On 12/17/19 8:11 AM, Paul Moore wrote:
On Mon, Dec 16, 2019 at 8:47 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On 12/10/19 10:39 AM, Stephen Smalley wrote:
Test all permissions associated with the lockdown class.
Also update other test policies to allow lockdown permissions
where needed.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Barring objections, I will merge this tomorrow Dec 17.
Thanks Stephen.
This is now applied. As a reminder, these tests won't be exercised until
Fedora updates its policies to define the lockdown class (and ditto for
other recent additions, e.g. perf_events, fsnotify/watch) unless the
tester manually patches the declarations into
/usr/share/selinux/devel/include/support/all_perms.spt and inserts a cil
module defining the new class/perms for the kernel.
