Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp345487pxb;
        Tue, 2 Feb 2021 06:46:53 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwcsn+6nz0IQUBQjxnI4HGl4pxxTt2pf/nUUDrB52oEFG4nxSI+we2S5EY4I4fXx/WG3NqT
X-Received: by 2002:a17:906:8609:: with SMTP id o9mr22654793ejx.241.1612277213231;
        Tue, 02 Feb 2021 06:46:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612277213; cv=none;
        d=google.com; s=arc-20160816;
        b=zbzYcfNrX+DlPEH/oOgP8pDJQnHEiu/uGgFMuP62SAJTmBoqMbUOI9iJVY/4hFYbUs
         7bqB9OD1mkKnK0rlUEe3V4oRvGNuIzkx3dRsgTqDiZplX3QQy2LSOcZRDp4k/7K+Um1p
         XvnpSHdBv796OkQH0fnplE/W0EQ288Bfn7H6pVJSUTHLwiBq2A6Sa5nY7SrZDSu6xNlr
         F+kx3ciuokSzBbHrEC6YCh93hhVZ7rx7moESopAxWm1XqVO34oc6Cwz2anHTBUn4nnaW
         /cKm+T7OdOZXMNIvahx6b/1Ssey0eVOiUU2cqQ1PX1uXK/p4ubpgOdXDKNHzFbJwK7la
         dbYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=TpxOkURIaw5MAwxBsJzv5KiJIVLL3AJV5AtJPdsmpsc=;
        b=hmUy2NXA3k6KfRL1s+Kn/9u262xFuFgcs8iYg/+0vrdCbuPzVzhdvACFKix4ZN88Qm
         SABwG1lrivJO5XU9pCKvKaUOUdtjiAH9yGWHyYFYlu4gqmABWHykf9AovfX9RwGx85PX
         oJI4QdntoA1h95fxPjyoGzFtDYYi3FPmL7qEren9PyhiMmrDnd2tV35Z+cADXpwd6M4M
         D8aqkq877aZvWAISdz4bMobI04PYkP6WlNLPHRA/66R08FDZnEzE5Okk4Lia87mBkvWf
         Ekr/QbT4vxo/p2WN9JNHTgHoUQtQdn1XY3sll6vNJc8uDIQllUcRU7bvHmTbiogcUnwj
         4aow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@coker.com.au header.s=2008 header.b="WNZTi9/6";
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id v12si12512663ejy.529.2021.02.02.06.46.45;
        Tue, 02 Feb 2021 06:46:53 -0800 (PST)
Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@coker.com.au header.s=2008 header.b="WNZTi9/6";
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234746AbhBBOp0 (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 16 others); Tue, 2 Feb 2021 09:45:26 -0500
Received: from smtp.sws.net.au ([46.4.88.250]:42564 "EHLO smtp.sws.net.au"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S234707AbhBBOnW (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Tue, 2 Feb 2021 09:43:22 -0500
Received: from liv.coker.com.au (unknown [103.75.204.227])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        (Authenticated sender: russell@coker.com.au)
        by smtp.sws.net.au (Postfix) with ESMTPSA id 2D684EB83;
        Wed,  3 Feb 2021 01:42:31 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au;
        s=2008; t=1612276953;
        bh=TpxOkURIaw5MAwxBsJzv5KiJIVLL3AJV5AtJPdsmpsc=; l=1095;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=WNZTi9/6+hkzTQ8vfDVrxEfpVU6LDQiwU1uIFVw25f4eqKoUarxBonOQDo6QdEuXt
         J4Qx7sroYKhkrr2PZgM8JplzSblLskv+LBGbPkepacUe0DsOcXD/dRuJ7asm5q2JGN
         OpWNjrmdO+5648BWaPER/rClSHWP+P16vLjbVSNA=
From:   Russell Coker <russell@coker.com.au>
To:     Chris PeBenito <pebenito@ieee.org>
Cc:     selinux-refpolicy@vger.kernel.org
Subject: Re: [PATCH] new version of filetrans patch
Date:   Wed, 03 Feb 2021 01:42:27 +1100
Message-ID: <2243812.pyNZXzfhlh@liv>
In-Reply-To: <983ff6fa-2bbc-22f1-a72c-a4eb38127f09@ieee.org>
References: <YBeKKR5cmQe+MTRA@xev> <983ff6fa-2bbc-22f1-a72c-a4eb38127f09@ieee.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

On Wednesday, 3 February 2021 12:49:07 AM AEDT Chris PeBenito wrote:
> > Name changes suggested by Dominick and some more additions.
> > 
> > Signed-off-by: Russell Coker <russell@coker.com.au>
> 
> Merged, though I renamed some interfaces and dropped a block that didn't
> apply since it's so close to the merge window closing.

+interface(`systemd_run_passwd_agent',`
+       gen_require(`
+               type systemd_passwd_agent_t, systemd_passwd_agent_exec_t;
+       ')
+
+       domain_auto_transition_pattern($1, systemd_passwd_agent_exec_t, 
systemd_passwd_agent_t)
+       allow systemd_passwd_agent_t $1:fd use;
+       role $2 types systemd_passwd_agent_t;
+')

Why did you change the above to the below?  It needs an auto trans.

interface(`systemd_run_passwd_agent',`
        gen_require(`
                type systemd_passwd_agent_t, systemd_passwd_agent_exec_t;
        ')

        domtrans_pattern($1, systemd_passwd_agent_exec_t, 
systemd_passwd_agent_t)
        allow systemd_passwd_agent_t $1:fd use;
        role $2 types systemd_passwd_agent_t;
')


-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/