diff mbox series

[testsuite,13/24] test_filesystem.te: remove suspicious rules

Message ID 20220729120229.207584-14-omosnace@redhat.com (mailing list archive)
State Superseded
Delegated to: Ondrej Mosnáček
Headers show
Series Clean up testsuite policy and support running as sysadm_t | expand

Commit Message

Ondrej Mosnacek July 29, 2022, 12:02 p.m. UTC 
These don't seem to make sense. Get rid of them.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 policy/test_filesystem.te | 6 ------
 1 file changed, 6 deletions(-)
diff mbox series

Patch

diff --git a/policy/test_filesystem.te b/policy/test_filesystem.te
index 4942e0d..d8c5c51 100644
--- a/policy/test_filesystem.te
+++ b/policy/test_filesystem.te
@@ -126,7 +126,6 @@  fs_getattr_xattr_fs(test_filesystem_may_create_no_associate_t)
 # Create test file
 # neverallow unlabeled_t test_filesystem_may_create_no_associate_t:filesystem { associate };
 allow test_filesystem_may_create_no_associate_t self:file { create relabelfrom relabelto };
-allow test_filesystem_may_create_no_associate_t unconfined_t:file { open read write };
 allow test_filesystem_may_create_no_associate_t unlabeled_t:dir { add_name search write };
 allow test_filesystem_may_create_no_associate_t unlabeled_t:file { create open relabelfrom write };
 
@@ -266,9 +265,6 @@  fs_associate(test_filesystem_inode_setxattr_no_associate_t)
 
 # Create test file
 allow test_filesystem_inode_setxattr_no_associate_t self:file { create relabelfrom relabelto };
-# neverallow unconfined_t test_filesystem_inode_setxattr_no_associate_t:filesystem { associate };
-allow test_filesystem_inode_setxattr_no_associate_t unconfined_t:dir { add_name write };
-allow test_filesystem_inode_setxattr_no_associate_t unconfined_t:file { create relabelfrom relabelto };
 
 ################# Test process { setfscreate } #############
 type test_setfscreatecon_t;
@@ -357,7 +353,6 @@  allow test_filesystem_sb_relabel_no_relabelfrom_t self:filesystem { mount relabe
 allow test_filesystem_sb_relabel_no_relabelfrom_t self:filesystem { mount };
 
 allow test_filesystem_may_create_no_associate_t nfs_t:filesystem { associate };
-allow test_filesystem_may_create_no_associate_t unconfined_t:file { getattr relabelto };
 allow test_filesystem_may_create_no_associate_t test_file_t:dir { add_name };
 allow test_filesystem_may_create_no_associate_t test_file_t:file { create write relabelfrom };
 allow test_filesystem_may_create_no_associate_t test_filesystem_file_t:filesystem { mount unmount relabelto };
@@ -365,7 +360,6 @@  allow test_file_t test_filesystem_may_create_no_associate_t:filesystem { associa
 allow unconfined_t test_filesystem_may_create_no_associate_t:filesystem { getattr mount relabelto unmount };
 # neverallow unconfined_t test_filesystem_may_create_no_associate_t:filesystem { associate };
 
-allow test_filesystem_inode_setxattr_no_associate_t unconfined_t:file { getattr open read write };
 allow test_filesystem_inode_setxattr_no_associate_t nfs_t:filesystem { associate };
 allow test_filesystem_inode_setxattr_no_associate_t test_file_t:dir { add_name };
 allow test_filesystem_inode_setxattr_no_associate_t test_file_t:file { create relabelfrom write };