On Mon, Sep 9, 2024 at 5:02 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > When the curret directory is a symlink to the actual selinux-testsuite s/curret/current/ > directory, running ./tools/nfs.sh would fail at nfs_filesystem/test due > to missing policy rules. Add the necessary rules so that it can pass > also in this scenario. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Otherwise, Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > policy/test_filesystem.te | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/policy/test_filesystem.te b/policy/test_filesystem.te > index efe1f4d..f60b0c8 100644 > --- a/policy/test_filesystem.te > +++ b/policy/test_filesystem.te > @@ -31,6 +31,7 @@ allow test_filesystem_t test_file_t:dir { add_name mounton read write remove_nam > # Create test file > allow test_filesystem_t test_filesystem_file_t:dir { read add_name write search mounton }; > allow test_filesystem_t test_filesystem_file_t:file { open getattr create read write relabelfrom relabelto }; > +allow test_filesystem_t test_filesystem_file_t:lnk_file { read }; > > fs_mount_all_fs(test_filesystem_t) > fs_remount_all_fs(test_filesystem_t) > @@ -44,6 +45,7 @@ fs_getattr_xattr_fs(test_filesystem_t) > > # Required when running the tests on a labeled NFS mount. > fs_getattr_nfs(test_filesystem_t) > +fs_read_nfs_symlinks(test_filesystem_t) > > # Update quotas > fs_set_all_quotas(test_filesystem_t) > -- > 2.46.0 >