On 8/27/19 1:14 PM, Paul Moore wrote:
On Wed, Jul 10, 2019 at 9:40 AM Aaron Goidel <acgoide@xxxxxxxxxxxxx> wrote:
Added a suite to test permissions for setting inotify and fanotify watches
on filesystem objects. Tests watch, watch_with_perm, and watch_reads permissions.
Signed-off-by: Aaron Goidel <acgoide@xxxxxxxxxxxxx>
---
policy/Makefile | 4 ++
policy/test_notify.te | 74 ++++++++++++++++++++++++
tests/Makefile | 4 ++
tests/notify/Makefile | 5 ++
tests/notify/test | 101 +++++++++++++++++++++++++++++++++
tests/notify/test_fanotify.c | 105 +++++++++++++++++++++++++++++++++++
tests/notify/test_inotify.c | 43 ++++++++++++++
7 files changed, 336 insertions(+)
create mode 100644 policy/test_notify.te
create mode 100644 tests/notify/Makefile
create mode 100755 tests/notify/test
create mode 100644 tests/notify/test_fanotify.c
create mode 100644 tests/notify/test_inotify.c
FYI, I'm still waiting on the new permissions to show up in the
Rawhide policy so I can test this and verify everything is working
correctly with a "released" policy.
I also had to perform a number of fixes to get 'make check-syntax' to
run cleanly.
Anything we could/should do to help this along?
