Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp828636pxb;
        Thu, 17 Feb 2022 16:00:03 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzHShHSuHrmPesiLJRJR9w1gQn4vYGelfHS6qFOr+JWTzrNWeAShNF9NamqCkP6Iv+NKR4n
X-Received: by 2002:a17:902:8e88:b0:14d:66f3:8d71 with SMTP id bg8-20020a1709028e8800b0014d66f38d71mr4955880plb.105.1645142403308;
        Thu, 17 Feb 2022 16:00:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645142403; cv=none;
        d=google.com; s=arc-20160816;
        b=cjkr5nVhTD0oTjUg/appPg+sNsF4Ce8CvDi+5CM3FpuzBXcLg9DbhmjoenhVc5SM6s
         +ER5/AHfW420uWoucAVKygexnQdArG6m/xMuRwEDeZypRqLxHksrZ8Q5DeoHBAsZ5eBK
         J1fGTLQB/ZlqI0aVu2GGGb44IWs7X+uX02hqtg7uZz+2gyIdGNY7g+KlnINfk4eNcsot
         cTqPakfPLRldLJGnG8/6AuMIBeXNzkLiSSfIfhkgX1QHSdaRMlPl4N1U+CLefDMaEHV5
         uUGBFPD1ZnmOfE1/7/uCFXcZ14IA2m2JpwSh6TyrczdY0a42Kpm2RTkIlEezRWOo/+Z0
         5tNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:to:content-language:subject:user-agent:mime-version:date
         :message-id:dkim-signature;
        bh=s8K251t9dvWBnisZ9mfajnh6kbTOJLOqlEDxWAbkRJI=;
        b=SBq1qGusDMpEmYqk+2oRwXEHB0mvivnCT1AMyfu2CgXWjeXjpi43dBJ2K5B4N74472
         BDqT9EhmoDcAyb861e4zNiO0M2r+mXXGMpMYna62HL7shQy2/jsL7EZVkadiC46cfxEk
         7VoA3cOc/QfmF7FI3MC/iW0gW1L9lybCawR6b0W6LlwriGlGjUR6k2N1ilXjcxgJF8Zo
         izASIlTCIIG0EfgivMgxdQslXv6qTof9x2nmC4zERZLFtzEYt4CJH5j3kOCkqjcighJh
         YUnS3VPSJpNSi3a5KjlK8eQYbLZa3LUgN4J2Mzvt9brBvKOMr8f9j9MPyNFVF4rVHve1
         EayQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b=adqwcXby;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id h3si9943128pgc.786.2022.02.17.16.00.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 17 Feb 2022 16:00:03 -0800 (PST)
Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b=adqwcXby;
       spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 46F6431CA44;
	Thu, 17 Feb 2022 15:29:10 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238181AbiBQNuK (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 22 others); Thu, 17 Feb 2022 08:50:10 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:47436 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237920AbiBQNuK (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Thu, 17 Feb 2022 08:50:10 -0500
Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F0D2178BC5
        for <selinux-refpolicy@vger.kernel.org>; Thu, 17 Feb 2022 05:49:56 -0800 (PST)
Received: by mail-qv1-xf2b.google.com with SMTP id d7so8292143qvk.2
        for <selinux-refpolicy@vger.kernel.org>; Thu, 17 Feb 2022 05:49:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ieee.org; s=google;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :references:from:in-reply-to:content-transfer-encoding;
        bh=s8K251t9dvWBnisZ9mfajnh6kbTOJLOqlEDxWAbkRJI=;
        b=adqwcXbyPYLgQoKm4N4zRyQ43CcjuyEP0M7Ckk7KkH85AqgUUwzKwKiqAeXfcDBFiP
         4HsBOBPi8ApBbyTU/j76FkpEPyyqKsdbS+D2mcxC8dtswNB+GsJ/6w/YjTCFkQQGxU9U
         ueJqLftRnv2Q6rPnbsBCjdrniVaQHURuwtprM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:references:from:in-reply-to
         :content-transfer-encoding;
        bh=s8K251t9dvWBnisZ9mfajnh6kbTOJLOqlEDxWAbkRJI=;
        b=vgUyVCUuGzQOh/Sy07mdZfBpn2rTKUcfIMpbUUQowTTOjQayznfOUV5qCjX+sYGwBP
         /XnxSRkOpQb81oBhm7TfhafwFE0yA9EK8ADdyZ3sJicF7sEkMi5eOqo50pb84hWEedCr
         zQb5dMXOC3lILICq2RTVtmShKCW8EiAMGVkeWsp5SGripTyGhbQH5X/LNdckNSgtUVRt
         +L5tJoJAkTDGRMfQEsqQhG8J5G5IHfs9YipHMXsNTrhqVFejyRwPq35hXGlmQnoeeiDI
         Cdo6DKet6+z/l405CwE/8DbNDHKPRnTJEVuvdeKBaD030/ZcYPaDywsNd1Nrozvj6OC4
         q42Q==
X-Gm-Message-State: AOAM5306rhZj1gg3unBy78LDiwxEdlwE0zIIw2I7gVDaWFOFuM6aAiBi
        KJevKviUr4RM0tXQn6QVLdNQRw==
X-Received: by 2002:ac8:5a86:0:b0:2d2:64de:47fd with SMTP id c6-20020ac85a86000000b002d264de47fdmr2475112qtc.62.1645105795444;
        Thu, 17 Feb 2022 05:49:55 -0800 (PST)
Received: from [192.168.1.126] ([72.85.44.115])
        by smtp.gmail.com with ESMTPSA id t11sm22637996qtx.16.2022.02.17.05.49.54
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 17 Feb 2022 05:49:54 -0800 (PST)
Message-ID: <2dce0336-6e94-4ae2-6f9e-a1257962b20e@ieee.org>
Date:   Thu, 17 Feb 2022 08:49:53 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
Subject: Re: [PATCH] puppet patch V2
Content-Language: en-US
To:     Russell Coker <russell@coker.com.au>,
        selinux-refpolicy@vger.kernel.org
References: <YgsIj5n4TxELgB3u@xev.coker.com.au> <3072740.2nxLzSqVoC@xev>
 <03c61997-4190-ed7d-d791-867858d1cb23@linux.microsoft.com>
 <3266491.hCnaqv1u2z@liv>
From:   Chris PeBenito <pebenito@ieee.org>
In-Reply-To: <3266491.hCnaqv1u2z@liv>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

On 2/16/22 20:41, Russell Coker wrote:
> On Thursday, 17 February 2022 02:30:12 AEDT Chris PeBenito wrote:
>> On 2/16/2022 08:08, Russell Coker wrote:
>>> On Wednesday, 16 February 2022 22:35:58 AEDT Chris PeBenito wrote:
>>>> Why are you adding bin_t as an entrypoint here and below?
>>>
>>> That's for running a script via the interpreter instead of via a
>>> #!/usr/bin/ whatever so you can't just label the script file.
>>
>> I'm not sure I follow.  Are you saying this is for handling things like
>>    "bash -c /some/script" and "python foo.py"?
> 
> Yes.

I don't think we make this type of accomodation elsewhere in the policy, so I'm 
inclined to say no to this part of the change.

-- 
Chris PeBenito