Re: [PATCH 3/3] Some items that seem they can be dontaudited for plymouthd

[Dominick Grift <dac.override@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1603 bytes --]

On Sat, Apr 13, 2019 at 02:24:25PM +1000, Russell Coker wrote:
> On Saturday, 13 April 2019 1:26:06 PM AEST Sugar, David wrote:
> > On 4/12/19 10:33 PM, Russell Coker wrote:
> > > What is netlink_kobject_uevent_socket?  Do we have a place we can document
> > > this sort of thing to make it easier to determine whether access is
> > > required and what the implications of such access are?
> > 
> > I'm really not sure either.  But, please note, that this patch is
> > dontaudit rules to quiet some denials that didn't seem to have any
> > negative side effect.  If this patch isn't applied things will still
> > function, just have some entries in the audit logs.
> 
> There's a good chance the action in question isn't an accident and some aspect 
> of the program's functionality will be changed.  I think it's best to have an 
> idea of what the issue was before putting in a dontaudit rule, if some 
> configuration of that program actually needs such functionality then a 
> dontaudit will make it inconvenient to track it down.
> 
> Have you tried running strace or ltrace to see what it's doing?

I agree that this probably shouldnt be dontaudited. This is a common pattern for "udev clients"

The kobject_uevent socket aspect is probably to monitor devices (equivalent to `udevadm monitor`)

> 
> -- 
> My Main Blog         http://etbe.coker.com.au/
> My Documents Blog    http://doc.coker.com.au/
> 

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]