From: Paul Moore <paul@xxxxxxxxxxxxxx> Ensure that we apply MCS constraints to the test_inet_server_t domain, this was causing test failures on RHEL-6.x based systems. Thanks to Stephen Smalley and Lukas Vrabec for some off-list discussion related to this problem and its solution. Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> --- policy/test_inet_socket.te | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/policy/test_inet_socket.te b/policy/test_inet_socket.te index c25900b..428d28e 100644 --- a/policy/test_inet_socket.te +++ b/policy/test_inet_socket.te @@ -33,6 +33,16 @@ corenet_udp_bind_all_nodes(test_inet_server_t) corenet_inout_generic_if(test_inet_server_t) corenet_inout_generic_node(test_inet_server_t) +# We need to ensure that the test domain is MCS constrained. +## newer systems, e.g. Fedora and RHEL >= 7.x +ifdef(`mcs_constrained', ` + mcs_constrained(test_inet_server_t) +') +## older systems, e.g. RHEL == 6.x +ifdef(`mcs_untrusted_proc', ` + mcs_untrusted_proc(test_inet_server_t) +') + # Domain for client process. type test_inet_client_t; domain_type(test_inet_client_t) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
