* [v2 PATCH 1/1] Skip writing role attributes for policy.X and downgraded pp.
2011-08-16 8:08 v2 Skip role attributes for policy.X and downgraded pp Harry Ciao
@ 2011-08-16 8:08 ` Harry Ciao
2011-08-22 13:47 ` v2 Skip " HarryCiao
2011-08-22 16:09 ` Christopher J. PeBenito
2 siblings, 0 replies; 7+ messages in thread
From: Harry Ciao @ 2011-08-16 8:08 UTC (permalink / raw)
To: slawrence; +Cc: selinux
Role attributes are redundant for policy.X, their destiny has been
fulfilled in the expand phase when their types.types ebitmap have
been populated to that of their sub regular roles.
When pp is downgraded, role_datum_t's the flavor flag and roles
ebitmap would be discarded, resulting in role attributes useless
at all. So for such case they should also be skipped.
Deduct the number of role attributes from p_roles.table->nel when
they are skipped.
Last, uncount attributes number before converting endianness.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
---
libsepol/src/write.c | 42 +++++++++++++++++++++++++++++++++++++++++-
1 files changed, 41 insertions(+), 1 deletions(-)
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 290e036..374a952 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -972,6 +972,19 @@ static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
role = (role_datum_t *) datum;
+ /*
+ * Role attributes are redundant for policy.X, skip them
+ * when writing the roles symbol table. They are also skipped
+ * when pp is downgraded.
+ *
+ * Their numbers would be deducted in policydb_write().
+ */
+ if ((role->flavor == ROLE_ATTRIB) &&
+ ((p->policy_type == POLICY_KERN) ||
+ (p->policy_type != POLICY_KERN &&
+ p->policyvers < MOD_POLICYDB_VERSION_ROLEATTRIB)))
+ return POLICYDB_SUCCESS;
+
len = strlen(key);
items = 0;
buf[items++] = cpu_to_le32(len);
@@ -1795,6 +1808,19 @@ static int type_attr_uncount(hashtab_key_t key __attribute__ ((unused)),
return 0;
}
+static int role_attr_uncount(hashtab_key_t key __attribute__ ((unused)),
+ hashtab_datum_t datum, void *args)
+{
+ role_datum_t *role = datum;
+ uint32_t *p_nel = args;
+
+ if (role->flavor == ROLE_ATTRIB) {
+ /* uncount attribute from total number of roles */
+ (*p_nel)--;
+ }
+ return 0;
+}
+
/*
* Write the configuration data in a policy database
* structure to a policy database binary representation
@@ -1926,7 +1952,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
num_syms = info->sym_num;
for (i = 0; i < num_syms; i++) {
buf[0] = cpu_to_le32(p->symtab[i].nprim);
- buf[1] = cpu_to_le32(p->symtab[i].table->nel);
+ buf[1] = p->symtab[i].table->nel;
/*
* A special case when writing type/attribute symbol table.
@@ -1939,6 +1965,20 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
p->policy_type == POLICY_KERN) {
hashtab_map(p->symtab[i].table, type_attr_uncount, &buf[1]);
}
+
+ /*
+ * Another special case when writing role/attribute symbol
+ * table, role attributes are redundant for policy.X, or
+ * when the pp's version is not big enough. So deduct
+ * their numbers from p_roles.table->nel.
+ */
+ if ((i == SYM_ROLES) &&
+ ((p->policy_type == POLICY_KERN) ||
+ (p->policy_type != POLICY_KERN &&
+ p->policyvers < MOD_POLICYDB_VERSION_ROLEATTRIB)))
+ hashtab_map(p->symtab[i].table, role_attr_uncount, &buf[1]);
+
+ buf[1] = cpu_to_le32(buf[1]);
items = put_entry(buf, sizeof(uint32_t), 2, fp);
if (items != 2)
return POLICYDB_ERROR;
--
1.7.0.4
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 7+ messages in thread* RE: v2 Skip role attributes for policy.X and downgraded pp
2011-08-16 8:08 v2 Skip role attributes for policy.X and downgraded pp Harry Ciao
2011-08-16 8:08 ` [v2 PATCH 1/1] Skip writing " Harry Ciao
@ 2011-08-22 13:47 ` HarryCiao
2011-08-22 14:04 ` Eric Paris
2011-08-22 16:09 ` Christopher J. PeBenito
2 siblings, 1 reply; 7+ messages in thread
From: HarryCiao @ 2011-08-22 13:47 UTC (permalink / raw)
To: slawrence; +Cc: selinux
[-- Attachment #1: Type: text/plain, Size: 3116 bytes --]
Hi Steve, How do you feel about this patch? Right now I am trying to test my patchset to separate tunables from booleans, unfortunately one of them would have to be based on this patch. Once you are happy with it and merge it, I could create my patchset based on the latest master branch. Thanks a lot! Best regards,Harry
> From: qingtao.cao@windriver.com
> To: slawrence@tresys.com
> CC: selinux@tycho.nsa.gov
> Subject: v2 Skip role attributes for policy.X and downgraded pp
> Date: Tue, 16 Aug 2011 16:08:51 +0800
>
>
> Differnece from v1
> --------------------
> 1. Skip role attributes when pp is downgraded, as well as for policy.X.
>
> When pp is downgraded the flavor flag and roles ebitmap would be
> discarded, resulting in role attributes useless at all. So in such
> case role attributes should be skipped for pp too.
>
>
> Tests I've done
> -----------------
> 1. Apply the role attribute test patch from Chris, adding a new test_r
> role and calls rpm_run() for it.
>
> 2. Use the apol tool to analyze what types the test_r role could type with:
> (Since the apol installed on Ubuntu so far only support max version .24,
> we need to setup "policy-version = 24" in semanage.conf)
>
> Note:
> . There is no role attributes such as portage/semanage/rpm_roles in policy.24
> . By default pp's version is 13.
>
> test_r (36 types)
> bootloader_t
> chfn_t
> chkpwd_t
> consoletype_t
> ddclient_t
> depmod_t
> dhcpc_t
> groupadd_t
> hostname_t
> ifconfig_t
> insmod_t
> iptables_t
> ldconfig_t
> load_policy_t
> loadkeys_t
> lvm_t
> netutils_t
> newrole_t
> nscd_t
> pam_t
> passwd_t
> ping_t
> pppd_t
> pptp_t
> prelink_t
> rpm_script_t
> rpm_t
> semanage_t
> setfiles_t
> test_t
> traceroute_t
> tzdata_t
> updpwd_t
> useradd_t
> usernetctl_t
> utempter_t
>
> 3. In write_binary_policy() in checkmodule.c, trigger pp downgrade
> by adding "policyvers = MOD_POLICYDB_VERSION_MAX - 1;", then use
> apol to analyze what types the test_r role could type with:
>
> Note:
> . After downgrade, pp's version is 12 now.
>
> test_r (22 types)
> chfn_t
> chkpwd_t
> consoletype_t
> ddclient_t
> dhcpc_t
> hostname_t
> ifconfig_t
> insmod_t
> iptables_t
> loadkeys_t
> netutils_t
> newrole_t
> pam_t
> passwd_t
> ping_t
> pppd_t
> pptp_t
> test_t
> traceroute_t
> updpwd_t
> usernetctl_t
> utempter_t
>
> Where we can see that test_r could no longer type with all those
> types that are typed by rpm_roles and semanage_roles.
>
> (BTW, this means that once role attributes are endorsed in refpolicy,
> the influence of pp downgrade could be far-reaching and perhaps
> undesirable.)
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
[-- Attachment #2: Type: text/html, Size: 4075 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: v2 Skip role attributes for policy.X and downgraded pp
2011-08-22 13:47 ` v2 Skip " HarryCiao
@ 2011-08-22 14:04 ` Eric Paris
0 siblings, 0 replies; 7+ messages in thread
From: Eric Paris @ 2011-08-22 14:04 UTC (permalink / raw)
To: HarryCiao; +Cc: slawrence, selinux
I've applied to the 'queue' branch and will likely send along in my
next push, probably some time this week. In the mean time you could
develop against the queue branch. Be aware that the 'queue' branch
constantly rebases and should not been seen as anything more than a
random snapshot in time of my personal development. Side note is that
if you send me a patch based off of a queue branch snapshot it'll
likely apply to whatever I have, and if it doesn't I'll likely be able
to figure out why.
-Eric
2011/8/22 HarryCiao <harrytaurus2002@hotmail.com>:
> Hi Steve,
>
> How do you feel about this patch? Right now I am trying to test my patchset
> to separate tunables from booleans, unfortunately one of them would have to
> be based on this patch. Once you are happy with it and merge it, I could
> create my patchset based on the latest master branch.
>
> Thanks a lot!
>
> Best regards,
> Harry
>
>> From: qingtao.cao@windriver.com
>> To: slawrence@tresys.com
>> CC: selinux@tycho.nsa.gov
>> Subject: v2 Skip role attributes for policy.X and downgraded pp
>> Date: Tue, 16 Aug 2011 16:08:51 +0800
>>
>>
>> Differnece from v1
>> --------------------
>> 1. Skip role attributes when pp is downgraded, as well as for policy.X.
>>
>> When pp is downgraded the flavor flag and roles ebitmap would be
>> discarded, resulting in role attributes useless at all. So in such
>> case role attributes should be ! skipped for pp too.
>>
>>
>> Tests I've done
>> -----------------
>> 1. Apply the role attribute test patch from Chris, adding a new test_r
>> role and calls rpm_run() for it.
>>
>> 2. Use the apol tool to analyze what types the test_r role could type
>> with:
>> (Since the apol installed on Ubuntu so far only support max version .24,
>> we need to setup "policy-version = 24" in semanage.conf)
>>
>> Note:
>> . There is no role attributes such as portage/semanage/rpm_roles in
>> policy.24
>> . By default pp's version is 13.
>>
>> test_r (36 types)
>> bootloader_t
>> chfn_t
>> chkpwd_t
>> consoletype_t
>> ddclient_t
>> depmod_t
>> dhcpc_t
>> groupadd_t
>> hostname_t
>> ifconfig_t
>> insmod_t
>> iptables_t
>> ldconfig_t
>> load_policy_t
>> loadkeys_t!
>> lvm_t
>> netutils_t
>> newrole_t
> > ; nscd_t
>> pam_t
>> passwd_t
>> ping_t
>> pppd_t
>> pptp_t
>> prelink_t
>> rpm_script_t
>> rpm_t
>> semanage_t
>> setfiles_t
>> test_t
>> traceroute_t
>> tzdata_t
>> updpwd_t
>> useradd_t
>> usernetctl_t
>> utempter_t
>>
>> 3. In write_binary_policy() in checkmodule.c, trigger pp downgrade
>> by adding "policyvers = MOD_POLICYDB_VERSION_MAX - 1;", then use
>> apol to analyze what types the test_r role could type with:
>>
>> Note:
>> . After downgrade, pp's version is 12 now.
>>
>> test_r (22 types)
>> chfn_t
>> chkpwd_t
>> consoletype_t
>> ddclient_t
>> dhcpc_t
>> hostname_t
>> ifconfig_t
>> insmod_t
>> iptables_t
>> loadkeys_t
>> netutils_t
>> newrole_t
> >! ; pam_t
>> passwd_t
>> ping_t
>> pppd_t
>> pptp_t
>> test_t
>> traceroute_t
>> updpwd_t
>> usernetctl_t
>> utempter_t
>>
>> Where we can see that test_r could no longer type with all those
>> types that are typed by rpm_roles and semanage_roles.
>>
>> (BTW, this means that once role attributes are endorsed in refpolicy,
>> the influence of pp downgrade could be far-reaching and perhaps
>> undesirable.)
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
>> with
>> the words "unsubscribe selinux" without quotes as the message.
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: v2 Skip role attributes for policy.X and downgraded pp
2011-08-16 8:08 v2 Skip role attributes for policy.X and downgraded pp Harry Ciao
2011-08-16 8:08 ` [v2 PATCH 1/1] Skip writing " Harry Ciao
2011-08-22 13:47 ` v2 Skip " HarryCiao
@ 2011-08-22 16:09 ` Christopher J. PeBenito
2011-08-23 1:08 ` Harry Ciao
2 siblings, 1 reply; 7+ messages in thread
From: Christopher J. PeBenito @ 2011-08-22 16:09 UTC (permalink / raw)
To: Harry Ciao; +Cc: slawrence, selinux
On 08/16/11 04:08, Harry Ciao wrote:
>
> Differnece from v1
> --------------------
> 1. Skip role attributes when pp is downgraded, as well as for policy.X.
>
> When pp is downgraded the flavor flag and roles ebitmap would be
> discarded, resulting in role attributes useless at all. So in such
> case role attributes should be skipped for pp too.
>
>
> Tests I've done
> -----------------
> 1. Apply the role attribute test patch from Chris, adding a new test_r
> role and calls rpm_run() for it.
>
> 2. Use the apol tool to analyze what types the test_r role could type with:
> (Since the apol installed on Ubuntu so far only support max version .24,
> we need to setup "policy-version = 24" in semanage.conf)
>
> Note:
> . There is no role attributes such as portage/semanage/rpm_roles in policy.24
> . By default pp's version is 13.
>
> test_r (36 types)
> bootloader_t
> chfn_t
> chkpwd_t
> consoletype_t
> ddclient_t
> depmod_t
> dhcpc_t
> groupadd_t
> hostname_t
> ifconfig_t
> insmod_t
> iptables_t
> ldconfig_t
> load_policy_t
> loadkeys_t
> lvm_t
> netutils_t
> newrole_t
> nscd_t
> pam_t
> passwd_t
> ping_t
> pppd_t
> pptp_t
> prelink_t
> rpm_script_t
> rpm_t
> semanage_t
> setfiles_t
> test_t
> traceroute_t
> tzdata_t
> updpwd_t
> useradd_t
> usernetctl_t
> utempter_t
>
> 3. In write_binary_policy() in checkmodule.c, trigger pp downgrade
> by adding "policyvers = MOD_POLICYDB_VERSION_MAX - 1;", then use
> apol to analyze what types the test_r role could type with:
>
> Note:
> . After downgrade, pp's version is 12 now.
>
> test_r (22 types)
> chfn_t
> chkpwd_t
> consoletype_t
> ddclient_t
> dhcpc_t
> hostname_t
> ifconfig_t
> insmod_t
> iptables_t
> loadkeys_t
> netutils_t
> newrole_t
> pam_t
> passwd_t
> ping_t
> pppd_t
> pptp_t
> test_t
> traceroute_t
> updpwd_t
> usernetctl_t
> utempter_t
>
> Where we can see that test_r could no longer type with all those
> types that are typed by rpm_roles and semanage_roles.
>
> (BTW, this means that once role attributes are endorsed in refpolicy,
> the influence of pp downgrade could be far-reaching and perhaps
> undesirable.)
I would not say this is undesirable, but broken instead. The attributes
should be expanded out so the role has the same type set regardless of
the policydb version.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: v2 Skip role attributes for policy.X and downgraded pp
2011-08-22 16:09 ` Christopher J. PeBenito
@ 2011-08-23 1:08 ` Harry Ciao
2011-08-23 13:47 ` Christopher J. PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Harry Ciao @ 2011-08-23 1:08 UTC (permalink / raw)
To: Christopher J. PeBenito; +Cc: slawrence, selinux
Christopher J. PeBenito 写道:
> On 08/16/11 04:08, Harry Ciao wrote:
>
>> Differnece from v1
>> --------------------
>> 1. Skip role attributes when pp is downgraded, as well as for policy.X.
>>
>> When pp is downgraded the flavor flag and roles ebitmap would be
>> discarded, resulting in role attributes useless at all. So in such
>> case role attributes should be skipped for pp too.
>>
>>
>> Tests I've done
>> -----------------
>> 1. Apply the role attribute test patch from Chris, adding a new test_r
>> role and calls rpm_run() for it.
>>
>> 2. Use the apol tool to analyze what types the test_r role could type with:
>> (Since the apol installed on Ubuntu so far only support max version .24,
>> we need to setup "policy-version = 24" in semanage.conf)
>>
>> Note:
>> . There is no role attributes such as portage/semanage/rpm_roles in policy.24
>> . By default pp's version is 13.
>>
>> test_r (36 types)
>> bootloader_t
>> chfn_t
>> chkpwd_t
>> consoletype_t
>> ddclient_t
>> depmod_t
>> dhcpc_t
>> groupadd_t
>> hostname_t
>> ifconfig_t
>> insmod_t
>> iptables_t
>> ldconfig_t
>> load_policy_t
>> loadkeys_t
>> lvm_t
>> netutils_t
>> newrole_t
>> nscd_t
>> pam_t
>> passwd_t
>> ping_t
>> pppd_t
>> pptp_t
>> prelink_t
>> rpm_script_t
>> rpm_t
>> semanage_t
>> setfiles_t
>> test_t
>> traceroute_t
>> tzdata_t
>> updpwd_t
>> useradd_t
>> usernetctl_t
>> utempter_t
>>
>> 3. In write_binary_policy() in checkmodule.c, trigger pp downgrade
>> by adding "policyvers = MOD_POLICYDB_VERSION_MAX - 1;", then use
>> apol to analyze what types the test_r role could type with:
>>
>> Note:
>> . After downgrade, pp's version is 12 now.
>>
>> test_r (22 types)
>> chfn_t
>> chkpwd_t
>> consoletype_t
>> ddclient_t
>> dhcpc_t
>> hostname_t
>> ifconfig_t
>> insmod_t
>> iptables_t
>> loadkeys_t
>> netutils_t
>> newrole_t
>> pam_t
>> passwd_t
>> ping_t
>> pppd_t
>> pptp_t
>> test_t
>> traceroute_t
>> updpwd_t
>> usernetctl_t
>> utempter_t
>>
>> Where we can see that test_r could no longer type with all those
>> types that are typed by rpm_roles and semanage_roles.
>>
>> (BTW, this means that once role attributes are endorsed in refpolicy,
>> the influence of pp downgrade could be far-reaching and perhaps
>> undesirable.)
>>
>
> I would not say this is undesirable, but broken instead. The attributes
> should be expanded out so the role has the same type set regardless of
> the policydb version.
>
>
I agree, originally I would use "broken" too. Since the flavor flag and
roles ebitmap won't be written into pp while module downgraded for
compatibility issues, the relationships between role attributes and
regular roles would be entirely wiped out, no chance could the role
attributes ever be expanded during link and expansion.
That's why I've decided not to write role attribute at all for
downgraded modules.
Agree?
Thanks,
Harry
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: v2 Skip role attributes for policy.X and downgraded pp
2011-08-23 1:08 ` Harry Ciao
@ 2011-08-23 13:47 ` Christopher J. PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2011-08-23 13:47 UTC (permalink / raw)
To: qingtao.cao; +Cc: slawrence, selinux
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1252", Size: 3716 bytes --]
On 08/22/11 21:08, Harry Ciao wrote:
> Christopher J. PeBenito 写道:
>> On 08/16/11 04:08, Harry Ciao wrote:
>>
>>> Differnece from v1
>>> --------------------
>>> 1. Skip role attributes when pp is downgraded, as well as for policy.X.
>>>
>>> When pp is downgraded the flavor flag and roles ebitmap would be
>>> discarded, resulting in role attributes useless at all. So in such
>>> case role attributes should be skipped for pp too.
>>>
>>>
>>> Tests I've done
>>> -----------------
>>> 1. Apply the role attribute test patch from Chris, adding a new test_r
>>> role and calls rpm_run() for it.
>>>
>>> 2. Use the apol tool to analyze what types the test_r role could type with:
>>> (Since the apol installed on Ubuntu so far only support max version .24,
>>> we need to setup "policy-version = 24" in semanage.conf)
>>>
>>> Note:
>>> . There is no role attributes such as portage/semanage/rpm_roles in policy.24
>>> . By default pp's version is 13.
>>>
>>> test_r (36 types)
>>> bootloader_t
>>> chfn_t
>>> chkpwd_t
>>> consoletype_t
>>> ddclient_t
>>> depmod_t
>>> dhcpc_t
>>> groupadd_t
>>> hostname_t
>>> ifconfig_t
>>> insmod_t
>>> iptables_t
>>> ldconfig_t
>>> load_policy_t
>>> loadkeys_t
>>> lvm_t
>>> netutils_t
>>> newrole_t
>>> nscd_t
>>> pam_t
>>> passwd_t
>>> ping_t
>>> pppd_t
>>> pptp_t
>>> prelink_t
>>> rpm_script_t
>>> rpm_t
>>> semanage_t
>>> setfiles_t
>>> test_t
>>> traceroute_t
>>> tzdata_t
>>> updpwd_t
>>> useradd_t
>>> usernetctl_t
>>> utempter_t
>>>
>>> 3. In write_binary_policy() in checkmodule.c, trigger pp downgrade
>>> by adding "policyvers = MOD_POLICYDB_VERSION_MAX - 1;", then use
>>> apol to analyze what types the test_r role could type with:
>>>
>>> Note:
>>> . After downgrade, pp's version is 12 now.
>>>
>>> test_r (22 types)
>>> chfn_t
>>> chkpwd_t
>>> consoletype_t
>>> ddclient_t
>>> dhcpc_t
>>> hostname_t
>>> ifconfig_t
>>> insmod_t
>>> iptables_t
>>> loadkeys_t
>>> netutils_t
>>> newrole_t
>>> pam_t
>>> passwd_t
>>> ping_t
>>> pppd_t
>>> pptp_t
>>> test_t
>>> traceroute_t
>>> updpwd_t
>>> usernetctl_t
>>> utempter_t
>>>
>>> Where we can see that test_r could no longer type with all those
>>> types that are typed by rpm_roles and semanage_roles.
>>>
>>> (BTW, this means that once role attributes are endorsed in refpolicy,
>>> the influence of pp downgrade could be far-reaching and perhaps
>>> undesirable.)
>>>
>>
>> I would not say this is undesirable, but broken instead. The attributes
>> should be expanded out so the role has the same type set regardless of
>> the policydb version.
>>
>>
> I agree, originally I would use "broken" too. Since the flavor flag and
> roles ebitmap won't be written into pp while module downgraded for
> compatibility issues, the relationships between role attributes and
> regular roles would be entirely wiped out, no chance could the role
> attributes ever be expanded during link and expansion.
>
> That's why I've decided not to write role attribute at all for
> downgraded modules.
>
> Agree?
I missed that this was a limitation only for downgrading modules. It
makes sense that there isn't anything you can do about this.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread