This is necessary for resolving pathnames when running the testsuite
from a user home directory.
Reproducer:
1. Clone selinux-testsuite into home directory.
2. Try running it there.
Before:
inet_socket/tcp/test ........ Flag file open: Permission denied
(test hangs)
After:
all tests complete and pass
Fixes: 4dcea27ada77f51c2868095e951aab790374fba9 ("tests/inet_socket:
cover the MPTCP protocol")
Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
---
policy/test_inet_socket.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/test_inet_socket.te b/policy/test_inet_socket.te
index 47969fc..0eacb31 100644
--- a/policy/test_inet_socket.te
+++ b/policy/test_inet_socket.te
@@ -154,3 +154,6 @@ allow test_inet_client_t test_server_packet_t:packet { send recv };
# Send/recv unlabeled packets.
kernel_sendrecv_unlabeled_packets(inetsocketdomain)
kernel_recvfrom_unlabeled_peer(inetsocketdomain)
+
+# Search user home directories (for running testsuite from one)
+userdom_search_user_home_content(inetsocketdomain)
--
2.40.1
