From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) by passt.top (Postfix) with ESMTPS id 2FA435A004C for ; Mon, 27 May 2024 00:28:48 +0200 (CEST) Received: by mail-qv1-xf2e.google.com with SMTP id 6a1803df08f44-6ab9d00f727so14887486d6.1 for ; Sun, 26 May 2024 15:28:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifeofadishwasher.com; s=google; t=1716762527; x=1717367327; darn=passt.top; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=grK5ho/5McgcQB5UEsbb8N0RU2KqE3MJg+EAtgPoz3o=; b=KmboLHlwc4DWkt5vFw8hGAosO0/Ld2MSdQgHhTcgBRIFRl6yVcuI9VIRUJN54VuShR PSxrmH9G1i/+F7iGPnmDjBfsSbuoIStyCpueW1QL7LATx+a2aj5xg/zyaMPuCiiSmmsN wVvwF4/5UmipKGwHP58gVrlr0xZl59LMDzoEs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716762527; x=1717367327; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=grK5ho/5McgcQB5UEsbb8N0RU2KqE3MJg+EAtgPoz3o=; b=Ib7byA0AjDnF9CmpU3RcJfOfcN8dl3v64bNy1NGrwh4EdHWXdn5Ltu3CvDwCjdNwIR Vf4DHWj8DXqV+D37W4VMRV/HKpN62sO2zvqb0MefpzlFamisIWs9UJ5Z34f3qpCxUWrp h5udqmhc2CYBx7ys2b3c44RdkRImDVDd6tXV1cGcWtQeKUsbbS9R/JfC9S1+B9edzf6R MdNhRzHbD1nY0IxqPxuXLDR8ULwLZP7Qu6nlr8dJtSx8C7ZWad5ARhQrTSaK8kqNfCjJ 1nyVcI4hlemcEDUhl9GCPG4L0x/ZeMGVQtOOPWEysj/EEihb0FA3nUgx+m3dG6+S6oOZ Imow== X-Gm-Message-State: AOJu0Yx9X7M2+XcsUS2TxLJ3ALbnwJPvyQUraQ7W2kvnl+kHMxzD0b65 ICCvMFs5lryemhCIYEfEb9qElwON06lZX1JHV5Ns6gbsgGETmrmK4/DaGzpWWcCkPUYzfMZWoUo = X-Google-Smtp-Source: AGHT+IF5sDrt41vUWqvkqFZQzGJKkcbtYUk5nPgi0lV757VupYFEm3aDr1bJtnwXW/P4ZoUFDQszWw== X-Received: by 2002:a05:6214:5a07:b0:6ad:7697:8527 with SMTP id 6a1803df08f44-6ad76978aabmr38062066d6.57.1716762526337; Sun, 26 May 2024 15:28:46 -0700 (PDT) Received: from lifeofadishwasher.com ([2601:547:1900:3230:41d8:6971:8aad:947a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6ac070c2e1fsm29145236d6.25.2024.05.26.15.28.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 May 2024 15:28:45 -0700 (PDT) Received: by lifeofadishwasher.com (sSMTP sendmail emulation); Sun, 26 May 2024 18:28:42 -0400 Date: Sun, 26 May 2024 18:28:42 -0400 From: Derek Schrock To: passt-dev@passt.top Subject: [PATCH] selinux: Allow access to user_devpts Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-MailFrom: dereks@lifeofadishwasher.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: GEV62IXEWKUDHRSDI4AWSQVBMZISKZWL X-Message-ID-Hash: GEV62IXEWKUDHRSDI4AWSQVBMZISKZWL X-Mailman-Approved-At: Mon, 27 May 2024 12:03:01 +0200 X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Allow access to user_devpts. $ pasta --version pasta 0^20240510.g7288448-1.fc40.x86_64 ... $ awk '' < /dev/null $ pasta --version $ While this might be a awk bug it appears pasta should still have access to devpts. --- contrib/selinux/pasta.te | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/selinux/pasta.te b/contrib/selinux/pasta.te index 0ceda06..4e36c3f 100644 --- a/contrib/selinux/pasta.te +++ b/contrib/selinux/pasta.te @@ -211,3 +211,4 @@ allow pasta_t ifconfig_t:process { noatsecure rlimitinh siginh }; allow pasta_t netutils_t:process { noatsecure rlimitinh siginh }; allow pasta_t ping_t:process { noatsecure rlimitinh siginh }; allow pasta_t user_tty_device_t:chr_file { append read write }; +allow pasta_t user_devpts_t:chr_file { append read write }; -- 2.45.0