From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: "Maciej Żenczykowski" <zenczykowski@gmail.com>
Cc: "David S . Miller" <davem@davemloft.net>,
Linux NetDev <netdev@vger.kernel.org>,
Sean Tranchetti <stranche@codeaurora.org>,
Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>,
Eric Dumazet <edumazet@google.com>,
Linux SCTP <linux-sctp@vger.kernel.org>
Subject: Re: [PATCH] net: introduce ip_local_unbindable_ports sysctl
Date: Wed, 4 Dec 2019 15:27:03 -0300 [thread overview]
Message-ID: <20191204182703.GA5057@localhost.localdomain> (raw)
In-Reply-To: <CAHo-OowLw93a8P=RR=2jXQS92d118L3bNmBrUfPSBP4CDq_Ctg@mail.gmail.com>
On Fri, Nov 29, 2019 at 09:00:19PM +0100, Maciej Żenczykowski wrote:
...
> I'm of the opinion that SELinux and other security policy modules
> should be reserved for things related to system wide security policy.
> Not for things that are more along the lines of 'functionality'.
Makes sense.
>
> Also selinux has 'permissive' mode which causes the system to ignore
> all selinux access controls (in favour of just logging) and this is
> what is commonly used during development (because it's such a pain to
> work with).
Agree, this would be a big problem.
IOW, "you don't have permission to access to this" != "you just can't use this, no
matter what"
FWIW, I rest my case :-)
Thanks,
Marcelo
next prev parent reply other threads:[~2019-12-04 18:27 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-27 0:13 [PATCH] net: introduce ip_local_unbindable_ports sysctl Maciej Żenczykowski
2019-11-27 2:10 ` subashab
2019-11-27 13:14 ` Marcelo Ricardo Leitner
2019-11-27 20:50 ` Maciej Żenczykowski
2019-11-27 22:33 ` David Miller
2019-11-27 23:00 ` Marcelo Ricardo Leitner
2019-11-29 20:00 ` Maciej Żenczykowski
2019-12-04 18:27 ` Marcelo Ricardo Leitner [this message]
2019-12-09 22:43 ` Maciej Żenczykowski
2019-12-09 22:45 ` [PATCH v2] " Maciej Żenczykowski
2019-12-09 23:42 ` Jakub Kicinski
2019-12-10 0:02 ` Maciej Żenczykowski
2019-12-10 0:18 ` Jakub Kicinski
2019-12-10 7:00 ` subashab
2019-12-10 11:46 ` Maciej Żenczykowski
2019-12-10 17:31 ` Jakub Kicinski
2019-12-13 0:16 ` Lorenzo Colitti
2019-12-13 0:47 ` Jakub Kicinski
2019-12-13 0:57 ` Lorenzo Colitti
2019-12-13 1:53 ` subashab
2019-12-13 2:04 ` Jakub Kicinski
2019-12-10 19:28 ` David Miller
[not found] ` <0101016eee9bf9b5-f5615781-f0a6-41c4-8e9d-ed694eccf07c-000000@us-west-2.amazonses.com>
2019-12-10 17:12 ` Jakub Kicinski
2019-12-10 18:12 ` subashab
2019-12-13 0:25 ` [PATCH] " Lorenzo Colitti
2019-12-13 11:49 ` Neil Horman
2019-12-19 9:35 ` Lorenzo Colitti
2019-12-19 13:17 ` Neil Horman
2019-12-19 14:02 ` Lorenzo Colitti
2019-12-19 16:57 ` Neil Horman
2019-12-19 17:52 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191204182703.GA5057@localhost.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stranche@codeaurora.org \
--cc=subashab@codeaurora.org \
--cc=zenczykowski@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox