On Thu, Oct 29, 2020 at 9:28 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> RHEL-7 policy doesn't have it and we only check for
> corenet_sctp_bind_all_nodes() in the Makefile. Change the uses of
> corenet_sctp_bind_generic_node() to corenet_sctp_bind_all_nodes() to
> match the pattern used in the rest of the file.
>
> Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf client/server")
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
> policy/test_sctp.te | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/policy/test_sctp.te b/policy/test_sctp.te
> index 793f451..363e3c5 100644
> --- a/policy/test_sctp.te
> +++ b/policy/test_sctp.te
> @@ -188,8 +188,8 @@ unconfined_runs_test(sctp_asconf_params_client_t)
> typeattribute sctp_asconf_params_client_t testdomain;
> typeattribute sctp_asconf_params_client_t sctpsocketdomain;
> allow sctp_asconf_params_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt };
> +corenet_sctp_bind_all_nodes(sctp_asconf_params_client_t)
> corenet_inout_generic_node(sctp_asconf_params_client_t)
> -corenet_sctp_bind_generic_node(sctp_asconf_params_client_t)
> corenet_inout_generic_if(sctp_asconf_params_client_t)
>
> # When running locally need this rule, else Client error 'Dynamic Address Reconfiguration'
> @@ -206,8 +206,8 @@ unconfined_runs_test(sctp_asconf_deny_pri_addr_client_t)
> typeattribute sctp_asconf_deny_pri_addr_client_t testdomain;
> typeattribute sctp_asconf_deny_pri_addr_client_t sctpsocketdomain;
> allow sctp_asconf_deny_pri_addr_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt };
> +corenet_sctp_bind_all_nodes(sctp_asconf_deny_pri_addr_client_t)
> corenet_inout_generic_node(sctp_asconf_deny_pri_addr_client_t)
> -corenet_sctp_bind_generic_node(sctp_asconf_deny_pri_addr_client_t)
> corenet_inout_generic_if(sctp_asconf_deny_pri_addr_client_t)
>
> # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY
> @@ -224,8 +224,8 @@ unconfined_runs_test(sctp_asconf_deny_param_add_client_t)
> typeattribute sctp_asconf_deny_param_add_client_t testdomain;
> typeattribute sctp_asconf_deny_param_add_client_t sctpsocketdomain;
> allow sctp_asconf_deny_param_add_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt };
> +corenet_sctp_bind_all_nodes(sctp_asconf_deny_param_add_client_t)
> corenet_inout_generic_node(sctp_asconf_deny_param_add_client_t)
> -corenet_sctp_bind_generic_node(sctp_asconf_deny_param_add_client_t)
> corenet_inout_generic_if(sctp_asconf_deny_param_add_client_t)
>
> # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY
> --
> 2.26.2
>
This is now applied:
https://github.com/SELinuxProject/selinux-testsuite/commit/4dcb6a552d538d0a16c78ad113a206949a8b1707
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
