From: Dominick Grift <dominick.grift@defensec.nl>
To: Chris PeBenito <pebenito@ieee.org>
Cc: Russell Coker <russell@coker.com.au>, selinux-refpolicy@vger.kernel.org
Subject: Re: [PATCH] another systemd misc patch
Date: Fri, 5 Feb 2021 21:45:32 +0100 [thread overview]
Message-ID: <df3be15f-7d9a-3863-521d-cab42cc9e143@defensec.nl> (raw)
In-Reply-To: <0c8ef4b6-893a-134c-d8ba-c0a6af4e8638@ieee.org>
On 2/5/21 9:31 PM, Chris PeBenito wrote:
> On 2/5/21 3:18 PM, Dominick Grift wrote:
>> Chris PeBenito <pebenito@ieee.org> writes:
>>> On 2/2/21 10:31 PM, Russell Coker wrote:
>>>> Lots of littls changes related to systemd.
>>>> Signed-off-by: Russell Coker <russell@coker.com.au>
>
>>>> @@ -925,14 +1001,26 @@ allow systemd_nspawn_t systemd_nspawn_tm
>>>> # for /run/systemd/nspawn/incoming in chroot
>>>> allow systemd_nspawn_t systemd_nspawn_runtime_t:dir mounton;
>>>> +kernel_getattr_core_if(systemd_nspawn_t)
>>>> +kernel_getattr_proc(systemd_nspawn_t)
>>>> +kernel_getattr_unlabeled_dirs(systemd_nspawn_t)
>>>> +
>>>> kernel_mount_proc(systemd_nspawn_t)
>>>> kernel_mounton_sysctl_dirs(systemd_nspawn_t)
>>>> kernel_mounton_kernel_sysctl_files(systemd_nspawn_t)
>>>> kernel_mounton_message_if(systemd_nspawn_t)
>>>> kernel_mounton_proc(systemd_nspawn_t)
>>>> +kernel_mounton_sysctl_files(systemd_nspawn_t)
>>>> +kernel_mounton_unlabeled_dirs(systemd_nspawn_t)
>>>
>>> With all of the mounting, perhaps we should consider coalescing on
>>> allowing it to mount an all init_mountpoint_types.
>>
>> mounton unlabeled dirs indicates that something is unlabeled/mislabeled
>> though. Wouldnt allow that.
>
> Yes I agree. I noticed all the mountons but didn't notice this specific
> one.
>
I know how that goes, i probably "reviewed" this patch and overlooked
this wrole wtuff ...
>
next prev parent reply other threads:[~2021-02-05 21:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-03 3:31 [PATCH] another systemd misc patch Russell Coker
2021-02-05 19:44 ` Chris PeBenito
2021-02-05 20:18 ` Dominick Grift
2021-02-05 20:31 ` Chris PeBenito
2021-02-05 20:45 ` Dominick Grift [this message]
2021-10-09 10:05 Russell Coker
2021-10-27 13:09 ` Chris PeBenito
2021-10-09 10:17 Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df3be15f-7d9a-3863-521d-cab42cc9e143@defensec.nl \
--to=dominick.grift@defensec.nl \
--cc=pebenito@ieee.org \
--cc=russell@coker.com.au \
--cc=selinux-refpolicy@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).