selinux-refpolicy.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Chris PeBenito <pebenito@ieee.org>
To: Russell Coker <russell@coker.com.au>,
	selinux-refpolicy@vger.kernel.org,
	Chris PeBenito <chpebeni@linux.microsoft.com>
Subject: Re: /usr/lib/NetworkManager/nm-dispatcher
Date: Tue, 26 Sep 2023 14:38:16 -0400	[thread overview]
Message-ID: <ed3adb7c-5a3a-4153-ae1d-d31bd4ccad9c@ieee.org> (raw)
In-Reply-To: <2772620.BEx9A2HvPv@cupcakke>

On 9/26/2023 4:09 AM, Russell Coker wrote:
> Regarding /usr/lib/NetworkManager/nm-dispatcher, you asked for more
> information when I submitted a patch changing the context.
> 
> Currently it has type NetworkManager_initrc_exec_t which implies that it's
> part of a start script when it's really a program that's doing the actual
> work.  Also that type means that when a laptop resumes from suspend it gets
> run in domain initrc_t which is not appropriate for it.
> 
> We could have a domain_auto_trans for type NetworkManager_initrc_exec_t but I
> think it's more appropriate to give it a label that more accurately reflects
> it's use.
> 
> What do you think Chris?

I agree that NetworkManager_initrc_exec_t doesn't fit.  It could warrant 
its own domain, like audisp, but I'm unsure without more info about the 
types of access it needs. i.e. more specific info than is in the man page.

-- 
Chris PeBenito


      reply	other threads:[~2023-09-26 18:38 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-26  8:09 /usr/lib/NetworkManager/nm-dispatcher Russell Coker
2023-09-26 18:38 ` Chris PeBenito [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ed3adb7c-5a3a-4153-ae1d-d31bd4ccad9c@ieee.org \
    --to=pebenito@ieee.org \
    --cc=chpebeni@linux.microsoft.com \
    --cc=russell@coker.com.au \
    --cc=selinux-refpolicy@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).