Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp2938153rdh; Wed, 27 Sep 2023 18:57:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEctafat8bWcikWC3KMywRJTESxN8dOKYTP+7fllnul1RrCAo0266mNZBa0vSYFXu6/62rc X-Received: by 2002:a05:6830:1259:b0:6b9:4516:7d1e with SMTP id s25-20020a056830125900b006b945167d1emr3626541otp.30.1695866239118; Wed, 27 Sep 2023 18:57:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695866239; cv=none; d=google.com; s=arc-20160816; b=xMI+pVhvF9uqHO62Rd3ldA7TofxI/gYpyDJami42kEkY5PX8FsMqEeSzWRNlQL9Glr 5uzuos3UwNWWQIFTLMUq5q775UoRj7Uyc4cmt06wsejOhRLsVj4DbnKRJF2jUUG4Z274 fwOSuOr85ZkKJYExbmI8rvfNoi1FNqM7P7qVR7tR0GogZrjeQL4bLf3bUER+4kzsTPzN fHU+/6dbyWXr//9KCVmE9XGERQuYpdS8rqKSDVsf4AlVd8RCNt1DaibA4kPMoAtQd1/c 0ivaZvDOWvWUCLonTOyvhnsVLoC0RGAMrRK7Z1Ncq1f4B5nrwrjxWNNoULL5tHcHDOsi /JtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=hbOZNnBauZqyCfmVvFmdUzNi0/1p/SKWIU1o2U8PvzM=; fh=ILw2E733wwbpC5yz9T35BnbADgyOjFF5DimN3LqTMWM=; b=nrDVi+T8i7LbHNGTRPKCloi86cQDNwyjXdoassX3w2qMrQY/WE7GubC3SeCZUX8hdY 6XALiP3L93cb9HYGmININhvrzCAncHGTa3vwJA1bBtWp1GwyaPQqHK3w6SqyswcfE1WA fEesD3GLwGi/KLP/ZWqm0ZM7kz355T6+YFRnojahGmcvTHGMvnAtsbBYUQB0SNgIHlOf qsmfrGn68KCrMd9fmB343DzLUn2erq/v1MRHj1G7nl8m/7o+PVOcPf45jbnjgSdRTbhD IoWDK/1TB81AOUNlABh3Qvy64WYWiQWO8cjf8DjdITZf1bfkjn+swb1An81H1+iHIsY1 GJrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=LPQQSNrW; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id p3-20020aa78603000000b0068fce4338bdsi16572015pfn.62.2023.09.27.18.57.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 18:57:19 -0700 (PDT) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=LPQQSNrW; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 1EF70809C438; Tue, 26 Sep 2023 11:38:24 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235511AbjIZSi3 (ORCPT + 22 others); Tue, 26 Sep 2023 14:38:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235420AbjIZSi2 (ORCPT ); Tue, 26 Sep 2023 14:38:28 -0400 Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 521ABC0 for ; Tue, 26 Sep 2023 11:38:21 -0700 (PDT) Received: by mail-qv1-xf2b.google.com with SMTP id 6a1803df08f44-65b08bbd8b1so31056416d6.2 for ; Tue, 26 Sep 2023 11:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; t=1695753500; x=1696358300; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=hbOZNnBauZqyCfmVvFmdUzNi0/1p/SKWIU1o2U8PvzM=; b=LPQQSNrW8Tah3rB1Bw1jOHfK5KuJtzeJH2gGhOgXCTUGfIiP+BWQTp5NtmiBVTrQL7 WfoE2xi/s4wscYLD96gr13CtFf6i5Sx9fnkVEj2bclXIhT6BIreipq6fYqeART0fKbut j5NDSzxtkYIS+qfYnii6PPyidZoayGfsJgFCs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695753500; x=1696358300; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hbOZNnBauZqyCfmVvFmdUzNi0/1p/SKWIU1o2U8PvzM=; b=aB/NXhuBh722GxvWsxgIKe16jkb3RJ3a+ibPJ4mC6mBgt8pwVlzvyN5ix1k4j26ZAC FvkIeKTbMVimKquaxRot2AT9Okrrqs6pkPJ3ofprHqn5bE5uaaf/R2dzFiXodeTQbN0L vbnTXZJ6iGJ6tHtXceK++Oy6osdlgiLk4TAgX12IF0eq78GOl3KoJXNN6XneLGsF1ZZY 8xRtgO+j5MAeVnLVluuNC9RaVv0aCTZA9l9hUtisiddpdj9zX2Vbnp61XYrDm2ANeqJ/ GRq1Jd6wcdyFUQBTmGaEcJB2311ztt4kkijEgfPVLtRhoPeLxqcRm/J0Aqj2pgLoZ/QT MPKw== X-Gm-Message-State: AOJu0YxqJw0YoPtbbx27todyF1inZw3iZjxxsNuCKPiEVLTaTb7puR8i H5OqYuvgJ43GsV9QSvUKf6hnblLxAcxA3POl21g= X-Received: by 2002:a0c:a990:0:b0:64f:4e64:5962 with SMTP id a16-20020a0ca990000000b0064f4e645962mr9975590qvb.31.1695753500460; Tue, 26 Sep 2023 11:38:20 -0700 (PDT) Received: from ?IPV6:2601:145:c200:a0a:b8c9:7fd8:d44:8ee9? ([2601:145:c200:a0a:b8c9:7fd8:d44:8ee9]) by smtp.gmail.com with ESMTPSA id g9-20020a37e209000000b0076ee973b9a7sm2319446qki.27.2023.09.26.11.38.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 Sep 2023 11:38:20 -0700 (PDT) Message-ID: Date: Tue, 26 Sep 2023 14:38:16 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 Subject: Re: /usr/lib/NetworkManager/nm-dispatcher To: Russell Coker , selinux-refpolicy@vger.kernel.org, Chris PeBenito References: <2772620.BEx9A2HvPv@cupcakke> Content-Language: en-US From: Chris PeBenito In-Reply-To: <2772620.BEx9A2HvPv@cupcakke> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 26 Sep 2023 11:38:24 -0700 (PDT) On 9/26/2023 4:09 AM, Russell Coker wrote: > Regarding /usr/lib/NetworkManager/nm-dispatcher, you asked for more > information when I submitted a patch changing the context. > > Currently it has type NetworkManager_initrc_exec_t which implies that it's > part of a start script when it's really a program that's doing the actual > work. Also that type means that when a laptop resumes from suspend it gets > run in domain initrc_t which is not appropriate for it. > > We could have a domain_auto_trans for type NetworkManager_initrc_exec_t but I > think it's more appropriate to give it a label that more accurately reflects > it's use. > > What do you think Chris? I agree that NetworkManager_initrc_exec_t doesn't fit. It could warrant its own domain, like audisp, but I'm unsure without more info about the types of access it needs. i.e. more specific info than is in the man page. -- Chris PeBenito