Re: [PATCH v5 testsuite 07/15] test_policy.if: use term_use_all_ptys() instead of unconfined_devpts_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 12, 2020 at 3:56 PM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
> refpolicy does not define an unconfined_devpts_t type instead
> assigning user_devpts_t to unconfined ptys. Switch to using
> the refpolicy term_use_all_ptys() interface in the test policy
> to provide compatibility across both refpolicy and Fedora.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> v5 switches from direct use of ptynode to term_use_all_ptys().
>
>  policy/test_policy.if | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/policy/test_policy.if b/policy/test_policy.if
> index cefc8fb..e3c01c8 100644
> --- a/policy/test_policy.if
> +++ b/policy/test_policy.if
> @@ -29,7 +29,6 @@
>  interface(`unconfined_runs_test',`
>         gen_require(`
>                 type unconfined_t;
> -               type unconfined_devpts_t;
>                 role unconfined_r;
>         ')
>
> @@ -38,7 +37,7 @@ interface(`unconfined_runs_test',`
>         role unconfined_r types $1;
>        # Report back from the test domain to the caller.
>        allow $1 unconfined_t:fd use;
> -      allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr };
> +      term_use_all_ptys($1)
>        allow $1 unconfined_t:fifo_file { read write ioctl getattr };
>        allow $1 unconfined_t:process { sigchld };
>
> --
> 2.23.3
>

Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>

Thanks!

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux