On Thu, Oct 29, 2020 at 9:28 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > RHEL-7 policy doesn't have it and we only check for > corenet_sctp_bind_all_nodes() in the Makefile. Change the uses of > corenet_sctp_bind_generic_node() to corenet_sctp_bind_all_nodes() to > match the pattern used in the rest of the file. > > Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf client/server") > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > policy/test_sctp.te | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/policy/test_sctp.te b/policy/test_sctp.te > index 793f451..363e3c5 100644 > --- a/policy/test_sctp.te > +++ b/policy/test_sctp.te > @@ -188,8 +188,8 @@ unconfined_runs_test(sctp_asconf_params_client_t) > typeattribute sctp_asconf_params_client_t testdomain; > typeattribute sctp_asconf_params_client_t sctpsocketdomain; > allow sctp_asconf_params_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; > +corenet_sctp_bind_all_nodes(sctp_asconf_params_client_t) > corenet_inout_generic_node(sctp_asconf_params_client_t) > -corenet_sctp_bind_generic_node(sctp_asconf_params_client_t) > corenet_inout_generic_if(sctp_asconf_params_client_t) > > # When running locally need this rule, else Client error 'Dynamic Address Reconfiguration' > @@ -206,8 +206,8 @@ unconfined_runs_test(sctp_asconf_deny_pri_addr_client_t) > typeattribute sctp_asconf_deny_pri_addr_client_t testdomain; > typeattribute sctp_asconf_deny_pri_addr_client_t sctpsocketdomain; > allow sctp_asconf_deny_pri_addr_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; > +corenet_sctp_bind_all_nodes(sctp_asconf_deny_pri_addr_client_t) > corenet_inout_generic_node(sctp_asconf_deny_pri_addr_client_t) > -corenet_sctp_bind_generic_node(sctp_asconf_deny_pri_addr_client_t) > corenet_inout_generic_if(sctp_asconf_deny_pri_addr_client_t) > > # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY > @@ -224,8 +224,8 @@ unconfined_runs_test(sctp_asconf_deny_param_add_client_t) > typeattribute sctp_asconf_deny_param_add_client_t testdomain; > typeattribute sctp_asconf_deny_param_add_client_t sctpsocketdomain; > allow sctp_asconf_deny_param_add_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; > +corenet_sctp_bind_all_nodes(sctp_asconf_deny_param_add_client_t) > corenet_inout_generic_node(sctp_asconf_deny_param_add_client_t) > -corenet_sctp_bind_generic_node(sctp_asconf_deny_param_add_client_t) > corenet_inout_generic_if(sctp_asconf_deny_param_add_client_t) > > # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY > -- > 2.26.2 > This is now applied: https://github.com/SELinuxProject/selinux-testsuite/commit/4dcb6a552d538d0a16c78ad113a206949a8b1707 -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.