diff mbox series

[testsuite,12/24] test_filesystem.te: remove redundant dontaudit rules

Message ID 20220729120229.207584-13-omosnace@redhat.com (mailing list archive)
State Superseded
Delegated to: Ondrej Mosnáček
Headers show
Series Clean up testsuite policy and support running as sysadm_t | expand

Commit Message

Ondrej Mosnacek July 29, 2022, 12:02 p.m. UTC 
These accesses should already be allowed to unconfined_t via
files_type().

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 policy/test_filesystem.te            | 2 --
 policy/test_filesystem_name_trans.te | 4 +---
 2 files changed, 1 insertion(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/policy/test_filesystem.te b/policy/test_filesystem.te
index 5de489c..4942e0d 100644
--- a/policy/test_filesystem.te
+++ b/policy/test_filesystem.te
@@ -57,7 +57,6 @@  allow test_filesystem_t test_filesystem_filecon_t:file { open read getattr relab
 fs_associate(test_filesystem_filetranscon_t)
 type_transition test_filesystem_t test_filesystem_file_t:file test_filesystem_filetranscon_t;
 allow test_filesystem_t test_filesystem_filetranscon_t:file { create getattr open write relabelfrom };
-dontaudit unconfined_t test_filesystem_filetranscon_t:file { getattr read };
 
 # For NFS
 type_transition test_filesystem_t test_file_t:file test_filesystem_filetranscon_t;
@@ -268,7 +267,6 @@  fs_associate(test_filesystem_inode_setxattr_no_associate_t)
 # Create test file
 allow test_filesystem_inode_setxattr_no_associate_t self:file { create relabelfrom relabelto };
 # neverallow unconfined_t test_filesystem_inode_setxattr_no_associate_t:filesystem { associate };
-dontaudit unconfined_t test_filesystem_filecon_t:file { getattr read };
 allow test_filesystem_inode_setxattr_no_associate_t unconfined_t:dir { add_name write };
 allow test_filesystem_inode_setxattr_no_associate_t unconfined_t:file { create relabelfrom relabelto };
 
diff --git a/policy/test_filesystem_name_trans.te b/policy/test_filesystem_name_trans.te
index 7e336e4..9956c07 100644
--- a/policy/test_filesystem_name_trans.te
+++ b/policy/test_filesystem_name_trans.te
@@ -12,12 +12,10 @@  files_type(test_filesystem_filenametranscon2_t)
 fs_associate(test_filesystem_filenametranscon1_t)
 type_transition test_filesystem_t test_filesystem_file_t:file test_filesystem_filenametranscon1_t "name_trans_test_file1";
 allow test_filesystem_t test_filesystem_filenametranscon1_t:file { create getattr open write };
-dontaudit unconfined_t test_filesystem_filenametranscon1_t:file { getattr read };
-#
+
 fs_associate(test_filesystem_filenametranscon2_t)
 type_transition test_filesystem_t test_filesystem_file_t:file test_filesystem_filenametranscon2_t "name_trans_test_file2";
 allow test_filesystem_t test_filesystem_filenametranscon2_t:file { create getattr open write };
-dontaudit unconfined_t test_filesystem_filenametranscon2_t:file { getattr read };
 
 ### NFS Rules ##########
 type_transition test_filesystem_t test_file_t:file test_filesystem_filenametranscon1_t "name_trans_test_file1";