diff mbox series

[testsuite,18/24] policy: don't audit testsuite programs searching the caller's keys

Message ID 20220729120229.207584-19-omosnace@redhat.com (mailing list archive)
State Superseded
Delegated to: Ondrej Mosnáček
Headers show
Series Clean up testsuite policy and support running as sysadm_t | expand

Commit Message

Ondrej Mosnacek July 29, 2022, 12:02 p.m. UTC
During the test such denials may occur. Since they don't affect testing,
prevent them from being audited to have a cleaner AVC log.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 policy/test_global.te | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/policy/test_global.te b/policy/test_global.te
index 91bddd8..7d399e6 100644
--- a/policy/test_global.te
+++ b/policy/test_global.te
@@ -66,6 +66,9 @@  optional_policy(`
 # Needed for domains outside domain_type()
 dontaudit testsuite_caller_domain testsuite_domain:process { noatsecure rlimitinh siginh };
 
+# keys test may trigger search AVCs for root's keys
+dontaudit testsuite_domain testsuite_caller_domain:key { search };
+
 # Allow the test domains to access the sysadm terminal.
 # This allows read and write sysadm ttys and ptys.
 term_use_all_terms(testsuite_domain)