| Message ID | 20191213091733.1058949-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [testsuite] selinux-testsuite: fix tun_tap checks | expand |
On 12/13/19 4:17 AM, Ondrej Mosnacek wrote: > The attach_queue permission was introduced later than the tun_socket > class itself. So check for that instead of the class, since the policy > fails to build without it. > > Fixes: 4e0f6d5a52d2 ("selinux-testsuite: Add TUN/TAP driver tests") > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > policy/Makefile | 2 +- > tests/Makefile | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policy/Makefile b/policy/Makefile > index f0de669..909594a 100644 > --- a/policy/Makefile > +++ b/policy/Makefile > @@ -101,7 +101,7 @@ ifeq ($(shell grep -q module_load $(POLDEV)/include/support/all_perms.spt && ech > TARGETS+=test_module_load.te > endif > > -ifeq ($(shell grep -q tun_socket $(POLDEV)/include/support/all_perms.spt && echo true),true) > +ifeq ($(shell grep -q attach_queue $(POLDEV)/include/support/all_perms.spt && echo true),true) > TARGETS += test_tun_tap.te > endif > > diff --git a/tests/Makefile b/tests/Makefile > index 9a890be..45c9885 100644 > --- a/tests/Makefile > +++ b/tests/Makefile > @@ -79,7 +79,7 @@ SUBDIRS+=module_load > endif > endif > > -ifeq ($(shell grep -q tun_socket $(POLDEV)/include/support/all_perms.spt && echo true),true) > +ifeq ($(shell grep -q attach_queue $(POLDEV)/include/support/all_perms.spt && echo true),true) > SUBDIRS += tun_tap > endif > >
On 12/13/19 4:17 AM, Ondrej Mosnacek wrote: > The attach_queue permission was introduced later than the tun_socket > class itself. So check for that instead of the class, since the policy > fails to build without it. > > Fixes: 4e0f6d5a52d2 ("selinux-testsuite: Add TUN/TAP driver tests") > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Thanks, applied. > --- > policy/Makefile | 2 +- > tests/Makefile | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policy/Makefile b/policy/Makefile > index f0de669..909594a 100644 > --- a/policy/Makefile > +++ b/policy/Makefile > @@ -101,7 +101,7 @@ ifeq ($(shell grep -q module_load $(POLDEV)/include/support/all_perms.spt && ech > TARGETS+=test_module_load.te > endif > > -ifeq ($(shell grep -q tun_socket $(POLDEV)/include/support/all_perms.spt && echo true),true) > +ifeq ($(shell grep -q attach_queue $(POLDEV)/include/support/all_perms.spt && echo true),true) > TARGETS += test_tun_tap.te > endif > > diff --git a/tests/Makefile b/tests/Makefile > index 9a890be..45c9885 100644 > --- a/tests/Makefile > +++ b/tests/Makefile > @@ -79,7 +79,7 @@ SUBDIRS+=module_load > endif > endif > > -ifeq ($(shell grep -q tun_socket $(POLDEV)/include/support/all_perms.spt && echo true),true) > +ifeq ($(shell grep -q attach_queue $(POLDEV)/include/support/all_perms.spt && echo true),true) > SUBDIRS += tun_tap > endif > >
diff --git a/policy/Makefile b/policy/Makefile index f0de669..909594a 100644 --- a/policy/Makefile +++ b/policy/Makefile @@ -101,7 +101,7 @@ ifeq ($(shell grep -q module_load $(POLDEV)/include/support/all_perms.spt && ech TARGETS+=test_module_load.te endif -ifeq ($(shell grep -q tun_socket $(POLDEV)/include/support/all_perms.spt && echo true),true) +ifeq ($(shell grep -q attach_queue $(POLDEV)/include/support/all_perms.spt && echo true),true) TARGETS += test_tun_tap.te endif diff --git a/tests/Makefile b/tests/Makefile index 9a890be..45c9885 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -79,7 +79,7 @@ SUBDIRS+=module_load endif endif -ifeq ($(shell grep -q tun_socket $(POLDEV)/include/support/all_perms.spt && echo true),true) +ifeq ($(shell grep -q attach_queue $(POLDEV)/include/support/all_perms.spt && echo true),true) SUBDIRS += tun_tap endif
The attach_queue permission was introduced later than the tun_socket class itself. So check for that instead of the class, since the policy fails to build without it. Fixes: 4e0f6d5a52d2 ("selinux-testsuite: Add TUN/TAP driver tests") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- policy/Makefile | 2 +- tests/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)