From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=protonmail.com
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=zRDnvqfc;
	dkim-atps=neutral
Received: from mail-106101.protonmail.ch (mail-106101.protonmail.ch [79.135.106.101])
	by passt.top (Postfix) with ESMTPS id E515A5A0620
	for <passt-dev@passt.top>; Sat, 01 Mar 2025 22:48:52 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
	s=protonmail3; t=1740865731; x=1741124931;
	bh=u+NocgHfqfAgdYzhmIm3VJ04/DN8VZULBeblBtKdpMM=;
	h=Date:To:From:Subject:Message-ID:In-Reply-To:References:
	 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
	 Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post;
	b=zRDnvqfc+sT+Mh9NOJ9997hc4Cz8uhWQA/a0ednFJJPYJ1qNdJULBsTx7odO7fTah
	 qByDhki2/4bdsKLiz0txy56RVG4CiSxrzbg3gsaUI9em5Se0notSod2vM/xEIkuP+I
	 k0/xdJf2gPrZs0u62gh2OCZNy7+A4VcDB1UtT54iW9XwYlTJzEQeFZVdCcjw8GT7KH
	 uiclo9DUXqaAwCAV1soIrN4Rhy1Mr9atsagRKBzStMZehlNLIzdth+z/p0AnyBdBV3
	 OWkKCskBKHrLz0efdq9fCE9OsQl4UOan9LEN8QdjZAHmEErcsiN7B2tk6+0ySQYIKC
	 xU8+Mnc1keRxg==
To: "passt-dev@passt.top" <passt-dev@passt.top>
From: 7ppKb5bW <pONy4THS@protonmail.com>
Subject: Re: [PATCH] pasta.te: fix demo.sh and remove one duplicate rule
Message-ID: <ggrgrY5P8dN27EG2XH5ZRZusen99hHDlZg6-YvaHp1ozrr2HQHuAr9ilrVRjbti6j6gfE6Q3Y3vTUGoI0GZH7xjlw-k5PVbL9dPacKxBMqA=@protonmail.com>
In-Reply-To: <BD40k8OG-5BpMWJgJn-GLY9qNZqrSUJCl3S0x2c_1cnn4DUl6azPh8w_Iiw6lIcT0BjV1T61XTalZM9rDhMT50kntShD8Jfcnj6AFjyHMuM=@protonmail.com>
References: <BD40k8OG-5BpMWJgJn-GLY9qNZqrSUJCl3S0x2c_1cnn4DUl6azPh8w_Iiw6lIcT0BjV1T61XTalZM9rDhMT50kntShD8Jfcnj6AFjyHMuM=@protonmail.com>
Feedback-ID: 42387216:user:proton
X-Pm-Message-ID: 49365e780a9463947a24576e6d77099ad43e1b1f
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-MailFrom: pONy4THS@protonmail.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: UD33YV3XUQ5KJCCWDQFJBNHNJ7FUCW4I
X-Message-ID-Hash: UD33YV3XUQ5KJCCWDQFJBNHNJ7FUCW4I
X-Mailman-Approved-At: Mon, 03 Mar 2025 17:10:42 +0100
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ggrgrY5P8dN27EG2XH5ZRZusen99hHDlZg6-YvaHp1ozrr2HQHuAr9ilrVRjbti6j6gfE6Q3Y3vTUGoI0GZH7xjlw-k5PVbL9dPacKxBMqA=@protonmail.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/UD33YV3XUQ5KJCCWDQFJBNHNJ7FUCW4I/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>
Date: Sat, 01 Mar 2025 21:48:53 
X-Original-Date: Sat, 01 Mar 2025 21:48:45 +0000

> ---
> contrib/selinux/pasta.te | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>=20
> diff --git a/contrib/selinux/pasta.te b/contrib/selinux/pasta.te
> index 69be081..d0ff0cc 100644
> --- a/contrib/selinux/pasta.te
> +++ b/contrib/selinux/pasta.te
> @@ -171,7 +171,7 @@ allow pasta_t init_t:lnk_file read;
> allow pasta_t init_t:unix_stream_socket connectto;
> allow pasta_t init_t:dbus send_msg;
> allow pasta_t init_t:system status;
> -allow pasta_t unconfined_t:dir search;
> +allow pasta_t unconfined_t:dir { read search };
> allow pasta_t unconfined_t:file read;
> allow pasta_t unconfined_t:lnk_file read;
> allow pasta_t self:process { setpgid setcap };
> @@ -192,8 +192,6 @@ allow pasta_t sysctl_net_t:dir search;
> allow pasta_t sysctl_net_t:file { open read write };
> allow pasta_t kernel_t:system module_request;
>=20
> -allow pasta_t nsfs_t:file read;
> -
> allow pasta_t proc_t:dir mounton;
> allow pasta_t proc_t:filesystem mount;
> allow pasta_t net_conf_t:lnk_file read;
> --

Sorry, it should be " allow pasta_t unconfined_t:dir { open read search }; =
"