| Message ID | 20201029082824.1328401-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | test_sctp.te: avoid use of corenet_sctp_bind_generic_node() | expand |
On Thu, Oct 29, 2020 at 9:28 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > RHEL-7 policy doesn't have it and we only check for > corenet_sctp_bind_all_nodes() in the Makefile. Change the uses of > corenet_sctp_bind_generic_node() to corenet_sctp_bind_all_nodes() to > match the pattern used in the rest of the file. > > Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf client/server") > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > policy/test_sctp.te | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/policy/test_sctp.te b/policy/test_sctp.te > index 793f451..363e3c5 100644 > --- a/policy/test_sctp.te > +++ b/policy/test_sctp.te > @@ -188,8 +188,8 @@ unconfined_runs_test(sctp_asconf_params_client_t) > typeattribute sctp_asconf_params_client_t testdomain; > typeattribute sctp_asconf_params_client_t sctpsocketdomain; > allow sctp_asconf_params_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; > +corenet_sctp_bind_all_nodes(sctp_asconf_params_client_t) > corenet_inout_generic_node(sctp_asconf_params_client_t) > -corenet_sctp_bind_generic_node(sctp_asconf_params_client_t) > corenet_inout_generic_if(sctp_asconf_params_client_t) > > # When running locally need this rule, else Client error 'Dynamic Address Reconfiguration' > @@ -206,8 +206,8 @@ unconfined_runs_test(sctp_asconf_deny_pri_addr_client_t) > typeattribute sctp_asconf_deny_pri_addr_client_t testdomain; > typeattribute sctp_asconf_deny_pri_addr_client_t sctpsocketdomain; > allow sctp_asconf_deny_pri_addr_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; > +corenet_sctp_bind_all_nodes(sctp_asconf_deny_pri_addr_client_t) > corenet_inout_generic_node(sctp_asconf_deny_pri_addr_client_t) > -corenet_sctp_bind_generic_node(sctp_asconf_deny_pri_addr_client_t) > corenet_inout_generic_if(sctp_asconf_deny_pri_addr_client_t) > > # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY > @@ -224,8 +224,8 @@ unconfined_runs_test(sctp_asconf_deny_param_add_client_t) > typeattribute sctp_asconf_deny_param_add_client_t testdomain; > typeattribute sctp_asconf_deny_param_add_client_t sctpsocketdomain; > allow sctp_asconf_deny_param_add_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; > +corenet_sctp_bind_all_nodes(sctp_asconf_deny_param_add_client_t) > corenet_inout_generic_node(sctp_asconf_deny_param_add_client_t) > -corenet_sctp_bind_generic_node(sctp_asconf_deny_param_add_client_t) > corenet_inout_generic_if(sctp_asconf_deny_param_add_client_t) > > # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY > -- > 2.26.2 > This is now applied: https://github.com/SELinuxProject/selinux-testsuite/commit/4dcb6a552d538d0a16c78ad113a206949a8b1707
diff --git a/policy/test_sctp.te b/policy/test_sctp.te index 793f451..363e3c5 100644 --- a/policy/test_sctp.te +++ b/policy/test_sctp.te @@ -188,8 +188,8 @@ unconfined_runs_test(sctp_asconf_params_client_t) typeattribute sctp_asconf_params_client_t testdomain; typeattribute sctp_asconf_params_client_t sctpsocketdomain; allow sctp_asconf_params_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; +corenet_sctp_bind_all_nodes(sctp_asconf_params_client_t) corenet_inout_generic_node(sctp_asconf_params_client_t) -corenet_sctp_bind_generic_node(sctp_asconf_params_client_t) corenet_inout_generic_if(sctp_asconf_params_client_t) # When running locally need this rule, else Client error 'Dynamic Address Reconfiguration' @@ -206,8 +206,8 @@ unconfined_runs_test(sctp_asconf_deny_pri_addr_client_t) typeattribute sctp_asconf_deny_pri_addr_client_t testdomain; typeattribute sctp_asconf_deny_pri_addr_client_t sctpsocketdomain; allow sctp_asconf_deny_pri_addr_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; +corenet_sctp_bind_all_nodes(sctp_asconf_deny_pri_addr_client_t) corenet_inout_generic_node(sctp_asconf_deny_pri_addr_client_t) -corenet_sctp_bind_generic_node(sctp_asconf_deny_pri_addr_client_t) corenet_inout_generic_if(sctp_asconf_deny_pri_addr_client_t) # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY @@ -224,8 +224,8 @@ unconfined_runs_test(sctp_asconf_deny_param_add_client_t) typeattribute sctp_asconf_deny_param_add_client_t testdomain; typeattribute sctp_asconf_deny_param_add_client_t sctpsocketdomain; allow sctp_asconf_deny_param_add_client_t self:sctp_socket { create connect ioctl read getattr write getopt setopt }; +corenet_sctp_bind_all_nodes(sctp_asconf_deny_param_add_client_t) corenet_inout_generic_node(sctp_asconf_deny_param_add_client_t) -corenet_sctp_bind_generic_node(sctp_asconf_deny_param_add_client_t) corenet_inout_generic_if(sctp_asconf_deny_param_add_client_t) # net/sctp/sm_make_chunk.c sctp_process_asconf_param() SCTP_PARAM_ADD_IP and SCTP_PARAM_SET_PRIMARY
RHEL-7 policy doesn't have it and we only check for corenet_sctp_bind_all_nodes() in the Makefile. Change the uses of corenet_sctp_bind_generic_node() to corenet_sctp_bind_all_nodes() to match the pattern used in the rest of the file. Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf client/server") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- policy/test_sctp.te | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)