All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stephen Smalley <sds@tycho.nsa.gov>
To: paul@paul-moore.com
Cc: selinux@vger.kernel.org, omosnace@redhat.com,
	Stephen Smalley <sds@tycho.nsa.gov>
Subject: [PATCH] selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files
Date: Wed, 18 Sep 2019 14:58:25 -0400	[thread overview]
Message-ID: <20190918185825.8012-1-sds@tycho.nsa.gov> (raw)

The overlay test policy had two calls to the
userdom_read_inherited_user_tmp_files() policy interface.
This is a Fedora-specific interface that is not present in
refpolicy and therefore prevents building the test policy on
other distributions.  Further, there is no clear reason why
the calls to this interface are needed for the overlay tests;
the tests are not inheriting open /tmp files.  Remove the
calls.

Fixes: https://github.com/SELinuxProject/selinux-testsuite/issues/57
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 policy/test_overlayfs.te | 2 --
 1 file changed, 2 deletions(-)

diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te
index 3be53fce0f9c..6f1756e9a118 100644
--- a/policy/test_overlayfs.te
+++ b/policy/test_overlayfs.te
@@ -50,7 +50,6 @@ fs_mount_xattr_fs(test_overlay_mounter_t)
 corecmd_shell_entry_type(test_overlay_mounter_t)
 corecmd_exec_bin(test_overlay_mounter_t)
 
-userdom_read_inherited_user_tmp_files(test_overlay_mounter_t)
 userdom_search_admin_dir(test_overlay_mounter_t)
 userdom_search_user_home_content(test_overlay_mounter_t)
 
@@ -123,7 +122,6 @@ corecmd_exec_bin(test_overlay_client_t)
 kernel_read_system_state(test_overlay_client_t)
 kernel_read_proc_symlinks(test_overlay_client_t)
 
-userdom_read_inherited_user_tmp_files(test_overlay_client_t)
 userdom_search_admin_dir(test_overlay_client_t)
 userdom_search_user_home_content(test_overlay_client_t)
 
-- 
2.21.0


             reply	other threads:[~2019-09-18 18:58 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-18 18:58 Stephen Smalley [this message]
2019-09-19  8:07 ` [PATCH] selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files Ondrej Mosnacek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190918185825.8012-1-sds@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.