From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=K6mJkQ8R; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=xm2q5pzj; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=W2x6PlyI; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=obSK6xY6; dkim-atps=neutral Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2a07:de40:b251:101:10:150:64:2]) by passt.top (Postfix) with ESMTPS id B14025A0262 for ; Wed, 01 Apr 2026 14:12:49 +0200 (CEST) Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id E0B405BD5F; Wed, 1 Apr 2026 12:12:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1775045567; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Cm2jH/cKt5SJTR1QWFAPH3bbQezQpQKvRrQ9tnUimiE=; b=K6mJkQ8R16nzjNzU2XUhCAe8n0gQSz6PJnyMx0lqjvXqjksK7rfrALVPT44gYDjs6Y3QBW aQzauxwvz9akqgLYC04UkH40FTnoUuollVf2XsmWkpKwFI7HAInrEgY3RKk64ihZPr5LCG UoAZOEMtaI0J6Xsh2Fo+AGQjWhMVHAI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1775045567; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Cm2jH/cKt5SJTR1QWFAPH3bbQezQpQKvRrQ9tnUimiE=; b=xm2q5pzjnn+9ZF1h8vyPG3xBq8ym5L7joMAL28dybc9HX76Ztzr4fmeW2hVOnD7h8tMQzD 4D3cEp5odQPMJZDQ== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1775045566; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Cm2jH/cKt5SJTR1QWFAPH3bbQezQpQKvRrQ9tnUimiE=; b=W2x6PlyIkwygZKNI7Qq2lyafCp/yOS7Ywy882xgZxZtaC5D1Cik2NTbPeGsBIDGmuSTWgh DMiSMwB1GojAo0hSqZYlSM5mHHrTxE1WYC1cEcMq+UuCakshbm0c0kybKn/D+EezWHU9MF IMqL6Mg56xzASQ+B1ifupMOpC+9WaMY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1775045566; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Cm2jH/cKt5SJTR1QWFAPH3bbQezQpQKvRrQ9tnUimiE=; b=obSK6xY6O9oyKIMLnsl/39hwj5o8YZjJJGw/kzkpJDsTEAMLeBuzS3FtsjW1B+ownOzgEz N+jsKkSIQCeA/8Ag== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id C59224A0B0; Wed, 1 Apr 2026 12:12:46 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id IlMqL74LzWnUcwAAD6G6ig (envelope-from ); Wed, 01 Apr 2026 12:12:46 +0000 Date: Wed, 1 Apr 2026 14:12:45 +0200 From: Johannes Segitz To: Stefano Brivio Subject: Re: [PATCH] SELinux: Dontaudit access to dri devices Message-ID: References: <20260330110557.2569119-1-jsegitz@suse.de> <20260330171541.15a8b5d0@elisabeth> <20260331214758.227f3fac@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fVtzSsxWTzS6hQwG" Content-Disposition: inline In-Reply-To: <20260331214758.227f3fac@elisabeth> X-Spam-Score: -6.40 X-Spam-Level: X-Spamd-Result: default: False [-6.40 / 50.00]; BAYES_HAM(-3.00)[100.00%]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; MISSING_XM_UA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:mid,imap1.dmz-prg2.suse.org:helo] X-Spam-Flag: NO X-MailFrom: jsegitz@suse.de X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: COL2RTA6YOGB26XF7K4AKEZNMZR4ISSG X-Message-ID-Hash: COL2RTA6YOGB26XF7K4AKEZNMZR4ISSG X-Mailman-Approved-At: Wed, 01 Apr 2026 14:20:43 +0200 CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --fVtzSsxWTzS6hQwG Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 31, 2026 at 09:47:59PM +0200, Stefano Brivio wrote: > Assuming that the kernel version is >=3D 5.9 (otherwise we don't have > close_range() at all), you could try something like this: >=20 > --- > diff --git a/passt.c b/passt.c > index f84419c..d5dad4c 100644 > --- a/passt.c > +++ b/passt.c > @@ -340,6 +340,8 @@ int main(int argc, char **argv) > struct timespec now; > struct sigaction sa; > =20 > + close_range(STDERR_FILENO + 1, ~0U, CLOSE_RANGE_UNSHARE); > + > if (clock_gettime(CLOCK_MONOTONIC, &log_start)) > die_perror("Failed to get CLOCK_MONOTONIC time"); > =20 > --- Thanks. I've build an updated package for the reporter and will let you know once I get feedback from him Johannes --=20 GPG Key EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0 Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66 SUSE Software Solutions Germany GmbH, Frankenstr. 146, 90461 N=FCrnberg, Ge= rmany Gesch=E4ftsf=FChrer: Jochen Jaser, Andrew McDonald, Werner Knoblich, (HRB 3= 6809, AG N=FCrnberg) --fVtzSsxWTzS6hQwG Content-Type: application/pgp-signature; name=signature.asc Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEJQ9D9ffObx6cWU+VvCfdnSzE/WYFAmnNC70bFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwyAAoJELwn3Z0sxP1m5KUP/jNkTwZ+XAK29Lx/w0lp wfJAD3hOBxK9nW+/NIm7CDICSKVJwjPMmpGN4VvRD6EoRVO3d59H3b+5V68ULZYq 7h9xwA+TNxZWVwyKRb8MI1aLzFqj/YWru3zUbSXsIXS6rY1Dl+M4AZiBiEP7cpoX /jLho1I7qJUFX3QoJ/M3MXngmQZ+EmP7UFaUQH6ix4jxem0tw7PdlhTHWjRGfDDc sdZetNsVbUNtQ4b3WW4zrw8I1ZRimuSSERvbz0Jq8QGVO6U6K0LBgB5WwElMA9qS kMOHcL2vGgyUVdiehGtvWnFFCKIK+t49+eyRWXzkFs6/gKCuUxGzIwkkC2sM/WrZ ndwDrhrUA7mDJS38oXbu6HMQy+hrtHNEk6GhC51IjGcBl1V0YXNlazbGpFeud6CZ I7wN6QQz+S35MKu40CJdpmre34567gJ0zS+cIy2mFGbMIhQOp/r3QcRyRwKcyeGU Skg677pLOUC830llk9WlLVLKc8hfa5lK5zMz+xynIDdeeLCO/laiQrPX4w2RIEjv mBlGMhpC6gGgKksKIEvfGS48TrXC23huM0+8doti7T1pqUjRDNky8h+U+L6V1WnX G+CKmaDVwnu0ZUQXKs+hXtvBhHkYjAENVLlkR5J/bzMN1jBjqe9t5rzd/Y6rrj7z o2q6mXoM/sukWIddviSQEIyI =7kBT -----END PGP SIGNATURE----- --fVtzSsxWTzS6hQwG--