Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1456177pxb; Tue, 8 Feb 2022 18:41:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJz1YwiXxpvwuQ5s6rMT323jgKvlJvDfdOaeYX5XbZN92HNP0HL5FbO8u9ljkWg2F4K/irkK X-Received: by 2002:a50:cb8c:: with SMTP id k12mr304071edi.69.1644374466512; Tue, 08 Feb 2022 18:41:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644374466; cv=none; d=google.com; s=arc-20160816; b=rMxyp9BkG06xCXE7e7b6+FRjXPGMqEGWFChYFamnBbYxZdAt1nVPcUsHRcQW3cjUiu azFfl8ADQYMJcPPCTk3rUe8JhuUsitFyr+zvwg/wJpPEFS1d05JygHi8hOQ5f4kKBJxW M+GhfBpAYAXDZ/JJk1ZbVo2dZCaSiPbmJ/WE7oqDfB0QO8YPvX7qyuaydfYOnkIunOdb Z5BKqRehQ+Bp2Vwq3NM/+aZIhQ0BFrzHp7HyYXZOKQiGUXv90tuMBVddCfGvBdqwzlBh /Mp9S/76HipTLEnxELL3Wj1fRlRapHKIuqSqlOja4mNAE7Mmhlqav+mKOEWNL3dsnBq4 WNOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=Cm42hQ0D/AZLspPfL5f9gL9Mo5wWtdo6gdIiipWdMZU=; b=BjytE+t0jtCgXDcY5zYDLdrlbEiaG9XTs3DRhR2R/FlsutwRpQ8r0YlEJer1bupXqc 7kbphFgVtVQJYryeZEmhgBMJ4FgcN2/JHse0dymQPQ8jPM7VNKTPLf1lIEWpCaBwbO7e BTFE8alB9MlOWgxYrtqcG+yfxQX/vzuFNWGMxMPT8wQSWwsnWV0LY2xqkN+kzojo1UpI kd3zguHh21ih9JoTtesoiIw3qUpEIv+s3iJFWORO7WNAMCGZaZ9cyLthW0yXDNVBXak/ o5ghLrvDEGrfGiNhFvb1b9DQgai35zsLb3ZpyaxlMa47rMQ7+Cojdrovykg7ebRNa1Nu H1LA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gs38si10585305ejc.574.2022.02.08.18.40.58; Tue, 08 Feb 2022 18:41:06 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238604AbiBHXvG convert rfc822-to-8bit (ORCPT + 22 others); Tue, 8 Feb 2022 18:51:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237118AbiBHXvF (ORCPT ); Tue, 8 Feb 2022 18:51:05 -0500 X-Greylist: delayed 302 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 08 Feb 2022 15:51:04 PST Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.85.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E1FA3C061577 for ; Tue, 8 Feb 2022 15:51:04 -0800 (PST) Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mtapsc-5-34ZSeE5ZPTGlj3py7oltng-1; Tue, 08 Feb 2022 23:44:44 +0000 X-MC-Unique: 34ZSeE5ZPTGlj3py7oltng-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Tue, 8 Feb 2022 23:44:43 +0000 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.028; Tue, 8 Feb 2022 23:44:43 +0000 From: David Laight To: 'Dominick Grift' , Chris PeBenito CC: William Roberts , Paul Moore , Demi Marie Obenour , "Stephen Smalley" , Eric Paris , SElinux list , "Linux kernel mailing list" , "selinux-refpolicy@vger.kernel.org" Subject: RE: [PATCH] SELinux: Always allow FIOCLEX and FIONCLEX Thread-Topic: [PATCH] SELinux: Always allow FIOCLEX and FIONCLEX Thread-Index: AQHYHQyXVOSyCHpUB0mpWP39zhRRb6yKUIVg Date: Tue, 8 Feb 2022 23:44:43 +0000 Message-ID: <23e35a8fc78e414c982ab40670157667@AcuMS.aculab.com> References: <4df50e95-6173-4ed1-9d08-3c1c4abab23f@gmail.com> <478e1651-a383-05ff-d011-6dda771b8ce8@linux.microsoft.com> <875ypt5zmz.fsf@defensec.nl> <4be3fef6-63ca-af97-7fc6-d93d85a9b706@linux.microsoft.com> <87ee4dnw52.fsf@defensec.nl> In-Reply-To: <87ee4dnw52.fsf@defensec.nl> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org From: Dominick Grift > Sent: 08 February 2022 16:47 ... > I would not mind removing these two checks, but i am not a big user of > xperms (i only filter TIOSCTI on terminal chr files and only for the > entities that write or append them). TIOSCTI isn't your only problem. Much 'fun' can be had with terminals that support a settable answerback message. Possibly that is limited to physical serial terminals, but some emulators might be 'good enough' to support the relevant escape sequences. Even the default answerback message can be very confusing. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)