From: Russell Coker <russell@coker.com.au>
To: Chris PeBenito <pebenito@ieee.org>,
"selinux-refpolicy@vger.kernel.org"
<selinux-refpolicy@vger.kernel.org>
Subject: Re: read_file_perms vs mmap_read_file_perms
Date: Sun, 10 Feb 2019 11:04:15 +1100 [thread overview]
Message-ID: <B1D5725E-37F2-4CB8-9558-39313518F862@coker.com.au> (raw)
In-Reply-To: <402f8da9-de40-3a9d-f767-324bc6f0e60b@ieee.org>
Now that we have just had a release it's a good time for changes that have the potential to break things. So removing lock now would be ok I guess.
On 10 February 2019 1:07:22 am AEDT, Chris PeBenito <pebenito@ieee.org> wrote:
>On 2/9/19 5:25 AM, Russell Coker wrote:
>> define(`read_file_perms',`{ getattr open read lock ioctl }')
>> define(`mmap_read_file_perms',`{ getattr open map read ioctl }')
>>
>> I think that the general expectation would be that
>mmap_read_file_perms is a
>> superset of read_file_perms. Is there any reason why
>mmap_read_file_perms
>> doesn't include lock permission? If not I think we should add it to
>avoid
>> surprises.
>
>You are correct, it should be a proper superset. However, my
>preference
>would be to go the other way and eliminate lock from read_file_perms,
>which is what I'm trying to do with mmap_read_file_perms not being a
>proper superset.
--
Sent from my Huawei Mate 9 with K-9 Mail.
prev parent reply other threads:[~2019-02-10 0:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-09 10:25 read_file_perms vs mmap_read_file_perms Russell Coker
2019-02-09 14:07 ` Chris PeBenito
2019-02-10 0:04 ` Russell Coker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B1D5725E-37F2-4CB8-9558-39313518F862@coker.com.au \
--to=russell@coker.com.au \
--cc=pebenito@ieee.org \
--cc=selinux-refpolicy@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).