On Wed, Jan 15, 2020 at 10:09 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On 1/14/20 9:44 AM, Richard Haines wrote:
> > Test filesystem permissions, setfscreatecon(3), file { quotaon } and
> > changing file context via non and name-based type_transition rules.
> >
> > From kernels 5.5 filesystem { watch } is also tested.
> >
> > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
>
> This looks good to me and passes travis-ci and testing on Fedora.
> Ondrej, how does it fare on RHEL?
Thanks for asking! Unfortunately the policy fails to build on RHEL-6
due to lack of support for filename-based transitions... That part of
the test needs to be somehow conditioned on $(MOD_POL_VERS) >= 11 and
$(POL_VERS) >= 25. After I removed the two filetrans rules, only the
expected two subtests failed, so the rest seems to be fine.
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
