From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=kX+E=3L=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B08ACC2D0DB
	for <selinux-refpolicy@archiver.kernel.org>; Wed, 22 Jan 2020 20:24:04 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 82D9A24655
	for <selinux-refpolicy@archiver.kernel.org>; Wed, 22 Jan 2020 20:24:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727453AbgAVUYE (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Wed, 22 Jan 2020 15:24:04 -0500
Received: from aer-iport-2.cisco.com ([173.38.203.52]:25887 "EHLO
        aer-iport-2.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725827AbgAVUYE (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Wed, 22 Jan 2020 15:24:04 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AyAwAOrihe/xbLJq1lHAEBAQEBBwE?=
 =?us-ascii?q?BEQEEBAEBgXuEChIqjRWGbgEBAQaBN5QThyQJAQEBDAEBLwEBhEACgj44EwI?=
 =?us-ascii?q?DDQEBBAEBAQIBBQRthUOFXgEBAQECAXkFCwsYCSUPAQQoIROFfQUgrnGCJ4k?=
 =?us-ascii?q?BgT4igRaMKgZ5gQeEJD6BF4h+IgSOC6FHgkOWMxuady2pOQIEBgUCFYFpIoF?=
 =?us-ascii?q?YMxoIMIMnUBgNiDmOD0ADMI1sAQE?=
X-IronPort-AV: E=Sophos;i="5.70,350,1574121600"; 
   d="scan'208";a="22440775"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22])
  by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jan 2020 20:24:01 +0000
Received: from nott (ams-henribak-nitro3.cisco.com [10.55.169.228])
        by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 00MKO11I011069
        (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
        Wed, 22 Jan 2020 20:24:01 GMT
From:   Henrik Grindal Bakken <hgb@ifi.uio.no>
To:     Chris PeBenito <pebenito@ieee.org>
Cc:     selinux-refpolicy@vger.kernel.org
Subject: Re: [RFC] files: Make files_{relabel,manage}_non_security_types work on all file types
Organization: Sierra Fan Club
References: <20200117231500.59904-1-hgb@ifi.uio.no>
        <aee925e5-1a1f-1c97-71eb-669ff5890392@ieee.org>
        <875zh4aop3.fsf@cisco.com>
        <068afebc-bee1-0d1e-ed37-e1473f66f982@ieee.org>
Date:   Wed, 22 Jan 2020 21:24:01 +0100
In-Reply-To: <068afebc-bee1-0d1e-ed37-e1473f66f982@ieee.org> (Chris PeBenito's
        message of "Wed, 22 Jan 2020 05:03:06 -0500")
Message-ID: <87sgk78cke.fsf@cisco.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Outbound-SMTP-Client: 10.55.169.228, ams-henribak-nitro3.cisco.com
X-Outbound-Node: aer-core-4.cisco.com
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

Chris PeBenito <pebenito@ieee.org> writes:

> On 1/21/20 9:06 AM, Henrik Grindal Bakken wrote:
>
>> Ok.  Then I would recomment rewriting the systemd_tmpfiles_t rules a
>> bit, because today it has a serious amount of AVC violations for pretty
>> standard usage.
>
> Perhaps.  However, it depends on what you consider standard usage.

I suppose.  It might not be standard out-of-the-distro-box, but it
supports managing all of these classes of files, and I would've
preferred my policy to support that.

>> There are no matching interfaces for lnk_files, at least.  Any
>> suggestions as to how to set up the tmpfiles rules?
>
> By adding new interfaces that are like the existing
> files_manage_non_security_files() interface, but for lnk_file.

Ok.  Is there interest in a patch for that, or should I just conjure up
something locally that works for me?

-- 
Henrik Grindal Bakken <hgb@ifi.uio.no>
PGP ID: 8D436E52
Fingerprint: 131D 9590 F0CF 47EF 7963  02AF 9236 D25A 8D43 6E52