Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp516974pxb; Tue, 2 Feb 2021 10:33:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJyol2CGA9dXR2BXfFtB0i57EAWPY6PDTLqmn/oQyJJRPzLu2QkZ7LwbBG4TtzsR1J6/yxj4 X-Received: by 2002:a17:906:3fc1:: with SMTP id k1mr24419513ejj.58.1612290817821; Tue, 02 Feb 2021 10:33:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612290817; cv=none; d=google.com; s=arc-20160816; b=QRjTv3MnYm8UXKvvFSx8xgWsLdgMXT5MJgjrSwZSihnWF9Bb3qtW1m6zX5ePMI7ktH NCjhrMpZ5yqae2eRa/gvAkjQVGd+Q/AoAHVJU0P4yvhgP2D8WAy8oVzfCTGhVG7/XnHX RPMPuO8rQpgtw8hXdEcTIy1wQKPNw+t9kt3y1LH/mpB3v+rSJTRAx8NL1RZyB8o+ZitO dz9uZosbNS4TSpS8CYGR3w13ZyjNl1oLT6G+n39oJi15yOswK4I1HfIpi4NDgYrDKbPw 1JAJ+OfUk67QSh02o0kc+JHkEJSVSdW0lItTW07kIn7u04wPXmBq+1vkvGi4Z117btbG xVpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=aPm7pDDbTZrlAKjHVKKUEuOtBCNKXGgZdNKHb0gDIVM=; b=lmhmHbgXFh9W2VhFLOc0uVhKYHt2BhLFo1g57uBhN6PFD4XxYFqxilNzxgMcc81SNs b73UFaKtKmCljLaL5cS6xyrVd5TRFLlP5wjBJNpUVdqMQMC7HbgNmJXLVvn/AuhmDrPs Z069TPOV6BSFEiF1SM0e1tsCSiMEprP8+eKG0Ji+BVZZriy9PCPp7e9iobhQ7sUj5zZ4 e1S4DdGSuy31wuljtUAJLTTE71XCEWw9/Sr39gWhOrFzeoar/FGH++rrz8B3uHEdCk1F yxOH6pLwZUBoG8Mr4m9k1NdWgX67zNPgHjNwadNrxzqms5oqXBrTu14//sjuTSO8mp4X x+sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=ZD5xHvv6; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hx7si2831442ejc.316.2021.02.02.10.33.30; Tue, 02 Feb 2021 10:33:37 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=ZD5xHvv6; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233831AbhBBScS (ORCPT + 16 others); Tue, 2 Feb 2021 13:32:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238650AbhBBSak (ORCPT ); Tue, 2 Feb 2021 13:30:40 -0500 Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B44CC0617AA for ; Tue, 2 Feb 2021 10:29:02 -0800 (PST) Received: by mail-qv1-xf35.google.com with SMTP id ew18so10369061qvb.4 for ; Tue, 02 Feb 2021 10:29:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=aPm7pDDbTZrlAKjHVKKUEuOtBCNKXGgZdNKHb0gDIVM=; b=ZD5xHvv6AxVFbWsThZz7HJpUZEDIWsGlMbWQ6urmYx5E/0L67RBw9FqGwQS8Bdl6qu 74gYJEil4+jOhqAwvCNhEdQ0KN7jN2I5bbLWMVTMna+B6oFk0gD2ZKmUaXWextf9N78c tgPMQGNrkzApRTH61oZWIVT5irAY6jlnkChHo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=aPm7pDDbTZrlAKjHVKKUEuOtBCNKXGgZdNKHb0gDIVM=; b=PxxvxtBfsBnjaTS6/lJVEYOwNWzq2jN62fP1vv8Vz5IpZehEA6JRoiN/haDIvXrYOg F9ZXR1iwypZNDx5E05Uu/ZPEgKhz1pt5Euj6vVRF5/5Yrf3KTaVL7VLNaIdg03CsMlC8 +iHNES7TMev124eUNvIUsDuew0tOxS4TiwlyIMdAbXQ2Y0sDQ7tVNV05cKS1UXBdDa5X Wm4j0ccNlS4UwXP0T+yCdZ4DPRvXl6kWWwrSPuxytKmX745mw+5JZdI4qV73pWj1RLCk 1OTYsGqR4m8xUVvkYll+szvzu2MJKHJOh3/Hzq7AiNmjyKc+ZWpr+c9cu4yeozXLeDyB FiwA== X-Gm-Message-State: AOAM5324YtIcD2jrUb4N1WJ9WJSbA+9cTFrL2pBP5fd6pn3/NRPq6b+c HXCzGeaEtHgJH1bFSZA9Ucj//v7Ooqn9ng== X-Received: by 2002:a05:6214:148a:: with SMTP id bn10mr21684242qvb.52.1612290541160; Tue, 02 Feb 2021 10:29:01 -0800 (PST) Received: from fedora.pebenito.net (pool-96-234-173-17.bltmmd.fios.verizon.net. [96.234.173.17]) by smtp.gmail.com with ESMTPSA id 196sm18267053qkl.4.2021.02.02.10.29.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Feb 2021 10:29:00 -0800 (PST) Subject: Re: [PATCH] new version of filetrans patch To: Russell Coker Cc: selinux-refpolicy@vger.kernel.org References: <983ff6fa-2bbc-22f1-a72c-a4eb38127f09@ieee.org> <2243812.pyNZXzfhlh@liv> From: Chris PeBenito Message-ID: <4ba452f1-2dd6-810b-665e-f648e7bdc967@ieee.org> Date: Tue, 2 Feb 2021 13:28:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <2243812.pyNZXzfhlh@liv> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 2/2/21 9:42 AM, Russell Coker wrote: > On Wednesday, 3 February 2021 12:49:07 AM AEDT Chris PeBenito wrote: >>> Name changes suggested by Dominick and some more additions. >>> >>> Signed-off-by: Russell Coker >> >> Merged, though I renamed some interfaces and dropped a block that didn't >> apply since it's so close to the merge window closing. > > +interface(`systemd_run_passwd_agent',` > + gen_require(` > + type systemd_passwd_agent_t, systemd_passwd_agent_exec_t; > + ') > + > + domain_auto_transition_pattern($1, systemd_passwd_agent_exec_t, > systemd_passwd_agent_t) > + allow systemd_passwd_agent_t $1:fd use; > + role $2 types systemd_passwd_agent_t; > +') > > Why did you change the above to the below? It needs an auto trans. > > interface(`systemd_run_passwd_agent',` > gen_require(` > type systemd_passwd_agent_t, systemd_passwd_agent_exec_t; > ') > > domtrans_pattern($1, systemd_passwd_agent_exec_t, > systemd_passwd_agent_t) > allow systemd_passwd_agent_t $1:fd use; > role $2 types systemd_passwd_agent_t; > ') domtrans_pattern() is automatic. -- Chris PeBenito