On Wed, Sep 18, 2019 at 8:58 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > The overlay test policy had two calls to the > userdom_read_inherited_user_tmp_files() policy interface. > This is a Fedora-specific interface that is not present in > refpolicy and therefore prevents building the test policy on > other distributions. Further, there is no clear reason why > the calls to this interface are needed for the overlay tests; > the tests are not inheriting open /tmp files. Remove the > calls. > > Fixes: https://github.com/SELinuxProject/selinux-testsuite/issues/57 > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> This patch doesn't break anything for me when run on Fedora Rawhide - even when I run the testsuite under /tmp. Tested-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > policy/test_overlayfs.te | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te > index 3be53fce0f9c..6f1756e9a118 100644 > --- a/policy/test_overlayfs.te > +++ b/policy/test_overlayfs.te > @@ -50,7 +50,6 @@ fs_mount_xattr_fs(test_overlay_mounter_t) > corecmd_shell_entry_type(test_overlay_mounter_t) > corecmd_exec_bin(test_overlay_mounter_t) > > -userdom_read_inherited_user_tmp_files(test_overlay_mounter_t) > userdom_search_admin_dir(test_overlay_mounter_t) > userdom_search_user_home_content(test_overlay_mounter_t) > > @@ -123,7 +122,6 @@ corecmd_exec_bin(test_overlay_client_t) > kernel_read_system_state(test_overlay_client_t) > kernel_read_proc_symlinks(test_overlay_client_t) > > -userdom_read_inherited_user_tmp_files(test_overlay_client_t) > userdom_search_admin_dir(test_overlay_client_t) > userdom_search_user_home_content(test_overlay_client_t) > > -- > 2.21.0 > -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
