| Message ID | 20230117170933.16807-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | [TESTSUITE,v2] policy: handle files_list_pids() renaming in Refpolicy | expand |
On Tue, Jan 17, 2023 at 6:14 PM Christian Göttsche <cgzones@googlemail.com> wrote: > files_list_pids() has been superseded and marked deprecated in the > Reference Policy since Jun 2020[1]. In the latest release it has been > completely removed[2]. > > Call both the old and replacement interface conditionally to support > recent Refpolicy versions as well as old ones. > > [1]: https://github.com/SELinuxProject/refpolicy/commit/be04bb3e7e63671ed8a3c501a2ee76e11c3b92bb > [2]: https://github.com/SELinuxProject/refpolicy/commit/3ca0cd59d7a9b531dd3620a02940396343fe2ed5 > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > v2: > call both interfaces conditionally > --- > policy/test_global.te | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/policy/test_global.te b/policy/test_global.te > index e95102a..052c7dd 100644 > --- a/policy/test_global.te > +++ b/policy/test_global.te > @@ -121,7 +121,6 @@ allow testsuite_domain proc_t:file { getattr read open }; > files_list_var(testsuite_domain) > files_list_home(testsuite_domain) > dev_read_rand(testsuite_domain) > -files_list_pids(testsuite_domain) > require { > type root_t; > type etc_t; > @@ -154,6 +153,14 @@ selinux_compute_create_context(testsuite_domain) > selinux_compute_relabel_context(testsuite_domain) > selinux_compute_user_contexts(testsuite_domain) > > +# Reference policy renamed files_list_pids() to files_list_runtime() > +ifdef(`files_list_pids', ` > + files_list_pids(testsuite_domain) > +') > +ifdef(`files_list_runtime', ` > + files_list_runtime(testsuite_domain) > +') > + > ifdef(`distro_redhat', ` > ifdef(`auth_read_passwd', ` > auth_read_passwd(testsuite_domain) > -- > 2.39.0 Thanks! Applied: https://github.com/SELinuxProject/selinux-testsuite/commit/ebda879d7b6a7369fafc980b0bc223792d7bd5ab
diff --git a/policy/test_global.te b/policy/test_global.te index e95102a..052c7dd 100644 --- a/policy/test_global.te +++ b/policy/test_global.te @@ -121,7 +121,6 @@ allow testsuite_domain proc_t:file { getattr read open }; files_list_var(testsuite_domain) files_list_home(testsuite_domain) dev_read_rand(testsuite_domain) -files_list_pids(testsuite_domain) require { type root_t; type etc_t; @@ -154,6 +153,14 @@ selinux_compute_create_context(testsuite_domain) selinux_compute_relabel_context(testsuite_domain) selinux_compute_user_contexts(testsuite_domain) +# Reference policy renamed files_list_pids() to files_list_runtime() +ifdef(`files_list_pids', ` + files_list_pids(testsuite_domain) +') +ifdef(`files_list_runtime', ` + files_list_runtime(testsuite_domain) +') + ifdef(`distro_redhat', ` ifdef(`auth_read_passwd', ` auth_read_passwd(testsuite_domain)
files_list_pids() has been superseded and marked deprecated in the Reference Policy since Jun 2020[1]. In the latest release it has been completely removed[2]. Call both the old and replacement interface conditionally to support recent Refpolicy versions as well as old ones. [1]: https://github.com/SELinuxProject/refpolicy/commit/be04bb3e7e63671ed8a3c501a2ee76e11c3b92bb [2]: https://github.com/SELinuxProject/refpolicy/commit/3ca0cd59d7a9b531dd3620a02940396343fe2ed5 Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v2: call both interfaces conditionally --- policy/test_global.te | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)