tmt: stop adding nlmsg to the policy

It is now included in the stock Fedora selinux-policy. The policy
capability and extra rules still need to be enabled/added, though.

Signed-off-by: Ondrej Mosnacek <[email protected]>

Author: WOnder93

tmt/tests.fmf

@@ -42,23 +42,19 @@
         semodule -c -E base
         sed -i \
           -e 's/\((class system (ipc_info syslog_read syslog_mod syslog_console module_request module_load \)\(halt reboot status start stop enable disable reload undefined ))\)/\1firmware_load kexec_image_load kexec_initramfs_load policy_load x509_certificate_load \2/' \
-          -e 's/\((class netlink_[a-z0-9_]*_socket (\)\(nlmsg_read \)/\1nlmsg \2/' \
           base.cil
         echo "(policycap netlink_xperm)" >>base.cil
         # allow nlmsg to some system domains so that the system can boot
         for source in daemon initrc_domain systemprocess unconfined_domain_type sysadm_t; do
           echo "(allow $source self (netlink_route_socket (nlmsg)))" >>base.cil
-          echo "(allow $source self (netlink_firewall_socket (nlmsg)))" >>base.cil
           echo "(allow $source self (netlink_tcpdiag_socket (nlmsg)))" >>base.cil
           echo "(allow $source self (netlink_xfrm_socket (nlmsg)))" >>base.cil
           echo "(allow $source self (netlink_audit_socket (nlmsg)))" >>base.cil
-          echo "(allow $source self (netlink_ip6fw_socket (nlmsg)))" >>base.cil
         done
         semodule -X 456 -i base.cil
         rm -f base.cil
         sed -i.orig \
           -e 's/module_load /module_load firmware_load kexec_image_load kexec_initramfs_load policy_load x509_certificate_load /' \
-          -e 's/nlmsg_read /nlmsg nlmsg_read /' \
           /usr/share/selinux/devel/include/support/all_perms.spt
         ;;
       local)