZAXF7+T0Vz24U8/st9N5lM5rK5mD2gc7om7fH4pJc/BhxcB+7LR6VlA/KoxnC
 yELeXWx/AbsOL73yw/OxtVSb15ONN83Havs39r3nxbSH7VK4TXvap+5psu7y8wxYi6jxFpAb
 85UXZtFHzIQ9LJROpLsCPaixJfkIUH/hNUsAEQEAAYkCPAQYAQoAJgIbDBYhBF7W2Cas1D+O
 2dT7sv8Kr14IErqcBQJekfeUBQkIGTvbAAoJEP8Kr14IErqchL0QAIgwz/D3JqLo7Nav/zIY
 AW9MZvd4BdO3RbVp/a7TC4qlnAtPqZuVJ2bL7pSfDSDlX+lr1yQqivirPP4G3xMDJX9tO9x1
 PxStM4uZg6cP0TNpDgeaAMrzhOy+WLHQmACHra52f2htS8h3mb8doopODTPA/9FZL4vySv2Q
 NY9/eVrgM9Dw2LbDIhzBfIp2LQVqyXh87iMQQzTRdk8XCKfnJ8BTjZ+Z48q3120V3qPE5X1a
 N7IxNrFivzm+Jej1gjW2+8SsMyaoKOW7D5wBc/RtMp3gIBdNnqURR6Y8GjUD9QTavGH4E6B+
 Qq1lbGY52JGPnyfoXWVMoCtLT0PE0I+mKq/y8bpyn4Lkjv5dBLLwvbV7llYKoEfm389cUVLz
 OgJL44HSx0x8rrK0sDdTV7tSg50LxymVrc3bnExeB53v7UOvfGWJAogM0CL9jkRYKiSyGHBK
 gVNtxmgnKOjfkctCdAVxhcDXhH8HeF1YDfVUmUnF3Oh/hK4wSW3iYCho/MSRCi9jNFTz4Ap2
 TSCqNe2HcEAG9PjTfCPwO3ZjvcfUlojWAk79xv0sewHoOSFtBBnkO2Kv4vq3kXLu7vjFvtcO
 7iBdMlwTfNFJklTL12mXFcsGPazxLy9Bq1Y4TtvNV9zmjVipMlxyEupFswOgpE9p/4YCaV2t
 MzTZEAm15uwFxq66
Message-ID: <f720dee8-9917-45d6-8dcd-61d278b5f07f@gmail.com>
Date:   Wed, 22 Jul 2020 11:15:37 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200722085908.57820-1-bigon@debian.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

Thanks,

See https://salsa.debian.org/utopia-team/polkit/-/commit/f6f99d85b2eb91bd03ca56d30837d7291711a0f8 for the change in the debian package.

On 7/22/20 10:59 AM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> Debian now installs that executable directly in /usr/libexec for the
> version 0.105
> 
> Signed-off-by: Laurent Bigonville <bigon@bigon.be>
> ---
>  policy/modules/services/policykit.fc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/services/policykit.fc b/policy/modules/services/policykit.fc
> index e2782838..85814b95 100644
> --- a/policy/modules/services/policykit.fc
> +++ b/policy/modules/services/policykit.fc
> @@ -11,6 +11,7 @@
>  # Systemd unit file
>  /usr/lib/systemd/system/[^/]*polkit.*	--	gen_context(system_u:object_r:policykit_unit_t,s0)
>  
> +/usr/libexec/polkit-agent-helper-1	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)

Since it is a debian only change, this should probably be wrapped in an ifdef distro_debian.

>  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
>  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
>  /usr/libexec/polkit-resolve-exe-helper.*	--	gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
>
-- 
bauen1
https://dn42.bauen1.xyz/