On Tue, May 12, 2020 at 3:56 PM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
> refpolicy does not define an unconfined_devpts_t type instead
> assigning user_devpts_t to unconfined ptys. Switch to using
> the refpolicy term_use_all_ptys() interface in the test policy
> to provide compatibility across both refpolicy and Fedora.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> v5 switches from direct use of ptynode to term_use_all_ptys().
>
> policy/test_policy.if | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/policy/test_policy.if b/policy/test_policy.if
> index cefc8fb..e3c01c8 100644
> --- a/policy/test_policy.if
> +++ b/policy/test_policy.if
> @@ -29,7 +29,6 @@
> interface(`unconfined_runs_test',`
> gen_require(`
> type unconfined_t;
> - type unconfined_devpts_t;
> role unconfined_r;
> ')
>
> @@ -38,7 +37,7 @@ interface(`unconfined_runs_test',`
> role unconfined_r types $1;
> # Report back from the test domain to the caller.
> allow $1 unconfined_t:fd use;
> - allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr };
> + term_use_all_ptys($1)
> allow $1 unconfined_t:fifo_file { read write ioctl getattr };
> allow $1 unconfined_t:process { sigchld };
>
> --
> 2.23.3
>
Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Thanks!
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
