From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62F37C33CB1 for ; Sat, 18 Jan 2020 07:11:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3BDB32072B for ; Sat, 18 Jan 2020 07:11:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725980AbgARHLE (ORCPT ); Sat, 18 Jan 2020 02:11:04 -0500 Received: from aer-iport-4.cisco.com ([173.38.203.54]:7919 "EHLO aer-iport-4.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725913AbgARHLE (ORCPT ); Sat, 18 Jan 2020 02:11:04 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B6BAChriJe/xbLJq1lHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgXsCg2ggEiqNFIZiBoE3lBOHJAkBAQEMAQEvAQGEQAKCLjkFDQI?= =?us-ascii?q?DDQEBBAEBAQIBBQRthUOFXgEBAQECAX4LCxUMJQ8BBCghE4V9BSCqboIniHq?= =?us-ascii?q?BPiKBFIwoBnmBB4QkPoEXg3+EfyIEr0yCQ5YwG5pyLak0AgQGBQIVgWohgVg?= =?us-ascii?q?zGggwgydQGA2IOY4PQAMwjWcBAQ?= X-IronPort-AV: E=Sophos;i="5.70,333,1574121600"; d="scan'208";a="21910426" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Jan 2020 07:11:03 +0000 Received: from nott (ams-henribak-nitro3.cisco.com [10.55.169.228]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 00I7B2PV002719 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 18 Jan 2020 07:11:03 GMT From: Henrik Grindal Bakken To: Subject: Re: [RFC] files: Make files_{relabel,manage}_non_security_types work on all file types Organization: Sierra Fan Club References: <20200117231500.59904-1-hgb@ifi.uio.no> Date: Sat, 18 Jan 2020 08:11:02 +0100 In-Reply-To: <20200117231500.59904-1-hgb@ifi.uio.no> (Henrik Grindal Bakken's message of "Sat, 18 Jan 2020 00:15:00 +0100") Message-ID: <87v9p99r3t.fsf@cisco.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Outbound-SMTP-Client: 10.55.169.228, ams-henribak-nitro3.cisco.com X-Outbound-Node: aer-core-3.cisco.com Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Henrik Grindal Bakken writes: > From: Henrik Grindal Bakken > > This is the same behavious as files_*_non_auth_types have. The rationale for changing this is that the systemd-tmpfiles rules use files_manage_non_security_files() (and ..._relabel_...), which doesn't work well if you use tmpfiles for somewhat more exotic paths that the standard setup. An alternative to this approach is to change the rules in systemd.te for systemd_tmpfiles_t, but it seems to me like this change would be more in line with what's done for the similar interfaces. -- Henrik Grindal Bakken PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52