The commit referenced below disables the test_userfaultfd.te policy when
the anon_inode class is not defined in the system policy, but doesn't
disable the test itself in this situation. Thus, on distros that don't
define the class the test might be run and fail.
Fix this by adding the same condition to tests/Makefile.
Fixes: 2b6ea9d2bc96 ("policy: remove CIL workarounds for missing anon_inode class")
Reported-by: Dennis (Zhuoheng) Li <denli@xxxxxxxxxx>
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
tests/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/Makefile b/tests/Makefile
index 8abd438..f473111 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -134,10 +134,12 @@ endif
endif
ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true)
+ifeq ($(shell grep -q anon_inode $(POLDEV)/include/support/all_perms.spt && echo true),true)
ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true)
SUBDIRS += userfaultfd
endif
endif
+endif
ifeq ($(shell grep -q vsock_socket $(POLDEV)/include/support/all_perms.spt && echo true),true)
ifeq ($(shell grep -qs VMADDR_CID_LOCAL $(INCLUDEDIR)/linux/vm_sockets.h && echo true),true)
--
2.37.2
