Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1132410pxb; Thu, 28 Jan 2021 08:43:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJxJu18gZPKzkLcCt92yl7bnwLaXVk4pZq+CJxJlR5OFadxUqAnuTQp/e8lXUuFZ6656O8Ql X-Received: by 2002:a17:906:29d4:: with SMTP id y20mr256214eje.294.1611852206252; Thu, 28 Jan 2021 08:43:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611852206; cv=none; d=google.com; s=arc-20160816; b=KyF+NutJ7hkkeGqzL2kLwZAuf9DK0V7EeIJKg/07I9YPzV4kXsRJLxQoGsh6ns9rTl lU+2km7B+ZHOaA5xH5Kq6SEGa3BgziwS9AV13i0btySoYyaSfgxDZRgf78hL5tOMNIHI Zh3IZAENrZ+m6D1+W8l+KnCmlWXpax/CH8a0eO+PnEMy55+xenNRsw0h9f8Em42BpItH YFXroR95WwEzeEAcnaqbtxKS6IVoamEOxmwH5BNVZ8n4mSjhoyeGvaAwnSriAOg01skd WG5uzrtET1mmA3OIgAgUbolrzXt/aV+5SvfINEDBiBrXbSZjF+/SVWGr0q/CTMDA7M3a EWWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :to:subject:dkim-signature; bh=xUKn0NzBojMOVwVxrcDpshLbYrW1iFfQsN3N8Ke6dhg=; b=fWS2v1kFcFKUbtOBHw+54XLE6KF1p2cTq5Ay67ddFubbRzQ7nHMLtp93h5K/YkDPjb r6b6K0PSoOI99DrSTcQpzq0RlJvP0KtUi2FVXu0hblYQn744roU4BVmlNx9XuXJyKVOT uM+CmnMICF+b/9j25U/rhSJPdLzUNYo/r9MK3t5/GBfSB6CPeq0Alw+G2zXtEdbWi+ZD aU6NBIdKvYY7Oo6lkTLY4hEdLjFV2DlvIOZ2V+2Bzh/BnpPsMZT30AQDjQuLn7OKjsXS 4ke97IIswqRbnXCU1Yp/zrtBBObY5YdHOds3WVwAYoxwoSZ8jL0pkQt6M5n4bIwH349T 0lDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=FXTBQILb; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id eb13si3712833edb.538.2021.01.28.08.43.21; Thu, 28 Jan 2021 08:43:26 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=FXTBQILb; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232651AbhA1Qkv (ORCPT + 16 others); Thu, 28 Jan 2021 11:40:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231637AbhA1Qks (ORCPT ); Thu, 28 Jan 2021 11:40:48 -0500 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9384BC061756 for ; Thu, 28 Jan 2021 08:40:08 -0800 (PST) Received: by mail-qt1-x833.google.com with SMTP id e15so4483768qte.9 for ; Thu, 28 Jan 2021 08:40:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=xUKn0NzBojMOVwVxrcDpshLbYrW1iFfQsN3N8Ke6dhg=; b=FXTBQILbbYTuCWaH1TpSdHZHvJ4XdnC+brnpi0eTUFiDh42Pvt5ZLPnnzyIcbC+uKJ ug0YzarbXcv0Ga4IXM4prXvBO1hm4ilETxHPvUPS2fzuEwrNibO/6OQBx783/dUi+JA9 2K/UDJSOIvGjaD2YHsVxU7vLP5vJeAJtYnSyE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=xUKn0NzBojMOVwVxrcDpshLbYrW1iFfQsN3N8Ke6dhg=; b=i2bK5DHW1FqokQiy3jF5uf15APbkZytCncQm2kITqycvmUBxrC4ysHw3YuFkPgdg9Z UCCZuXKGya7T3Peef/hnsq6gmLfuIvLJmDye3Xw44kw/5AJhoyCEYycOCecgjZjLzmIK hhD3tXO5MeAFDL6Ej/oL8rJ08zTyDjRhfvNiTCv07ONfD2OOJ444GA6OSjHXO4JKOkKU 6V1w5RHC31Z6XHh2pjVYh+e21+HQPX5CK96AnDSSwwHrRZLzRDi/P2lcZcFsYHOdmzIn K0llxw7vq5oErIWHoq5iSmbgZJhu5gqkkoiwBAjzuTuZ0Ma92Z743gZsJpEic076A9KY Brog== X-Gm-Message-State: AOAM532xcGMDPuotDPILs1evtiRCcJDKWJxkYh8ywrnQIKQsZcd3SiSN U99rSJf4X/785Zh7zq2dH+UmP6ADTuzZCg== X-Received: by 2002:ac8:2a4e:: with SMTP id l14mr332231qtl.390.1611852007563; Thu, 28 Jan 2021 08:40:07 -0800 (PST) Received: from fedora.pebenito.net (pool-96-234-173-17.bltmmd.fios.verizon.net. [96.234.173.17]) by smtp.gmail.com with ESMTPSA id c12sm2666430qkm.69.2021.01.28.08.40.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 Jan 2021 08:40:07 -0800 (PST) Subject: Re: [PATCH] misc services patches with changes Dominick and Chris wanted To: Russell Coker , selinux-refpolicy@vger.kernel.org References: From: Chris PeBenito Message-ID: Date: Thu, 28 Jan 2021 10:50:45 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 1/26/21 10:15 PM, Russell Coker wrote: > I think this one is ready to merge. > > Signed-off-by: Russell Coker Merged. I've added a new mmap_manage_files_pattern() macro and applied it to the changes. > @@ -899,6 +909,7 @@ optional_policy(` > # > > read_files_pattern(httpd_helper_t, httpd_config_t, httpd_config_t) > +allow httpd_t httpd_config_t:file map; I assumed this was a typo and the source type was httpd_helper_t instead of httpd_t. > Index: refpolicy-2.20210126/policy/modules/services/cron.te > =================================================================== > --- refpolicy-2.20210126.orig/policy/modules/services/cron.te > +++ refpolicy-2.20210126/policy/modules/services/cron.te > @@ -304,6 +304,8 @@ init_start_all_units(system_cronjob_t) > init_get_generic_units_status(system_cronjob_t) > init_get_system_status(system_cronjob_t) > > +backup_manage_store_files(system_cronjob_t) I made this optional. There were a few other lines that I moved around. -- Chris PeBenito