On Wed, Jul 10, 2019 at 9:40 AM Aaron Goidel <acgoide@xxxxxxxxxxxxx> wrote: > > Added a suite to test permissions for setting inotify and fanotify watches > on filesystem objects. Tests watch, watch_with_perm, and watch_reads permissions. > > Signed-off-by: Aaron Goidel <acgoide@xxxxxxxxxxxxx> > --- > policy/Makefile | 4 ++ > policy/test_notify.te | 74 ++++++++++++++++++++++++ > tests/Makefile | 4 ++ > tests/notify/Makefile | 5 ++ > tests/notify/test | 101 +++++++++++++++++++++++++++++++++ > tests/notify/test_fanotify.c | 105 +++++++++++++++++++++++++++++++++++ > tests/notify/test_inotify.c | 43 ++++++++++++++ > 7 files changed, 336 insertions(+) > create mode 100644 policy/test_notify.te > create mode 100644 tests/notify/Makefile > create mode 100755 tests/notify/test > create mode 100644 tests/notify/test_fanotify.c > create mode 100644 tests/notify/test_inotify.c FYI, I'm still waiting on the new permissions to show up in the Rawhide policy so I can test this and verify everything is working correctly with a "released" policy. I also had to perform a number of fixes to get 'make check-syntax' to run cleanly. -- paul moore www.paul-moore.com
