Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp309523pxb;
        Wed, 20 Jan 2021 07:33:28 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwHK/BV+7cuVpENlHbg5tGkiYkTb+spnSQFEb+1+DrYS9/U965nv9zyacdK6Es/L9+2SZ7V
X-Received: by 2002:a50:b586:: with SMTP id a6mr7759351ede.206.1611156808288;
        Wed, 20 Jan 2021 07:33:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1611156808; cv=none;
        d=google.com; s=arc-20160816;
        b=T5TN1JMDMQWnpVH8XHKN2euW83bWaZChqSTC450OQEu5RYifn1wRmrrqLD8u5wxuOB
         a0E4nB/XT7INslPLNN9LcHhbeQCMUJh6SMxTTZLeH4UDiQMMIF9McVx1k8lAriX2Nh2h
         YnPb29JB2qcoSRLbuk+Dz0jpFBGxWAnCqPQL4S9K0Ghc/yGtagmfuKD0IeORvr+sFdpI
         SwTSmQHhLGbg0hp94hBd8Tj1JMnKhZW8T3duSIOeBstTNhz0V0lxmyuKEfzJ2hNFZ+UF
         Y/iK9vPvZVha4yzrUlNX8Tv8mLzwZ0i/17k/hpsYhXjpb8ws0+PEjoCGWb7wf+wa2qUa
         McnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to
         :date:references:subject:cc:to:from:dkim-signature:dkim-filter;
        bh=k9fO27dyBHbpZItc+izBUATlSs1KCislBjczYzJsth8=;
        b=EraL8sF8nq+9aeZQzirkK+suTohgJJp7JdSJK5141yIP9JHU0g/Vbw+NOr36R+bxjW
         FM24cVfthCP02N/WLdlnYpbwhyR8aGbwARnEpJiTB0s3db7QrHtw149KM3MyCY5dgQD5
         jCwOd4NB218SLhNwrIx6pfxiHtAbM3EpUPJhOKmGgQ2Py6YPkZ0sXSvNUTbQT6ydYq7O
         Yx9ADNAUV1vFKukGQVAJZA7bae3fLZ/nXeNw4ZX0yA054gnSoimRoYOGtgJNsvLUIucy
         ES95h8J9rbezxq8lOKOoV1kxZKp91EVh3ycPT7cCSncW6WwuX8iehcJJFqi62MLjGYuS
         I4wQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@defensec.nl header.s=default header.b=VIJ0vRN6;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b20si731596eju.613.2021.01.20.07.33.23;
        Wed, 20 Jan 2021 07:33:28 -0800 (PST)
Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@defensec.nl header.s=default header.b=VIJ0vRN6;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730067AbhATPXY (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 16 others); Wed, 20 Jan 2021 10:23:24 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33366 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732837AbhATPJQ (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Wed, 20 Jan 2021 10:09:16 -0500
Received: from agnus.defensec.nl (agnus.defensec.nl [IPv6:2001:985:d55d::711])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 13A22C0613ED
        for <selinux-refpolicy@vger.kernel.org>; Wed, 20 Jan 2021 07:08:36 -0800 (PST)
Received: from brutus (brutus.lan [IPv6:2001:985:d55d::438])
        by agnus.defensec.nl (Postfix) with ESMTPSA id 45FEC2A06F9;
        Wed, 20 Jan 2021 16:08:35 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 45FEC2A06F9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl;
        s=default; t=1611155315;
        bh=k9fO27dyBHbpZItc+izBUATlSs1KCislBjczYzJsth8=;
        h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
        b=VIJ0vRN66mQBeVUSkJ4eDDTzZ6qsyGMS9cdRuikwcBuae7gCIbbniphytSAqaTSJd
         MDLdaKl3PRWXbrzjTD0V6HeSU+OkYLe/+7OJtZJaM9WUHBgNMGWzfGUPmMDK6p7nyd
         887q5M3jSYQpigIWOHzVkREyGwrcmCwNEQUb7lk8=
From:   Dominick Grift <dominick.grift@defensec.nl>
To:     Russell Coker <russell@coker.com.au>
Cc:     selinux-refpolicy@vger.kernel.org
Subject: Re: [PATCH] misc apps and admin patches
References: <YAgCC7ngI/WrlxMR@xev> <ypjl5z3rn3e6.fsf@defensec.nl>
        <10140498.mdnUOP6vMp@liv> <ypjlh7nblkb2.fsf@defensec.nl>
Date:   Wed, 20 Jan 2021 16:08:32 +0100
In-Reply-To: <ypjlh7nblkb2.fsf@defensec.nl> (Dominick Grift's message of "Wed,
        20 Jan 2021 16:06:25 +0100")
Message-ID: <ypjlczxzlk7j.fsf@defensec.nl>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

Dominick Grift <dominick.grift@defensec.nl> writes:

> Russell Coker <russell@coker.com.au> writes:
>
>> On Thursday, 21 January 2021 12:28:49 AM AEDT Dominick Grift wrote:
>>> > optional_policy(`
>>> > +       init_dbus_chat(sysadm_t)
>>> 
>>> Can you explain why you added this?
>>
>> Apart from the obvious that some program wanted it, no.  I'll remove that bit 
>> and add it again with a note if it's necessary.  Did you like the rest of that 
>> patch?
>
> Yes and thats my beef with this. "some program wanted it". sysadm_t is a
> shell domain. Any programs that need this should, in my view, ideally be
> targeted. If you dont want that then use unconfined_t instead and be
> done.
>
> I dont want sysadm_t to become a "drunken unconfined_t".

But also if this was added to support resolving dynamic users with
systemd then this is no longer needed because resolving of dynamic users
with systemd is no longer done with dbus. It is using varlink for that
now.

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift