From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A18CDC43441 for ; Wed, 21 Nov 2018 13:48:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7479B21479 for ; Wed, 21 Nov 2018 13:48:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7479B21479 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=selinux-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729140AbeKVAWv (ORCPT ); Wed, 21 Nov 2018 19:22:51 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42240 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727628AbeKVAWv (ORCPT ); Wed, 21 Nov 2018 19:22:51 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CC0172D7F2; Wed, 21 Nov 2018 13:48:22 +0000 (UTC) Received: from workstation (unknown [10.43.12.69]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E0BA1413F; Wed, 21 Nov 2018 13:48:21 +0000 (UTC) From: Petr Lautrbach To: selinux@vger.kernel.org Cc: Tom Gundersen , David Herrmann Subject: Re: [PATCH] dbus: remove deprecated at_console statement References: <20181116122559.30868-1-plautrba@redhat.com> Date: Wed, 21 Nov 2018 14:48:20 +0100 In-Reply-To: <20181116122559.30868-1-plautrba@redhat.com> (Petr Lautrbach's message of "Fri, 16 Nov 2018 13:25:59 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 21 Nov 2018 13:48:22 +0000 (UTC) Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org > From: Tom Gundersen > > As described in [0], this likely did not have the intended effect, so > simply remove it. The change in behavior is that up until this patch > it would be possible for any non-system user to potentially gain access > to selinux' dbus interface. Now this is extended to also allow any > system user. > > As the comment indicates, PolicyKit is used to enforce access, so this > should be perfectly harmless. > > [0]: > > Signed-off-by: Tom Gundersen > CC: David Herrmann Acked-by: Petr Lautrbach > --- > > This patch is from PR 113 - https://github.com/SELinuxProject/selinux/pull/113 > > dbus/org.selinux.conf | 6 +----- > 1 file changed, 1 insertion(+), 5 deletions(-) > > diff --git a/dbus/org.selinux.conf b/dbus/org.selinux.conf > index a3509781..1ae079d2 100644 > --- a/dbus/org.selinux.conf > +++ b/dbus/org.selinux.conf > @@ -12,12 +12,8 @@ > > > - > - > - > > - - send_interface="org.freedesktop.DBus.Introspectable"/> > + > > >