From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB7B3C4332D for ; Wed, 20 Jan 2021 15:13:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AA5A82339E for ; Wed, 20 Jan 2021 15:13:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733055AbhATPKf (ORCPT ); Wed, 20 Jan 2021 10:10:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391005AbhATPHN (ORCPT ); Wed, 20 Jan 2021 10:07:13 -0500 Received: from agnus.defensec.nl (agnus.defensec.nl [IPv6:2001:985:d55d::711]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C4BF2C0613C1 for ; Wed, 20 Jan 2021 07:06:28 -0800 (PST) Received: from brutus (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 1A8832A06F9; Wed, 20 Jan 2021 16:06:28 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 1A8832A06F9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1611155188; bh=xbil5oAyyGd25DIM+ESoiy0cgw8VZJ+Z/WQqmSJ5ZlI=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=hZYqdzW9i50iGtIDHqD5Uaq187nHWqi98HoiCTKA7kXR/2hB48stR3DX8B/9bQ14j DSrixAMVe5WHQCU4KabOT4jSkqjwI7q3Zxa7kb7V0VoyFgBXi7PNZF64xPt1t2gecG Ahbu+bvElXsRavLZd4okv14rxLzD1oMK/tuuKKZc= From: Dominick Grift To: Russell Coker Cc: selinux-refpolicy@vger.kernel.org Subject: Re: [PATCH] misc apps and admin patches References: <10140498.mdnUOP6vMp@liv> Date: Wed, 20 Jan 2021 16:06:25 +0100 In-Reply-To: <10140498.mdnUOP6vMp@liv> (Russell Coker's message of "Thu, 21 Jan 2021 00:36:04 +1100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Russell Coker writes: > On Thursday, 21 January 2021 12:28:49 AM AEDT Dominick Grift wrote: >> > optional_policy(` >> > + init_dbus_chat(sysadm_t) >> >> Can you explain why you added this? > > Apart from the obvious that some program wanted it, no. I'll remove that bit > and add it again with a note if it's necessary. Did you like the rest of that > patch? Yes and thats my beef with this. "some program wanted it". sysadm_t is a shell domain. Any programs that need this should, in my view, ideally be targeted. If you dont want that then use unconfined_t instead and be done. I dont want sysadm_t to become a "drunken unconfined_t". -- gpg --locate-keys dominick.grift@defensec.nl Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift