| Message ID | 20190918185825.8012-1-sds@tycho.nsa.gov (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files | expand |
On Wed, Sep 18, 2019 at 8:58 PM Stephen Smalley <sds@tycho.nsa.gov> wrote: > The overlay test policy had two calls to the > userdom_read_inherited_user_tmp_files() policy interface. > This is a Fedora-specific interface that is not present in > refpolicy and therefore prevents building the test policy on > other distributions. Further, there is no clear reason why > the calls to this interface are needed for the overlay tests; > the tests are not inheriting open /tmp files. Remove the > calls. > > Fixes: https://github.com/SELinuxProject/selinux-testsuite/issues/57 > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> This patch doesn't break anything for me when run on Fedora Rawhide - even when I run the testsuite under /tmp. Tested-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > policy/test_overlayfs.te | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te > index 3be53fce0f9c..6f1756e9a118 100644 > --- a/policy/test_overlayfs.te > +++ b/policy/test_overlayfs.te > @@ -50,7 +50,6 @@ fs_mount_xattr_fs(test_overlay_mounter_t) > corecmd_shell_entry_type(test_overlay_mounter_t) > corecmd_exec_bin(test_overlay_mounter_t) > > -userdom_read_inherited_user_tmp_files(test_overlay_mounter_t) > userdom_search_admin_dir(test_overlay_mounter_t) > userdom_search_user_home_content(test_overlay_mounter_t) > > @@ -123,7 +122,6 @@ corecmd_exec_bin(test_overlay_client_t) > kernel_read_system_state(test_overlay_client_t) > kernel_read_proc_symlinks(test_overlay_client_t) > > -userdom_read_inherited_user_tmp_files(test_overlay_client_t) > userdom_search_admin_dir(test_overlay_client_t) > userdom_search_user_home_content(test_overlay_client_t) > > -- > 2.21.0 >
diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te index 3be53fce0f9c..6f1756e9a118 100644 --- a/policy/test_overlayfs.te +++ b/policy/test_overlayfs.te @@ -50,7 +50,6 @@ fs_mount_xattr_fs(test_overlay_mounter_t) corecmd_shell_entry_type(test_overlay_mounter_t) corecmd_exec_bin(test_overlay_mounter_t) -userdom_read_inherited_user_tmp_files(test_overlay_mounter_t) userdom_search_admin_dir(test_overlay_mounter_t) userdom_search_user_home_content(test_overlay_mounter_t) @@ -123,7 +122,6 @@ corecmd_exec_bin(test_overlay_client_t) kernel_read_system_state(test_overlay_client_t) kernel_read_proc_symlinks(test_overlay_client_t) -userdom_read_inherited_user_tmp_files(test_overlay_client_t) userdom_search_admin_dir(test_overlay_client_t) userdom_search_user_home_content(test_overlay_client_t)
The overlay test policy had two calls to the userdom_read_inherited_user_tmp_files() policy interface. This is a Fedora-specific interface that is not present in refpolicy and therefore prevents building the test policy on other distributions. Further, there is no clear reason why the calls to this interface are needed for the overlay tests; the tests are not inheriting open /tmp files. Remove the calls. Fixes: https://github.com/SELinuxProject/selinux-testsuite/issues/57 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> --- policy/test_overlayfs.te | 2 -- 1 file changed, 2 deletions(-)