[PATCH] selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files

[PATCH] selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files

[Stephen Smalley]

The overlay test policy had two calls to the
userdom_read_inherited_user_tmp_files() policy interface.
This is a Fedora-specific interface that is not present in
refpolicy and therefore prevents building the test policy on
other distributions.  Further, there is no clear reason why
the calls to this interface are needed for the overlay tests;
the tests are not inheriting open /tmp files.  Remove the
calls.

Fixes: https://github.com/SELinuxProject/selinux-testsuite/issues/57
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 policy/test_overlayfs.te | 2 --
 1 file changed, 2 deletions(-)

diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te
index 3be53fce0f9c..6f1756e9a118 100644
--- a/policy/test_overlayfs.te
+++ b/policy/test_overlayfs.te
@@ -50,7 +50,6 @@ fs_mount_xattr_fs(test_overlay_mounter_t)
 corecmd_shell_entry_type(test_overlay_mounter_t)
 corecmd_exec_bin(test_overlay_mounter_t)
 
-userdom_read_inherited_user_tmp_files(test_overlay_mounter_t)
 userdom_search_admin_dir(test_overlay_mounter_t)
 userdom_search_user_home_content(test_overlay_mounter_t)
 
@@ -123,7 +122,6 @@ corecmd_exec_bin(test_overlay_client_t)
 kernel_read_system_state(test_overlay_client_t)
 kernel_read_proc_symlinks(test_overlay_client_t)
 
-userdom_read_inherited_user_tmp_files(test_overlay_client_t)
 userdom_search_admin_dir(test_overlay_client_t)
 userdom_search_user_home_content(test_overlay_client_t)
 
-- 
2.21.0

Re: [PATCH] selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files

[Ondrej Mosnacek]

On Wed, Sep 18, 2019 at 8:58 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> The overlay test policy had two calls to the
> userdom_read_inherited_user_tmp_files() policy interface.
> This is a Fedora-specific interface that is not present in
> refpolicy and therefore prevents building the test policy on
> other distributions.  Further, there is no clear reason why
> the calls to this interface are needed for the overlay tests;
> the tests are not inheriting open /tmp files.  Remove the
> calls.
>
> Fixes: https://github.com/SELinuxProject/selinux-testsuite/issues/57
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This patch doesn't break anything for me when run on Fedora Rawhide -
even when I run the testsuite under /tmp.

Tested-by: Ondrej Mosnacek <omosnace@redhat.com>

> ---
>  policy/test_overlayfs.te | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te
> index 3be53fce0f9c..6f1756e9a118 100644
> --- a/policy/test_overlayfs.te
> +++ b/policy/test_overlayfs.te
> @@ -50,7 +50,6 @@ fs_mount_xattr_fs(test_overlay_mounter_t)
>  corecmd_shell_entry_type(test_overlay_mounter_t)
>  corecmd_exec_bin(test_overlay_mounter_t)
>
> -userdom_read_inherited_user_tmp_files(test_overlay_mounter_t)
>  userdom_search_admin_dir(test_overlay_mounter_t)
>  userdom_search_user_home_content(test_overlay_mounter_t)
>
> @@ -123,7 +122,6 @@ corecmd_exec_bin(test_overlay_client_t)
>  kernel_read_system_state(test_overlay_client_t)
>  kernel_read_proc_symlinks(test_overlay_client_t)
>
> -userdom_read_inherited_user_tmp_files(test_overlay_client_t)
>  userdom_search_admin_dir(test_overlay_client_t)
>  userdom_search_user_home_content(test_overlay_client_t)
>
> --
> 2.21.0
>

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.