RFE: ioctl: Test new ioctl whitelisting feature.

SELinuxProject / selinux-testsuite

This is the upstream SELinux testsuite which is designed as a basic set of regression tests for the SELinux kernel functionality.

GNU General Public License v2.0

54 stars 43 forks source link

RFE: ioctl: Test new ioctl whitelisting feature. #18

Closed stephensmalley closed 7 years ago

stephensmalley commented 7 years ago

This should now be possible since the policy.30 support is available in libsepol/checkpolicy and the kernel. Requires use of a CIL policy module to define ioctl whitelists, since we have not implemented support in the old binary module format and do not plan to do so.

stephensmalley commented 7 years ago

Resolved via b6e5e01a282582322185d67eb628569ac1a9f2dc. This relies on an extension to the binary module format to support ioctl xperms rather than using a CIL module.