On Tue, Nov 5, 2019 at 4:02 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Thu, Oct 31, 2019 at 3:15 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > From: Aaron Goidel <acgoide@xxxxxxxxxxxxx> > > > > Added a suite to test permissions for setting inotify and fanotify watches > > on filesystem objects. Tests watch, watch_with_perm, and watch_reads > > permissions. > > > > Signed-off-by: Aaron Goidel <acgoide@xxxxxxxxxxxxx> > > [sds@xxxxxxxxxxxxx: fix whitespace, check-syntax -f, policy cleanup] > > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > > --- > > policy/Makefile | 4 ++ > > policy/test_notify.te | 94 +++++++++++++++++++++++++ > > tests/Makefile | 4 ++ > > tests/notify/Makefile | 5 ++ > > tests/notify/test | 133 +++++++++++++++++++++++++++++++++++ > > tests/notify/test_fanotify.c | 109 ++++++++++++++++++++++++++++ > > tests/notify/test_inotify.c | 43 +++++++++++ > > 7 files changed, 392 insertions(+) > > create mode 100644 policy/test_notify.te > > create mode 100644 tests/notify/Makefile > > create mode 100755 tests/notify/test > > create mode 100644 tests/notify/test_fanotify.c > > create mode 100644 tests/notify/test_inotify.c > > Merged, thanks Aaron and Stephen. > > Lukas, do you know when you expect to merge the necessary policy > support into Fedora? This is currently blocked on me making some changes to [1], sorry... I hope I'll find some time to get to it in the upcoming days... [1] https://github.com/fedora-selinux/selinux-policy/pull/288 -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
