On Thu, Oct 31, 2019 at 3:15 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > From: Aaron Goidel <acgoide@xxxxxxxxxxxxx> > > Added a suite to test permissions for setting inotify and fanotify watches > on filesystem objects. Tests watch, watch_with_perm, and watch_reads > permissions. > > Signed-off-by: Aaron Goidel <acgoide@xxxxxxxxxxxxx> > [sds@xxxxxxxxxxxxx: fix whitespace, check-syntax -f, policy cleanup] > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > --- > policy/Makefile | 4 ++ > policy/test_notify.te | 94 +++++++++++++++++++++++++ > tests/Makefile | 4 ++ > tests/notify/Makefile | 5 ++ > tests/notify/test | 133 +++++++++++++++++++++++++++++++++++ > tests/notify/test_fanotify.c | 109 ++++++++++++++++++++++++++++ > tests/notify/test_inotify.c | 43 +++++++++++ > 7 files changed, 392 insertions(+) > create mode 100644 policy/test_notify.te > create mode 100644 tests/notify/Makefile > create mode 100755 tests/notify/test > create mode 100644 tests/notify/test_fanotify.c > create mode 100644 tests/notify/test_inotify.c Merged, thanks Aaron and Stephen. Lukas, do you know when you expect to merge the necessary policy support into Fedora? -- paul moore www.paul-moore.com
