| Message ID | 20191118123056.338496-3-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | Fix refpolicy build & build test_policy.pp in Travis | expand |
On 11/18/19 7:30 AM, Ondrej Mosnacek wrote: > dev_rw_infiniband_dev() and mount_rw_pid_files() are not defined in > refpolicy. Fall back to dev_rw_generic_files() and > mount_rw_runtime_files() if they are not defined. > > Also, userdom_search_admin_dir() is not defined in refpolicy because it > doesn't have admin_home_t. Fall back to > userdom_search_user_home_content(), which should apply for root's home > directory under refpolicy. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Is there a reason you didn't make the changes I suggested to dev_rw_infiniband_dev()? > --- > policy/test_policy.if | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > > diff --git a/policy/test_policy.if b/policy/test_policy.if > index 939cd7e..38214a9 100644 > --- a/policy/test_policy.if > +++ b/policy/test_policy.if > @@ -60,3 +60,24 @@ interface(`userdom_sysadm_entry_spec_domtrans_to',` > allow $1 sysadm_t:process sigchld; > ') > ') > + > +# Workarounds for refpolicy: > + > +ifdef(`dev_rw_infiniband_dev', `', ` dnl > +interface(`dev_rw_infiniband_dev', ` > + dev_rw_generic_files($1) > +') > +') > + > +ifdef(`mount_rw_pid_files', `', ` dnl > +interface(`mount_rw_pid_files', ` > + mount_rw_runtime_files($1) > +') > +') > + > +# Refpolicy doesn't have admin_home_t - assume /root will be user_home_dir_t. > +ifdef(`userdom_search_admin_dir', `', ` dnl > +interface(`userdom_search_admin_dir', ` > + userdom_search_user_home_content($1) > +') > +') >
On Mon, Nov 18, 2019 at 3:06 PM Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 11/18/19 7:30 AM, Ondrej Mosnacek wrote: > > dev_rw_infiniband_dev() and mount_rw_pid_files() are not defined in > > refpolicy. Fall back to dev_rw_generic_files() and > > mount_rw_runtime_files() if they are not defined. > > > > Also, userdom_search_admin_dir() is not defined in refpolicy because it > > doesn't have admin_home_t. Fall back to > > userdom_search_user_home_content(), which should apply for root's home > > directory under refpolicy. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > Is there a reason you didn't make the changes I suggested to > dev_rw_infiniband_dev()? No, sorry, I forgot to address that part... again :| > > > --- > > policy/test_policy.if | 21 +++++++++++++++++++++ > > 1 file changed, 21 insertions(+) > > > > diff --git a/policy/test_policy.if b/policy/test_policy.if > > index 939cd7e..38214a9 100644 > > --- a/policy/test_policy.if > > +++ b/policy/test_policy.if > > @@ -60,3 +60,24 @@ interface(`userdom_sysadm_entry_spec_domtrans_to',` > > allow $1 sysadm_t:process sigchld; > > ') > > ') > > + > > +# Workarounds for refpolicy: > > + > > +ifdef(`dev_rw_infiniband_dev', `', ` dnl > > +interface(`dev_rw_infiniband_dev', ` > > + dev_rw_generic_files($1) > > +') > > +') > > + > > +ifdef(`mount_rw_pid_files', `', ` dnl > > +interface(`mount_rw_pid_files', ` > > + mount_rw_runtime_files($1) > > +') > > +') > > + > > +# Refpolicy doesn't have admin_home_t - assume /root will be user_home_dir_t. > > +ifdef(`userdom_search_admin_dir', `', ` dnl > > +interface(`userdom_search_admin_dir', ` > > + userdom_search_user_home_content($1) > > +') > > +') > > > -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
diff --git a/policy/test_policy.if b/policy/test_policy.if index 939cd7e..38214a9 100644 --- a/policy/test_policy.if +++ b/policy/test_policy.if @@ -60,3 +60,24 @@ interface(`userdom_sysadm_entry_spec_domtrans_to',` allow $1 sysadm_t:process sigchld; ') ') + +# Workarounds for refpolicy: + +ifdef(`dev_rw_infiniband_dev', `', ` dnl +interface(`dev_rw_infiniband_dev', ` + dev_rw_generic_files($1) +') +') + +ifdef(`mount_rw_pid_files', `', ` dnl +interface(`mount_rw_pid_files', ` + mount_rw_runtime_files($1) +') +') + +# Refpolicy doesn't have admin_home_t - assume /root will be user_home_dir_t. +ifdef(`userdom_search_admin_dir', `', ` dnl +interface(`userdom_search_admin_dir', ` + userdom_search_user_home_content($1) +') +')
dev_rw_infiniband_dev() and mount_rw_pid_files() are not defined in refpolicy. Fall back to dev_rw_generic_files() and mount_rw_runtime_files() if they are not defined. Also, userdom_search_admin_dir() is not defined in refpolicy because it doesn't have admin_home_t. Fall back to userdom_search_user_home_content(), which should apply for root's home directory under refpolicy. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- policy/test_policy.if | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)