diff --git a/selinux-policy/dhclient-and-similar/runtest.sh b/selinux-policy/dhclient-and-similar/runtest.sh index 4db364a..f8263b5 100755 --- a/selinux-policy/dhclient-and-similar/runtest.sh +++ b/selinux-policy/dhclient-and-similar/runtest.sh @@ -53,6 +53,7 @@ rlJournalStart sleep 2 rlPhaseEnd + if ! rlIsRHEL 8 ; then rlPhaseStartTest "bz#1897388" rlSEMatchPathCon "/usr/sbin/dhclient-script" "dhcpc_exec_t" rlSEMatchPathCon "/usr/bin/chronyc" "chronyc_exec_t" @@ -60,6 +61,7 @@ rlJournalStart rlSESearchRule "type_transition dhcpc_t chronyc_exec_t : process chronyc_t" rlSESearchRule "allow dhcpc_t chronyc_t : process { transition } [ ]" rlPhaseEnd + fi rlPhaseStartTest "real scenario" rlRun "dhclient" diff --git a/selinux-policy/nfsdcld-and-similar/runtest.sh b/selinux-policy/nfsdcld-and-similar/runtest.sh index 0fd7a54..5303eac 100755 --- a/selinux-policy/nfsdcld-and-similar/runtest.sh +++ b/selinux-policy/nfsdcld-and-similar/runtest.sh @@ -56,6 +56,7 @@ rlJournalStart sleep 2 rlPhaseEnd + if ! rlIsRHEL 8 ; then rlPhaseStartTest "bz#1834234" rlSEMatchPathCon "/usr/sbin/nfsdcld" "rpcd_exec_t" rlSESearchRule "allow init_t rpcd_exec_t : file { getattr open read execute } [ ]" @@ -63,6 +64,7 @@ rlJournalStart rlSESearchRule "allow init_t rpcd_t : process { transition } [ ]" rlSESearchRule "allow rpcd_t nfsd_fs_t : file { getattr open read } [ ]" rlPhaseEnd + fi rlPhaseStartTest "real scenario -- standalone service" rlRun "echo ${ROOT_PASSWORD} | passwd --stdin root" diff --git a/selinux-policy/pam_limits-and-related/runtest.sh b/selinux-policy/pam_limits-and-related/runtest.sh index d9c6a3e..cfc7036 100755 --- a/selinux-policy/pam_limits-and-related/runtest.sh +++ b/selinux-policy/pam_limits-and-related/runtest.sh @@ -52,6 +52,7 @@ rlJournalStart sleep 2 rlPhaseEnd + if ! rlIsRHEL 8 ; then rlPhaseStartTest "bz#1958819" rlSESearchRule "allow init_t guest_t : process2 { nnp_transition } [ ]" rlSESearchRule "allow init_t staff_t : process2 { nnp_transition } [ ]" @@ -60,6 +61,7 @@ rlJournalStart rlSESearchRule "allow init_t user_t : process2 { nnp_transition } [ ]" rlSESearchRule "allow init_t xguest_t : process2 { nnp_transition } [ ]" rlPhaseEnd + fi rlPhaseStartTest "real scenario -- confined users" rlRun "setsebool ssh_sysadm_login on" diff --git a/selinux-policy/systemd-modules-load-and-similar/runtest.sh b/selinux-policy/systemd-modules-load-and-similar/runtest.sh index 8d0adca..0bf4cf2 100755 --- a/selinux-policy/systemd-modules-load-and-similar/runtest.sh +++ b/selinux-policy/systemd-modules-load-and-similar/runtest.sh @@ -126,7 +126,9 @@ rlJournalStart rlRun "lsmod | grep rdma" rlRun "ausearch -m AVC -m USER_AVC --start $tst_Time" 1 rlRun "systemctl stop rdma-load-modules@rdma.service" - rlSESearchRule "allow systemd_modules_load_t systemd_modules_load_t : lockdown { confidentiality } [ ]" + if ! rlIsRHEL 8 ; then + rlSESearchRule "allow systemd_modules_load_t systemd_modules_load_t : lockdown { confidentiality } [ ]" + fi rlPhaseEnd rlPhaseStartCleanup diff --git a/selinux-policy/usbmuxd-and-similar/runtest.sh b/selinux-policy/usbmuxd-and-similar/runtest.sh index b94e525..f1d6c77 100755 --- a/selinux-policy/usbmuxd-and-similar/runtest.sh +++ b/selinux-policy/usbmuxd-and-similar/runtest.sh @@ -75,6 +75,7 @@ rlJournalStart rlSESearchRule "allow usbmuxd_t udev_var_run_t : file { getattr open read } [ ]" rlPhaseEnd + if ! rlIsRHEL 8 ; then rlPhaseStartTest "bz#1930992" rlSEMatchPathCon "/sys" "sysfs_t" rlSESearchRule "allow usbmuxd_t sysfs_t : filesystem { getattr } [ ]" @@ -91,6 +92,7 @@ rlJournalStart rlSESearchRule "dontaudit usbmuxd_t init_t : dir { search } [ ]" rlSESearchRule "dontaudit usbmuxd_t init_t : file { getattr open read ioctl } [ ]" rlPhaseEnd + fi rlPhaseStartTest "real scenario" rlRun "echo ${ROOT_PASSWORD} | passwd --stdin root"