From 4b60cc3033d0dfdc5955a55bd8d671aca04caa65 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 4 Apr 2013 11:52:54 -0400
Subject: [PATCH] Do not allow reading all directories for the CTS.

The test gracefully handles unreadable directories, so
we do not need to allow this for all file types.

Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 cts.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cts.te b/cts.te
index 8ae62daf5..8f21ddac6 100644
--- a/cts.te
+++ b/cts.te
@@ -16,7 +16,6 @@ dontaudit appdomain appdomain:dir r_dir_perms;
 dontaudit appdomain appdomain:file r_file_perms;
 
 # Walk the file tree, stat any file.
-allow appdomain file_type:dir r_dir_perms;
 allow appdomain fs_type:dir r_dir_perms;
 allow appdomain dev_type:dir r_dir_perms;
 allow appdomain file_type:dir_file_class_set getattr;
-- 
GitLab