On Tue, May 12, 2020 at 3:56 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > refpolicy does not define an unconfined_devpts_t type instead > assigning user_devpts_t to unconfined ptys. Switch to using > the refpolicy term_use_all_ptys() interface in the test policy > to provide compatibility across both refpolicy and Fedora. > > Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > v5 switches from direct use of ptynode to term_use_all_ptys(). > > policy/test_policy.if | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/policy/test_policy.if b/policy/test_policy.if > index cefc8fb..e3c01c8 100644 > --- a/policy/test_policy.if > +++ b/policy/test_policy.if > @@ -29,7 +29,6 @@ > interface(`unconfined_runs_test',` > gen_require(` > type unconfined_t; > - type unconfined_devpts_t; > role unconfined_r; > ') > > @@ -38,7 +37,7 @@ interface(`unconfined_runs_test',` > role unconfined_r types $1; > # Report back from the test domain to the caller. > allow $1 unconfined_t:fd use; > - allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr }; > + term_use_all_ptys($1) > allow $1 unconfined_t:fifo_file { read write ioctl getattr }; > allow $1 unconfined_t:process { sigchld }; > > -- > 2.23.3 > Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Thanks! -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.