From: Stephen Smalley <sds@tycho.nsa.gov>
To: Ondrej Mosnacek <omosnace@redhat.com>, selinux@vger.kernel.org
Subject: Re: [PATCH testsuite 2/3] policy: add fallbacks for Fedora-specific macros
Date: Mon, 30 Sep 2019 09:32:46 -0400 [thread overview]
Message-ID: <c7521035-8608-c24e-4056-c58aa02de387@tycho.nsa.gov> (raw)
In-Reply-To: <20190930104850.5482-3-omosnace@redhat.com>
On 9/30/19 6:48 AM, Ondrej Mosnacek wrote:
> dev_rw_infiniband_dev() and mount_rw_pid_files() are not defined in
> refpolicy. Fall back to dev_rw_generic_files() and
> mount_rw_runtime_files() if they are not defined.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> policy/test_policy.if | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/policy/test_policy.if b/policy/test_policy.if
> index 40e7499..e31345e 100644
> --- a/policy/test_policy.if
> +++ b/policy/test_policy.if
> @@ -71,3 +71,17 @@ interface(`userdom_search_generic_user_home_dirs', `
> userdom_search_user_home_content($1)
> ')
> ')
> +
> +# Workarounds for refpolicy:
> +
> +ifdef(`dev_rw_infiniband_dev', `', ` dnl
> +interface(`dev_rw_infiniband_dev', `
> + dev_rw_generic_files($1)
> +')
> +')
dev_rw_infiniband_dev allows access to character and block devices
labeled infiniband_device_t. dev_rw_generic_files() allows access to
_regular_ files labeled device_t. dev_rw_generic_chr_files() and
dev_rw_generic_blk_files() would be the equivalent interfaces.
Alternatively, we could wrap the calls in the test_ib*.te files with
ifdefs as we do for e.g. corenet_ib_pkey and other interfaces.
Regardless, I don't think the infiniband tests will presently work on a
system with only refpolicy.
> +
> +ifdef(`mount_rw_pid_files', `', ` dnl
> +interface(`mount_rw_pid_files', `
> + mount_rw_runtime_files($1)
> +')
> +')
>
next prev parent reply other threads:[~2019-09-30 13:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-30 10:48 [PATCH testsuite 0/3] Fix refpolicy build & build test_policy.pp in Travis Ondrej Mosnacek
2019-09-30 10:48 ` [PATCH testsuite 1/3] policy: consolidate macros for home dirs access Ondrej Mosnacek
2019-09-30 13:24 ` Stephen Smalley
2019-09-30 13:56 ` Ondrej Mosnacek
2019-09-30 10:48 ` [PATCH testsuite 2/3] policy: add fallbacks for Fedora-specific macros Ondrej Mosnacek
2019-09-30 13:32 ` Stephen Smalley [this message]
2019-09-30 14:21 ` Ondrej Mosnacek
2019-09-30 10:48 ` [PATCH testsuite 3/3] travis: test building the test policy package Ondrej Mosnacek
2019-09-30 13:43 ` Stephen Smalley
2019-09-30 13:51 ` Stephen Smalley
2019-09-30 15:02 ` Ondrej Mosnacek
2019-09-30 18:05 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c7521035-8608-c24e-4056-c58aa02de387@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).