Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp828636pxb; Thu, 17 Feb 2022 16:00:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJzHShHSuHrmPesiLJRJR9w1gQn4vYGelfHS6qFOr+JWTzrNWeAShNF9NamqCkP6Iv+NKR4n X-Received: by 2002:a17:902:8e88:b0:14d:66f3:8d71 with SMTP id bg8-20020a1709028e8800b0014d66f38d71mr4955880plb.105.1645142403308; Thu, 17 Feb 2022 16:00:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645142403; cv=none; d=google.com; s=arc-20160816; b=cjkr5nVhTD0oTjUg/appPg+sNsF4Ce8CvDi+5CM3FpuzBXcLg9DbhmjoenhVc5SM6s +ER5/AHfW420uWoucAVKygexnQdArG6m/xMuRwEDeZypRqLxHksrZ8Q5DeoHBAsZ5eBK J1fGTLQB/ZlqI0aVu2GGGb44IWs7X+uX02hqtg7uZz+2gyIdGNY7g+KlnINfk4eNcsot cTqPakfPLRldLJGnG8/6AuMIBeXNzkLiSSfIfhkgX1QHSdaRMlPl4N1U+CLefDMaEHV5 uUGBFPD1ZnmOfE1/7/uCFXcZ14IA2m2JpwSh6TyrczdY0a42Kpm2RTkIlEezRWOo/+Z0 5tNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=s8K251t9dvWBnisZ9mfajnh6kbTOJLOqlEDxWAbkRJI=; b=SBq1qGusDMpEmYqk+2oRwXEHB0mvivnCT1AMyfu2CgXWjeXjpi43dBJ2K5B4N74472 BDqT9EhmoDcAyb861e4zNiO0M2r+mXXGMpMYna62HL7shQy2/jsL7EZVkadiC46cfxEk 7VoA3cOc/QfmF7FI3MC/iW0gW1L9lybCawR6b0W6LlwriGlGjUR6k2N1ilXjcxgJF8Zo izASIlTCIIG0EfgivMgxdQslXv6qTof9x2nmC4zERZLFtzEYt4CJH5j3kOCkqjcighJh YUnS3VPSJpNSi3a5KjlK8eQYbLZa3LUgN4J2Mzvt9brBvKOMr8f9j9MPyNFVF4rVHve1 EayQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=adqwcXby; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id h3si9943128pgc.786.2022.02.17.16.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Feb 2022 16:00:03 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=adqwcXby; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 46F6431CA44; Thu, 17 Feb 2022 15:29:10 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238181AbiBQNuK (ORCPT + 22 others); Thu, 17 Feb 2022 08:50:10 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:47436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237920AbiBQNuK (ORCPT ); Thu, 17 Feb 2022 08:50:10 -0500 Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F0D2178BC5 for ; Thu, 17 Feb 2022 05:49:56 -0800 (PST) Received: by mail-qv1-xf2b.google.com with SMTP id d7so8292143qvk.2 for ; Thu, 17 Feb 2022 05:49:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=s8K251t9dvWBnisZ9mfajnh6kbTOJLOqlEDxWAbkRJI=; b=adqwcXbyPYLgQoKm4N4zRyQ43CcjuyEP0M7Ckk7KkH85AqgUUwzKwKiqAeXfcDBFiP 4HsBOBPi8ApBbyTU/j76FkpEPyyqKsdbS+D2mcxC8dtswNB+GsJ/6w/YjTCFkQQGxU9U ueJqLftRnv2Q6rPnbsBCjdrniVaQHURuwtprM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=s8K251t9dvWBnisZ9mfajnh6kbTOJLOqlEDxWAbkRJI=; b=vgUyVCUuGzQOh/Sy07mdZfBpn2rTKUcfIMpbUUQowTTOjQayznfOUV5qCjX+sYGwBP /XnxSRkOpQb81oBhm7TfhafwFE0yA9EK8ADdyZ3sJicF7sEkMi5eOqo50pb84hWEedCr zQb5dMXOC3lILICq2RTVtmShKCW8EiAMGVkeWsp5SGripTyGhbQH5X/LNdckNSgtUVRt +L5tJoJAkTDGRMfQEsqQhG8J5G5IHfs9YipHMXsNTrhqVFejyRwPq35hXGlmQnoeeiDI Cdo6DKet6+z/l405CwE/8DbNDHKPRnTJEVuvdeKBaD030/ZcYPaDywsNd1Nrozvj6OC4 q42Q== X-Gm-Message-State: AOAM5306rhZj1gg3unBy78LDiwxEdlwE0zIIw2I7gVDaWFOFuM6aAiBi KJevKviUr4RM0tXQn6QVLdNQRw== X-Received: by 2002:ac8:5a86:0:b0:2d2:64de:47fd with SMTP id c6-20020ac85a86000000b002d264de47fdmr2475112qtc.62.1645105795444; Thu, 17 Feb 2022 05:49:55 -0800 (PST) Received: from [192.168.1.126] ([72.85.44.115]) by smtp.gmail.com with ESMTPSA id t11sm22637996qtx.16.2022.02.17.05.49.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 17 Feb 2022 05:49:54 -0800 (PST) Message-ID: <2dce0336-6e94-4ae2-6f9e-a1257962b20e@ieee.org> Date: Thu, 17 Feb 2022 08:49:53 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH] puppet patch V2 Content-Language: en-US To: Russell Coker , selinux-refpolicy@vger.kernel.org References: <3072740.2nxLzSqVoC@xev> <03c61997-4190-ed7d-d791-867858d1cb23@linux.microsoft.com> <3266491.hCnaqv1u2z@liv> From: Chris PeBenito In-Reply-To: <3266491.hCnaqv1u2z@liv> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 2/16/22 20:41, Russell Coker wrote: > On Thursday, 17 February 2022 02:30:12 AEDT Chris PeBenito wrote: >> On 2/16/2022 08:08, Russell Coker wrote: >>> On Wednesday, 16 February 2022 22:35:58 AEDT Chris PeBenito wrote: >>>> Why are you adding bin_t as an entrypoint here and below? >>> >>> That's for running a script via the interpreter instead of via a >>> #!/usr/bin/ whatever so you can't just label the script file. >> >> I'm not sure I follow. Are you saying this is for handling things like >> "bash -c /some/script" and "python foo.py"? > > Yes. I don't think we make this type of accomodation elsewhere in the policy, so I'm inclined to say no to this part of the change. -- Chris PeBenito