* read_file_perms vs mmap_read_file_perms
@ 2019-02-09 10:25 Russell Coker
2019-02-09 14:07 ` Chris PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Russell Coker @ 2019-02-09 10:25 UTC (permalink / raw)
To: selinux-refpolicy
define(`read_file_perms',`{ getattr open read lock ioctl }')
define(`mmap_read_file_perms',`{ getattr open map read ioctl }')
I think that the general expectation would be that mmap_read_file_perms is a
superset of read_file_perms. Is there any reason why mmap_read_file_perms
doesn't include lock permission? If not I think we should add it to avoid
surprises.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: read_file_perms vs mmap_read_file_perms
2019-02-09 10:25 read_file_perms vs mmap_read_file_perms Russell Coker
@ 2019-02-09 14:07 ` Chris PeBenito
2019-02-10 0:04 ` Russell Coker
0 siblings, 1 reply; 3+ messages in thread
From: Chris PeBenito @ 2019-02-09 14:07 UTC (permalink / raw)
To: Russell Coker, selinux-refpolicy
On 2/9/19 5:25 AM, Russell Coker wrote:
> define(`read_file_perms',`{ getattr open read lock ioctl }')
> define(`mmap_read_file_perms',`{ getattr open map read ioctl }')
>
> I think that the general expectation would be that mmap_read_file_perms is a
> superset of read_file_perms. Is there any reason why mmap_read_file_perms
> doesn't include lock permission? If not I think we should add it to avoid
> surprises.
You are correct, it should be a proper superset. However, my preference
would be to go the other way and eliminate lock from read_file_perms,
which is what I'm trying to do with mmap_read_file_perms not being a
proper superset.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: read_file_perms vs mmap_read_file_perms
2019-02-09 14:07 ` Chris PeBenito
@ 2019-02-10 0:04 ` Russell Coker
0 siblings, 0 replies; 3+ messages in thread
From: Russell Coker @ 2019-02-10 0:04 UTC (permalink / raw)
To: Chris PeBenito, selinux-refpolicy
Now that we have just had a release it's a good time for changes that have the potential to break things. So removing lock now would be ok I guess.
On 10 February 2019 1:07:22 am AEDT, Chris PeBenito <pebenito@ieee.org> wrote:
>On 2/9/19 5:25 AM, Russell Coker wrote:
>> define(`read_file_perms',`{ getattr open read lock ioctl }')
>> define(`mmap_read_file_perms',`{ getattr open map read ioctl }')
>>
>> I think that the general expectation would be that
>mmap_read_file_perms is a
>> superset of read_file_perms. Is there any reason why
>mmap_read_file_perms
>> doesn't include lock permission? If not I think we should add it to
>avoid
>> surprises.
>
>You are correct, it should be a proper superset. However, my
>preference
>would be to go the other way and eliminate lock from read_file_perms,
>which is what I'm trying to do with mmap_read_file_perms not being a
>proper superset.
--
Sent from my Huawei Mate 9 with K-9 Mail.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-02-10 0:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-09 10:25 read_file_perms vs mmap_read_file_perms Russell Coker
2019-02-09 14:07 ` Chris PeBenito
2019-02-10 0:04 ` Russell Coker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).