Skip to content
Snippets Groups Projects
Commit a019e4f1 authored by Stephen Smalley's avatar Stephen Smalley Committed by repo sync
Browse files

Do not allow reading all directories for the CTS. 


The test gracefully handles unreadable directories, so
we do not need to allow this for all file types.

Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 0e856a02
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 1 deletion
cts.te
+ 0
1
View file @ a019e4f1
...@@ -16,7 +16,6 @@ dontaudit appdomain appdomain:dir r_dir_perms; ...@@ -16,7 +16,6 @@ dontaudit appdomain appdomain:dir r_dir_perms;
dontaudit appdomain appdomain:file r_file_perms; dontaudit appdomain appdomain:file r_file_perms;
# Walk the file tree, stat any file. # Walk the file tree, stat any file.
allow appdomain file_type:dir r_dir_perms;
allow appdomain fs_type:dir r_dir_perms; allow appdomain fs_type:dir r_dir_perms;
allow appdomain dev_type:dir r_dir_perms; allow appdomain dev_type:dir r_dir_perms;
allow appdomain file_type:dir_file_class_set getattr; allow appdomain file_type:dir_file_class_set getattr;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment