On Tue, 28 May 2024 16:55:55 +1000
David Gibson
On Sun, May 26, 2024 at 06:28:42PM -0400, Derek Schrock wrote:
Allow access to user_devpts.
$ pasta --version pasta 0^20240510.g7288448-1.fc40.x86_64 ... $ awk '' < /dev/null $ pasta --version $
While this might be a awk bug it appears pasta should still have access to devpts.
Derek, thanks for the patch!
It's not clear to me why pasta would need any access to /dev/pts. The shell that pasta spawns does, of course, but it should already live in a difference security context.
Note that that doesn't happen in a shell pasta spawned: pasta --version doesn't do that. It's just that after that awk comamnd, enabling access to user_tty_device_t doesn't seem to be enough anymore, we need user_devpts_t then. Which is probably something reasonable to enable anyway. -- Stefano