Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp293291pxb;
        Wed, 20 Jan 2021 07:12:44 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzHxprmXch6WDMk/eyTTIT8P756SROOgUZmICUzPZ1CKnpbRJNSbW0UeADCrh1lruHzsPL1
X-Received: by 2002:a17:906:a94:: with SMTP id y20mr6098053ejf.525.1611155564118;
        Wed, 20 Jan 2021 07:12:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1611155564; cv=none;
        d=google.com; s=arc-20160816;
        b=Z71Sw8NVMHWiJiqY8383gXJt9GFPrCuuW+Tw0F3amkXXYQpjsuAB7++KX6p62kF+8u
         Dx42ui+OcJOS3JuYQrREfR6EZamWsMkCULZC6LAin45C+vHlNywI8DFi6v57NvEvj8gS
         SEa66n1ZmNCqLacNcbDGEKWj2DXhJCltjvrrEYlUl0ewxTDs0YDM4VccWda9+w+j3J7h
         q7fOAUb+K4aZs1QE8AuFfFGiBmOzaS9GWPXzFAzcFFDzIG99/xziQCY0YZUvdyUPuo3N
         rmdW0osIfOthbR9b4SH/i0hW7ckvn6G0K41z+eB0rCt2sO3Kq5nwM0+579ikRJ8mSdi+
         cXUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to
         :date:references:subject:cc:to:from:dkim-signature:dkim-filter;
        bh=xbil5oAyyGd25DIM+ESoiy0cgw8VZJ+Z/WQqmSJ5ZlI=;
        b=YTLCHTO+Qcu7NP2+V2Fs6q8hdiBJoKXhjC/O+0aBZL9+SXwxTNtuOiUsVIdvIygfdn
         8RJ7OzCBXKYVtDDCaUmZHXitG6u2RL3BJ6I+39hSlGBnulknYKdXZ+0/LG4I6OtzIMZD
         2PEAUzt6WC2mI7Hdmd6UXg1pF21xIxF5O6nLrguT7MxSQs8atnJ0Ws2kcJbDhBg3t72m
         m3yOMblxrlvxMhWcKQtCRp8YBOMW1QhNV2ZboEIOV9p8W1skOVjal6guOkUH80Cy10TZ
         vtq71N/hM9+3iIlIzZdaqxMYX38WMQkFH/NCX5BVx6+YqbsU9gA7PpAbz54kdV0PIV1u
         PoUg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@defensec.nl header.s=default header.b=hZYqdzW9;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id t16si918014edi.560.2021.01.20.07.12.37;
        Wed, 20 Jan 2021 07:12:44 -0800 (PST)
Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@defensec.nl header.s=default header.b=hZYqdzW9;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733055AbhATPKf (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 16 others); Wed, 20 Jan 2021 10:10:35 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32908 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2391005AbhATPHN (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Wed, 20 Jan 2021 10:07:13 -0500
Received: from agnus.defensec.nl (agnus.defensec.nl [IPv6:2001:985:d55d::711])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id C4BF2C0613C1
        for <selinux-refpolicy@vger.kernel.org>; Wed, 20 Jan 2021 07:06:28 -0800 (PST)
Received: from brutus (brutus.lan [IPv6:2001:985:d55d::438])
        by agnus.defensec.nl (Postfix) with ESMTPSA id 1A8832A06F9;
        Wed, 20 Jan 2021 16:06:28 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 1A8832A06F9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl;
        s=default; t=1611155188;
        bh=xbil5oAyyGd25DIM+ESoiy0cgw8VZJ+Z/WQqmSJ5ZlI=;
        h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
        b=hZYqdzW9i50iGtIDHqD5Uaq187nHWqi98HoiCTKA7kXR/2hB48stR3DX8B/9bQ14j
         DSrixAMVe5WHQCU4KabOT4jSkqjwI7q3Zxa7kb7V0VoyFgBXi7PNZF64xPt1t2gecG
         Ahbu+bvElXsRavLZd4okv14rxLzD1oMK/tuuKKZc=
From:   Dominick Grift <dominick.grift@defensec.nl>
To:     Russell Coker <russell@coker.com.au>
Cc:     selinux-refpolicy@vger.kernel.org
Subject: Re: [PATCH] misc apps and admin patches
References: <YAgCC7ngI/WrlxMR@xev> <ypjl5z3rn3e6.fsf@defensec.nl>
        <10140498.mdnUOP6vMp@liv>
Date:   Wed, 20 Jan 2021 16:06:25 +0100
In-Reply-To: <10140498.mdnUOP6vMp@liv> (Russell Coker's message of "Thu, 21
        Jan 2021 00:36:04 +1100")
Message-ID: <ypjlh7nblkb2.fsf@defensec.nl>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

Russell Coker <russell@coker.com.au> writes:

> On Thursday, 21 January 2021 12:28:49 AM AEDT Dominick Grift wrote:
>> > optional_policy(`
>> > +       init_dbus_chat(sysadm_t)
>> 
>> Can you explain why you added this?
>
> Apart from the obvious that some program wanted it, no.  I'll remove that bit 
> and add it again with a note if it's necessary.  Did you like the rest of that 
> patch?

Yes and thats my beef with this. "some program wanted it". sysadm_t is a
shell domain. Any programs that need this should, in my view, ideally be
targeted. If you dont want that then use unconfined_t instead and be
done.

I dont want sysadm_t to become a "drunken unconfined_t".

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift