From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FF32C43441 for ; Thu, 22 Nov 2018 09:47:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3CDA220820 for ; Thu, 22 Nov 2018 09:47:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3CDA220820 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=selinux-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2393557AbeKVUZt (ORCPT ); Thu, 22 Nov 2018 15:25:49 -0500 Received: from mx1.redhat.com ([209.132.183.28]:54854 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389990AbeKVUZt (ORCPT ); Thu, 22 Nov 2018 15:25:49 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 58E753082AFC; Thu, 22 Nov 2018 09:47:06 +0000 (UTC) Received: from workstation (ovpn-204-50.brq.redhat.com [10.40.204.50]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E680470132; Thu, 22 Nov 2018 09:47:04 +0000 (UTC) From: Petr Lautrbach To: selinux@vger.kernel.org Cc: Tom Gundersen , David Herrmann Subject: Re: [PATCH] dbus: remove deprecated at_console statement References: <20181116122559.30868-1-plautrba@redhat.com> Date: Thu, 22 Nov 2018 10:47:03 +0100 In-Reply-To: (Petr Lautrbach's message of "Wed, 21 Nov 2018 14:48:20 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Thu, 22 Nov 2018 09:47:06 +0000 (UTC) Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Petr Lautrbach writes: >> From: Tom Gundersen >> >> As described in [0], this likely did not have the intended effect, so >> simply remove it. The change in behavior is that up until this patch >> it would be possible for any non-system user to potentially gain access >> to selinux' dbus interface. Now this is extended to also allow any >> system user. >> >> As the comment indicates, PolicyKit is used to enforce access, so this >> should be perfectly harmless. >> >> [0]: >> >> Signed-off-by: Tom Gundersen >> CC: David Herrmann > > Acked-by: Petr Lautrbach Merged. Thanks! >> --- >> >> This patch is from PR 113 - https://github.com/SELinuxProject/selinux/pull/113 >> >> dbus/org.selinux.conf | 6 +----- >> 1 file changed, 1 insertion(+), 5 deletions(-) >> >> diff --git a/dbus/org.selinux.conf b/dbus/org.selinux.conf >> index a3509781..1ae079d2 100644 >> --- a/dbus/org.selinux.conf >> +++ b/dbus/org.selinux.conf >> @@ -12,12 +12,8 @@ >> >> >> - >> - >> - >> >> - > - send_interface="org.freedesktop.DBus.Introspectable"/> >> + >> >> >>