From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.sws.net.au (smtp.sws.net.au [144.76.186.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F4652652A4 for ; Mon, 3 Nov 2025 01:07:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.76.186.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762132048; cv=none; b=IfeDuslLjrMkPlIXrVGf8x6DwYWqPHuRA18VYaLKXXHYEvM7uRh7f6ybNQm7hXxCU33+WCpk0pJV23ANnSbaQ4JjpUgjM6pMyAguyrspXAV3dO+tJOM6l/hkh1f4GGdVl42H2O3CxzrfYM2ithnnqAQ3Ui2fgtN9Ds37EZHeaG4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762132048; c=relaxed/simple; bh=JPH65oE7CvHjHRuqS82OaSjrHjcul4BMzvuPIcZ7qc4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AeTpKzGwLoFf6BtX9uKG2mnU8Ookvql1BQa+iTbWx3K+lLHchAsCbnpvExV+paPYGjx/l6NEyHo6suhKCtikdF3kSBk7fquW7JH+NA6c6R1q4jTLs7iaRn8GQT9yKOrK60nCUIYm738AsieAte0xZMGCd/BBTij4Y3Wuwb4/ngY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au; spf=pass smtp.mailfrom=coker.com.au; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b=n9YUXDJk; arc=none smtp.client-ip=144.76.186.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=coker.com.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=coker.com.au Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="n9YUXDJk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1762132044; bh=dw1X9k4S9c3DAKpcZoVsN7PJC55DOhm5gkl6NUKhLyA=; l=578; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n9YUXDJk2WVaobmEPaVg9UTEDZJ0pyHWfUr4xlkHxVNp7vg1J2a0aFaz6Rny6ifcW 7tipvMnYod11xZTzQ2p7YpO6qTW8r/3BjhxwuSUH/R2HRvio+Xmi5wjiHNvyfqdsQe QI7mGRgLXlMISv3pf38ud7F3ekUIttm/9S8IjM8U= Received: from liv.coker.com.au (n175-33-157-163.sun22.vic.optusnet.com.au [175.33.157.163]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 774DA16063; Mon, 03 Nov 2025 12:07:20 +1100 (AEDT) From: Russell Coker To: Stephen Smalley , selinux-refpolicy@vger.kernel.org, Chris PeBenito Cc: paul@paul-moore.com, omosnace@redhat.com Subject: Re: [PATCH refpolicy] kernel: remove some unused initial SID contexts Date: Mon, 03 Nov 2025 12:07:08 +1100 Message-ID: <7788525.18pcnM708K@dojacat> In-Reply-To: <4706985.LvFx2qVVIh@xev> References: <20251030200720.18719-2-stephen.smalley.work@gmail.com> <9e69696a-cbee-4bc5-8679-5e5407490c3d@ieee.org> <4706985.LvFx2qVVIh@xev> Precedence: bulk X-Mailing-List: selinux-refpolicy@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" On Sunday, 2 November 2025 12:28:21 AEDT Russell Coker wrote: > The above is what apparently used to be the policy so it looks like node_t > is being changed to sysctl_t. allow sshd_t sysctl_t:tcp_socket node_bind; I also tried rebooting a VM running that policy (previously I had loaded it on a running system) and got the same result with TCP as an additional issue. Also I tried kernel 6.12.48+deb13-amd64 (the latest kernel for Debian/Trixie the latest stable release). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/