From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.sws.net.au (smtp.sws.net.au [144.76.186.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AD2D78F4A for ; Sat, 23 May 2026 01:52:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.76.186.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779501142; cv=none; b=guiw58k1YCeCgfSY+fusc4B7smISkmb1uGrCH5N6V7SLM71RihbxAp+xO2smaWigJmtOTE6Vdcv5ZVeF7rDlvJfnKD5wJMnBwvqE7rZQh/stYcegIeoR+fGUqIVJinXoQzXIq8lDvo3O//J9Ha45tx0qtID2t8bhQvxfSoYUrgk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779501142; c=relaxed/simple; bh=/EFVL0+KeZONdiZtQXM4mIncVNzA4FKQpDS+jyCuYuY=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=bro6rfxnOsPJQ8bPV4Xm+vxan+NO1sJPTepG27u5ohAYzwuRQBurA/CcdJ2N56aaMFE/Km4U2y7UqrqnF3/k6Pl7JbwYTdTPEx9JZUXd1Mo48gRsqlsJQACfUgvANQ7ckwr49FdRYWN6XnMuK8cnCjJqOM973qlUDmyF/kqkvcY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au; spf=pass smtp.mailfrom=coker.com.au; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b=sQxZK6WY; arc=none smtp.client-ip=144.76.186.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=coker.com.au Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="sQxZK6WY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1779500762; bh=Rw74nPoQk+TX7yMNmqnuR2guYRDWfPCRNmrfzWSmCEY=; l=1178; h=From:To:Reply-To:Subject:Date:From; b=sQxZK6WYdn1uq0zsr+6sfg3XsNYtr/KAdBeSeTeyunobuUhEa0h2Udxt+auQ7f43j nYnJfZLjMvn0yzzHrtjgYtdC3UlCLxFSalLd5LlJeD3KS0IMzTj0sjWChFbA8yLith bdhqHUnsRm5ZHUk3CZy2+1ATT3nofeTNacOLPh5k= Received: from xev.localnet (27-32-30-135.tpgi.com.au [27.32.30.135]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 485B7F89B for ; Sat, 23 May 2026 11:46:01 +1000 (AEST) From: Russell Coker To: selinux-refpolicy@vger.kernel.org Reply-To: russell@coker.com.au Subject: denied { allowed } Date: Sat, 23 May 2026 11:45:57 +1000 Message-ID: <12900249.O9o76ZdvQC@xev> Precedence: bulk X-Mailing-List: selinux-refpolicy@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" Why do we have a permission named "allowed"? The syscall is io_uring_setup so surely "setup" would be a reasonable permission name. "allowed" gives no indication of what the permission is actually for and results in confusing log entries and policy. /var/log/audit/audit.log.1:type=AVC msg=audit(1779420151.752:71961): avc: denied { allowed } for pid=866175 comm="dig" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=io_uring permissive=0 /var/log/audit/audit.log.1:type=SYSCALL msg=audit(1779420151.752:71961): arch=c000003e syscall=425 success=no exit=-13 a0=100 a1=7ffc066fd1f0 a2=0 a3=c items=0 ppid=866150 pid=866175 auid=1027 uid=1027 gid=1028 euid=1027 suid=1027 fsuid=1027 egid=1028 sgid=1028 fsgid=1028 tty=pts1 ses=2320 comm="dig" exe="/ usr/bin/dig" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=io_uring_setup AUID="yifei" UID="yifei" GID="yifei" EUID="yifei" SUID="yifei" FSUID="yifei" EGID="yifei" SGID="yifei" FSGID="yifei" -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/