Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp345487pxb; Tue, 2 Feb 2021 06:46:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJwcsn+6nz0IQUBQjxnI4HGl4pxxTt2pf/nUUDrB52oEFG4nxSI+we2S5EY4I4fXx/WG3NqT X-Received: by 2002:a17:906:8609:: with SMTP id o9mr22654793ejx.241.1612277213231; Tue, 02 Feb 2021 06:46:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612277213; cv=none; d=google.com; s=arc-20160816; b=zbzYcfNrX+DlPEH/oOgP8pDJQnHEiu/uGgFMuP62SAJTmBoqMbUOI9iJVY/4hFYbUs 7bqB9OD1mkKnK0rlUEe3V4oRvGNuIzkx3dRsgTqDiZplX3QQy2LSOcZRDp4k/7K+Um1p XvnpSHdBv796OkQH0fnplE/W0EQ288Bfn7H6pVJSUTHLwiBq2A6Sa5nY7SrZDSu6xNlr F+kx3ciuokSzBbHrEC6YCh93hhVZ7rx7moESopAxWm1XqVO34oc6Cwz2anHTBUn4nnaW /cKm+T7OdOZXMNIvahx6b/1Ssey0eVOiUU2cqQ1PX1uXK/p4ubpgOdXDKNHzFbJwK7la dbYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TpxOkURIaw5MAwxBsJzv5KiJIVLL3AJV5AtJPdsmpsc=; b=hmUy2NXA3k6KfRL1s+Kn/9u262xFuFgcs8iYg/+0vrdCbuPzVzhdvACFKix4ZN88Qm SABwG1lrivJO5XU9pCKvKaUOUdtjiAH9yGWHyYFYlu4gqmABWHykf9AovfX9RwGx85PX oJI4QdntoA1h95fxPjyoGzFtDYYi3FPmL7qEren9PyhiMmrDnd2tV35Z+cADXpwd6M4M D8aqkq877aZvWAISdz4bMobI04PYkP6WlNLPHRA/66R08FDZnEzE5Okk4Lia87mBkvWf Ekr/QbT4vxo/p2WN9JNHTgHoUQtQdn1XY3sll6vNJc8uDIQllUcRU7bvHmTbiogcUnwj 4aow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b="WNZTi9/6"; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v12si12512663ejy.529.2021.02.02.06.46.45; Tue, 02 Feb 2021 06:46:53 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b="WNZTi9/6"; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234746AbhBBOp0 (ORCPT + 16 others); Tue, 2 Feb 2021 09:45:26 -0500 Received: from smtp.sws.net.au ([46.4.88.250]:42564 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234707AbhBBOnW (ORCPT ); Tue, 2 Feb 2021 09:43:22 -0500 Received: from liv.coker.com.au (unknown [103.75.204.227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 2D684EB83; Wed, 3 Feb 2021 01:42:31 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1612276953; bh=TpxOkURIaw5MAwxBsJzv5KiJIVLL3AJV5AtJPdsmpsc=; l=1095; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WNZTi9/6+hkzTQ8vfDVrxEfpVU6LDQiwU1uIFVw25f4eqKoUarxBonOQDo6QdEuXt J4Qx7sroYKhkrr2PZgM8JplzSblLskv+LBGbPkepacUe0DsOcXD/dRuJ7asm5q2JGN OpWNjrmdO+5648BWaPER/rClSHWP+P16vLjbVSNA= From: Russell Coker To: Chris PeBenito Cc: selinux-refpolicy@vger.kernel.org Subject: Re: [PATCH] new version of filetrans patch Date: Wed, 03 Feb 2021 01:42:27 +1100 Message-ID: <2243812.pyNZXzfhlh@liv> In-Reply-To: <983ff6fa-2bbc-22f1-a72c-a4eb38127f09@ieee.org> References: <983ff6fa-2bbc-22f1-a72c-a4eb38127f09@ieee.org> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Wednesday, 3 February 2021 12:49:07 AM AEDT Chris PeBenito wrote: > > Name changes suggested by Dominick and some more additions. > > > > Signed-off-by: Russell Coker > > Merged, though I renamed some interfaces and dropped a block that didn't > apply since it's so close to the merge window closing. +interface(`systemd_run_passwd_agent',` + gen_require(` + type systemd_passwd_agent_t, systemd_passwd_agent_exec_t; + ') + + domain_auto_transition_pattern($1, systemd_passwd_agent_exec_t, systemd_passwd_agent_t) + allow systemd_passwd_agent_t $1:fd use; + role $2 types systemd_passwd_agent_t; +') Why did you change the above to the below? It needs an auto trans. interface(`systemd_run_passwd_agent',` gen_require(` type systemd_passwd_agent_t, systemd_passwd_agent_exec_t; ') domtrans_pattern($1, systemd_passwd_agent_exec_t, systemd_passwd_agent_t) allow systemd_passwd_agent_t $1:fd use; role $2 types systemd_passwd_agent_t; ') -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/