On 1/30/20 2:07 PM, Richard Haines wrote:
Test watch_sb and watch_mount permissions. The policy is contained in test_filesystem_notify.te as it can then be built if the policy supports the permissions. Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Tested with and without the watch permissions defined in base.cil and all_perms.spt; everything worked as expected.
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
--- policy/Makefile | 3 ++ policy/test_filesystem.te | 15 ------- policy/test_filesystem_notify.te | 60 ++++++++++++++++++++++++++ tests/filesystem/Filesystem.pm | 6 +-- tests/filesystem/fanotify_fs.c | 18 ++++++-- tests/filesystem/test | 74 ++++++++++++++++++++++++++++++-- tests/fs_filesystem/test | 74 ++++++++++++++++++++++++++++++-- 7 files changed, 221 insertions(+), 29 deletions(-) create mode 100644 policy/test_filesystem_notify.te
[...]