From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=NuFvEDBG;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id 722325A0271
	for <passt-dev@passt.top>; Wed, 24 Dec 2025 13:05:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1766577937;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GCMNjAd1vyASMgMm6Cf0zpVh/+zdo0vYNkg24ahJb3k=;
	b=NuFvEDBG3KxzdpP3wiwr2f6hh4gGG/qLN+vpJtEpBB91H0JPsMrkWFU5E907TGKqaeJ4Ic
	s66XTYrumMBLmFOJPeXDAgevLEhrOzC7ofinL0oBNdVntOqa7KtrbiZoTg5yer6zDc+MqW
	JJ5KBtdeRJGzqWRFT8Lk9oxRENY5Xcg=
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
 [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-574-ZQDY_h5cM8COzDrv3TsfSg-1; Wed, 24 Dec 2025 07:05:36 -0500
X-MC-Unique: ZQDY_h5cM8COzDrv3TsfSg-1
X-Mimecast-MFC-AGG-ID: ZQDY_h5cM8COzDrv3TsfSg_1766577935
Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-430ffa9fccaso4782310f8f.1
        for <passt-dev@passt.top>; Wed, 24 Dec 2025 04:05:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1766577934; x=1767182734;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=GCMNjAd1vyASMgMm6Cf0zpVh/+zdo0vYNkg24ahJb3k=;
        b=jQQwqjbJecS+Dh5G9sQgV0BRDirrYol9qG3zlUZEuqWqczn/gVDNZ0McnGXIVwb/uP
         oI/W2s6pORSuu5VchZ/AWlzzRoKRCqaLVE5mQh27ST0v7KhUM45EWef3DlHp4NniZtkk
         v/3w7p6oaCGAENCsY4dWRBdNrMtkDV+6Hcvf59zNzERLldJCN4Hv2+uLok0l3JEesdk0
         gffmglD9TE4lkK4IHtII0Sgh6muYqQstv5ulO0hf4LpAi1qKgZXcpCGyobn+RLkhAgV8
         yZ+JAVfxD/rM398H2ZiXDXCgwg104qA9D2L8b6ADHAymoM5PaOT6J0ur/VnvnvnaUoxr
         Qm3A==
X-Gm-Message-State: AOJu0Yxvy310hwPHNhkVpondcM8H3logV8bCOtYbEv43Gzpt/GAaaXHv
	fBhQTjPMAuDhc6kPDqloLCFxKhhrIx3YRd08UyrA+h0GghkbZ4M6sN2rLlupBdQBVxs9KGKl89/
	3hAiqg1mfUJPnJp/mRBM9RAmyC8NmpsXvHgzQD4+9m2nysRWfo1UCUsqHbBT2Mw==
X-Gm-Gg: AY/fxX618XQwX2Id/Mb0uLZz97xPZoZh8Nv/lcCOOJLfYWSuZjYt3F3dhp5D6Zbia6t
	S6jVFg0AAA33yNZmu9E94GQJBF0xcfqXKrT/r/aPRjrb32C8hv8LLuORBrI7jQVdL9lFbsOAeki
	Q941cby/x7w2pQIBfLGSeywja4YE0sorzpy1s3aQcVtNFmg1tcni7kuS9KXA1hFfnKR/C1xH29j
	Ffy8e3Eu/+tnMWMf9V5auo1QfTFE6X6danurm6IvcoSh7N09F8Yj71e0F6lcS2tnyUxpdl/8EwY
	yl+ZkClGtPtEJ9chVNJZ8HOHYfnzJgdY4Hn/lhd1QvvwHx0wOxniDwLFnoh3JeAW8frWHZQxGGp
	asdG7PYRIF09I2Yz4cOCc
X-Received: by 2002:a5d:5888:0:b0:400:7e60:7ee0 with SMTP id ffacd0b85a97d-4324e459b1emr17809166f8f.0.1766577934355;
        Wed, 24 Dec 2025 04:05:34 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFcDfqK2Xp8sqMXNs/jeEfc5clRuK1yu8n9DlJH7W384gG+3+EjnjDH8VT3t5852eUwRPuv8g==
X-Received: by 2002:a5d:5888:0:b0:400:7e60:7ee0 with SMTP id ffacd0b85a97d-4324e459b1emr17809133f8f.0.1766577933834;
        Wed, 24 Dec 2025 04:05:33 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4327791d2f3sm473973f8f.11.2025.12.24.04.05.33
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 24 Dec 2025 04:05:33 -0800 (PST)
Date: Wed, 24 Dec 2025 13:05:31 +0100
From: Stefano Brivio <sbrivio@redhat.com>
To: Max Chernoff <git@maxchernoff.ca>
Subject: Re: [PATCH] selinux: Enable read and watch permissions on netns
 directory as well
Message-ID: <20251224130531.4b213bd1@elisabeth>
In-Reply-To: <7c3a0677a8c01c9f1e1ac03c868daab69e07f394.camel@maxchernoff.ca>
References: <20251223083137.1016281-1-sbrivio@redhat.com>
	<7c3a0677a8c01c9f1e1ac03c868daab69e07f394.camel@maxchernoff.ca>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: MyCJIJXKbg4BLSeHt0tiUt7BMJslVWptSqItwh6vTT8_1766577935
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: K7VQI3JCDEMMTQSTA2XVJ6WWCM2YDNJJ
X-Message-ID-Hash: K7VQI3JCDEMMTQSTA2XVJ6WWCM2YDNJJ
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Tuomo Soini <tis@foobar.fi>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20251224130531.4b213bd1@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/K7VQI3JCDEMMTQSTA2XVJ6WWCM2YDNJJ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Wed, 24 Dec 2025 04:36:33 -0700
Max Chernoff <git@maxchernoff.ca> wrote:

> Hi Stefano,
> 
> On Tue, 2025-12-23 at 09:31 +0100, Stefano Brivio wrote:
> > diff --git a/contrib/selinux/pasta.te b/contrib/selinux/pasta.te
> > index 95fe42a..3eb58f6 100644
> > --- a/contrib/selinux/pasta.te
> > +++ b/contrib/selinux/pasta.te
> > @@ -149,7 +149,7 @@ allow pasta_t root_t:dir mounton;
> >  manage_files_pattern(pasta_t, pasta_pid_t, pasta_pid_t)
> >  files_pid_filetrans(pasta_t, pasta_pid_t, file)
> >
> > -allow pasta_t user_tmp_t:dir { add_name remove_name search write };
> > +allow pasta_t user_tmp_t:dir { add_name read remove_name search watch write };
> >  allow pasta_t user_tmp_t:fifo_file append;
> >  allow pasta_t user_tmp_t:file { create open write };
> >  allow pasta_t user_tmp_t:sock_file { create unlink };  
> 
> I'm a bit late, but this change looks good to me.

Thanks for having a look! I'm relieved. :)

-- 
Stefano