On Tue, Mar 2, 2021 at 11:59 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > The system policy interfaces for things that require lockdown > permissions will likely grant those permissions, too, so we need to > open-code them. Thus, use tracefs/debugfs access to test lockdown, as > the interfaces for these are easier to open-code. > > With this patch, the lockdown test passes with latest Fedora policy in > Rawhide. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > defconfig | 5 +++++ > policy/test_lockdown.te | 16 ++++++++-------- > policy/test_policy.if | 17 +++++++++++++++++ > tests/lockdown/test | 21 +++++++++++++-------- > 4 files changed, 43 insertions(+), 16 deletions(-) Now merged: https://github.com/SELinuxProject/selinux-testsuite/commit/de8246f5c853814b1a005d762ce7831255ff6ed3 -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
