Skip to content
Snippets Groups Projects
Commit 4b60cc30 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Do not allow reading all directories for the CTS. 


The test gracefully handles unreadable directories, so
we do not need to allow this for all file types.

Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 33da6091
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 1 deletion
cts.te
+ 0
1
View file @ 4b60cc30
...@@ -16,7 +16,6 @@ dontaudit appdomain appdomain:dir r_dir_perms; ...@@ -16,7 +16,6 @@ dontaudit appdomain appdomain:dir r_dir_perms;
dontaudit appdomain appdomain:file r_file_perms; dontaudit appdomain appdomain:file r_file_perms;
# Walk the file tree, stat any file. # Walk the file tree, stat any file.
allow appdomain file_type:dir r_dir_perms;
allow appdomain fs_type:dir r_dir_perms; allow appdomain fs_type:dir r_dir_perms;
allow appdomain dev_type:dir r_dir_perms; allow appdomain dev_type:dir r_dir_perms;
allow appdomain file_type:dir_file_class_set getattr; allow appdomain file_type:dir_file_class_set getattr;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment