Re: [PATCH] test_sctp.te: avoid use of corenet_sctp_bind_generic_node()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 29, 2020 at 9:28 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> RHEL-7 policy doesn't have it and we only check for
> corenet_sctp_bind_all_nodes() in the Makefile. Change the uses of
> corenet_sctp_bind_generic_node() to corenet_sctp_bind_all_nodes() to
> match the pattern used in the rest of the file.
>
> Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf client/server")
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
>  policy/test_sctp.te | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/policy/test_sctp.te b/policy/test_sctp.te
> index 793f451..363e3c5 100644
> --- a/policy/test_sctp.te
> +++ b/policy/test_sctp.te
> @@ -188,8 +188,8 @@ unconfined_runs_test(sctp_asconf_params_client_t)
>  typeattribute sctp_asconf_params_client_t testdomain;
>  typeattribute sctp_asconf_params_client_t sctpsocketdomain;
>  allow sctp_asconf_params_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt };
> +corenet_sctp_bind_all_nodes(sctp_asconf_params_client_t)
>  corenet_inout_generic_node(sctp_asconf_params_client_t)
> -corenet_sctp_bind_generic_node(sctp_asconf_params_client_t)
>  corenet_inout_generic_if(sctp_asconf_params_client_t)
>
>  # When running locally need this rule, else Client error 'Dynamic Address Reconfiguration'
> @@ -206,8 +206,8 @@ unconfined_runs_test(sctp_asconf_deny_pri_addr_client_t)
>  typeattribute sctp_asconf_deny_pri_addr_client_t testdomain;
>  typeattribute sctp_asconf_deny_pri_addr_client_t sctpsocketdomain;
>  allow sctp_asconf_deny_pri_addr_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt };
> +corenet_sctp_bind_all_nodes(sctp_asconf_deny_pri_addr_client_t)
>  corenet_inout_generic_node(sctp_asconf_deny_pri_addr_client_t)
> -corenet_sctp_bind_generic_node(sctp_asconf_deny_pri_addr_client_t)
>  corenet_inout_generic_if(sctp_asconf_deny_pri_addr_client_t)
>
>  # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY
> @@ -224,8 +224,8 @@ unconfined_runs_test(sctp_asconf_deny_param_add_client_t)
>  typeattribute sctp_asconf_deny_param_add_client_t testdomain;
>  typeattribute sctp_asconf_deny_param_add_client_t sctpsocketdomain;
>  allow sctp_asconf_deny_param_add_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt };
> +corenet_sctp_bind_all_nodes(sctp_asconf_deny_param_add_client_t)
>  corenet_inout_generic_node(sctp_asconf_deny_param_add_client_t)
> -corenet_sctp_bind_generic_node(sctp_asconf_deny_param_add_client_t)
>  corenet_inout_generic_if(sctp_asconf_deny_param_add_client_t)
>
>  # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY
> --
> 2.26.2
>

This is now applied:
https://github.com/SELinuxProject/selinux-testsuite/commit/4dcb6a552d538d0a16c78ad113a206949a8b1707

-- 
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux