diff mbox series

[testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls

Message ID 20241106154454.1703327-1-omosnace@redhat.com (mailing list archive)
State Accepted
Headers show
Series [testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls | expand

Commit Message

Ondrej Mosnacek Nov. 6, 2024, 3:44 p.m. UTC 
These are only needed when peer labeling is enabled, which is normally
true only in some parts of the testsuite, but nothing prevents it from
being enabled the whole time (either by configuration or policy
capability), so better add the missing rules.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 policy/test_sctp.te | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Ondrej Mosnacek Nov. 20, 2024, 12:48 p.m. UTC | #1 
On Wed, Nov 6, 2024 at 4:44 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> These are only needed when peer labeling is enabled, which is normally
> true only in some parts of the testsuite, but nothing prevents it from
> being enabled the whole time (either by configuration or policy
> capability), so better add the missing rules.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>  policy/test_sctp.te | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/policy/test_sctp.te b/policy/test_sctp.te
> index 8db84a3..fb057b9 100644
> --- a/policy/test_sctp.te
> +++ b/policy/test_sctp.te
> @@ -122,6 +122,7 @@ typeattribute test_sctp_connectx_t sctpsocketdomain;
>  allow test_sctp_connectx_t self:sctp_socket create_stream_socket_perms;
>  corenet_sctp_bind_all_nodes(test_sctp_connectx_t)
>  corenet_inout_generic_node(test_sctp_connectx_t)
> +corenet_inout_generic_if(test_sctp_connectx_t)
>
>  #
>  ############################# Deny Connectx #################################
> @@ -132,6 +133,7 @@ typeattribute test_sctp_deny_connectx_t sctpsocketdomain;
>  allow test_sctp_deny_connectx_t self:sctp_socket { create listen accept bind ioctl read getattr write getopt setopt };
>  corenet_sctp_bind_all_nodes(test_sctp_deny_connectx_t)
>  corenet_inout_generic_node(test_sctp_deny_connectx_t)
> +corenet_inout_generic_if(test_sctp_deny_connectx_t)
>
>  #
>  ############################## Bindx #####################################
> @@ -142,6 +144,7 @@ typeattribute test_sctp_bindx_t sctpsocketdomain;
>  allow test_sctp_bindx_t self:sctp_socket create_stream_socket_perms;
>  corenet_sctp_bind_all_nodes(test_sctp_bindx_t)
>  corenet_inout_generic_node(test_sctp_bindx_t)
> +corenet_inout_generic_if(test_sctp_bindx_t)
>
>  #
>  ############################## Deny Bindx ###################################
> @@ -152,6 +155,7 @@ typeattribute test_sctp_deny_bindx_t sctpsocketdomain;
>  allow test_sctp_deny_bindx_t self:sctp_socket { create ioctl read getattr write getopt setopt };
>  corenet_sctp_bind_all_nodes(test_sctp_deny_bindx_t)
>  corenet_inout_generic_node(test_sctp_deny_bindx_t)
> +corenet_inout_generic_if(test_sctp_deny_bindx_t)
>
>  #
>  ############################# ASCONF Server ##############################
> @@ -162,6 +166,7 @@ typeattribute sctp_asconf_params_server_t sctpsocketdomain;
>  allow sctp_asconf_params_server_t self:sctp_socket { create listen bind ioctl read getattr write getopt setopt };
>  corenet_sctp_bind_all_nodes(sctp_asconf_params_server_t)
>  corenet_inout_generic_node(sctp_asconf_params_server_t)
> +corenet_inout_generic_if(sctp_asconf_params_server_t)
>
>  #
>  ############################# ASCONF Client ##############################
> --
> 2.47.0
>

This patch is now applied:
https://github.com/SELinuxProject/selinux-testsuite/commit/000b2bf26254ff2607d3b13aba87ac2c998a2386
diff mbox series

Patch

diff --git a/policy/test_sctp.te b/policy/test_sctp.te
index 8db84a3..fb057b9 100644
--- a/policy/test_sctp.te
+++ b/policy/test_sctp.te
@@ -122,6 +122,7 @@  typeattribute test_sctp_connectx_t sctpsocketdomain;
 allow test_sctp_connectx_t self:sctp_socket create_stream_socket_perms;
 corenet_sctp_bind_all_nodes(test_sctp_connectx_t)
 corenet_inout_generic_node(test_sctp_connectx_t)
+corenet_inout_generic_if(test_sctp_connectx_t)
 
 #
 ############################# Deny Connectx #################################
@@ -132,6 +133,7 @@  typeattribute test_sctp_deny_connectx_t sctpsocketdomain;
 allow test_sctp_deny_connectx_t self:sctp_socket { create listen accept bind ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(test_sctp_deny_connectx_t)
 corenet_inout_generic_node(test_sctp_deny_connectx_t)
+corenet_inout_generic_if(test_sctp_deny_connectx_t)
 
 #
 ############################## Bindx #####################################
@@ -142,6 +144,7 @@  typeattribute test_sctp_bindx_t sctpsocketdomain;
 allow test_sctp_bindx_t self:sctp_socket create_stream_socket_perms;
 corenet_sctp_bind_all_nodes(test_sctp_bindx_t)
 corenet_inout_generic_node(test_sctp_bindx_t)
+corenet_inout_generic_if(test_sctp_bindx_t)
 
 #
 ############################## Deny Bindx ###################################
@@ -152,6 +155,7 @@  typeattribute test_sctp_deny_bindx_t sctpsocketdomain;
 allow test_sctp_deny_bindx_t self:sctp_socket { create ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(test_sctp_deny_bindx_t)
 corenet_inout_generic_node(test_sctp_deny_bindx_t)
+corenet_inout_generic_if(test_sctp_deny_bindx_t)
 
 #
 ############################# ASCONF Server ##############################
@@ -162,6 +166,7 @@  typeattribute sctp_asconf_params_server_t sctpsocketdomain;
 allow sctp_asconf_params_server_t self:sctp_socket { create listen bind ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(sctp_asconf_params_server_t)
 corenet_inout_generic_node(sctp_asconf_params_server_t)
+corenet_inout_generic_if(sctp_asconf_params_server_t)
 
 #
 ############################# ASCONF Client ##############################