On Fri, Jan 17, 2020 at 7:22 PM Richard Haines
<richard_c_haines@xxxxxxxxxxxxxx> wrote:
> On Fri, 2020-01-17 at 12:32 -0500, Stephen Smalley wrote:
> > On 1/16/20 1:51 PM, Richard Haines wrote:
> > > Test filesystem permissions, setfscreatecon(3), file { quotaon }
> > > and
> > > changing file context via non and name-based type_transition rules.
> > > The name-based rules only apply to MOD_POL_VERS=>11 and
> > > POL_VERS=>25
> > >
> > > From kernels 5.5 filesystem { watch } is also tested.
> > >
> > > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> >
> > This passes travis-ci and testing on Fedora and generally looks good
> > to
> > me. Only question I had was whether we should be checking the
> > kernel's
> > max supported policyvers (/sys/fs/selinux/policyvers,
> > MAX_KERNEL_POLICY
> > in the policy Makefile) as well as that of checkpolicy/checkmodule,
> > because otherwise the policy might compile ok but the name-based
> > transitions will be discarded upon automatic downgrade at policy
> > load
> > time and the tests will fail.
>
> Ok I'll fix that.
>
> Ondrej - Does this work on RHEL-6. Checking just in case it fails so I
> can include any further fixes in next patch.
Yes, it passes on RHEL-6 now, thanks!
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
