From: <mva...@re...> - 2011-10-27 21:52:27
|
From: Ondrej Moris <om...@re...> Signed-off-by: Ondrej Moris <om...@re...> --- audit/README.run | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/audit/README.run b/audit/README.run index 99106b8..e990437 100644 --- a/audit/README.run +++ b/audit/README.run @@ -85,6 +85,9 @@ directory. Set the directory permissions appropriately to allow the tests to be built and run: # chown -R root:root /usr/local/eal4_testing +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 {} \; +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 {} \; +# find /usr/local/eal4_testing -type f -not -executable -exec chmod 644 {} \; Build ----- -- 1.7.1 |
From: <mva...@re...> - 2011-10-27 21:52:27
|
From: Ondrej Moris <om...@re...> Signed-off-by: Ondrej Moris <om...@re...> --- audit/kvm-iommu/run.conf | 55 +++++++++++++++++++++++++++++---------------- 1 files changed, 35 insertions(+), 20 deletions(-) diff --git a/audit/kvm-iommu/run.conf b/audit/kvm-iommu/run.conf index 5d2bd96..d5c0396 100644 --- a/audit/kvm-iommu/run.conf +++ b/audit/kvm-iommu/run.conf @@ -41,28 +41,43 @@ run_test() { return $status } -# Positive tests for basic sanity -+ pci_passthrough sanity_attach_after_boot -+ pci_passthrough sanity_attach_on_boot -+ pci_passthrough sanity_detach_1 -+ pci_passthrough sanity_detach_2 +# If PPROFILE isn't set, set it based on the policy we're running. +if [[ $PPROFILE != capp && $PPROFILE != lspp ]] ; then + if sestatus | grep -q mls ; then + export PPROFILE=lspp + else + export PPROFILE=capp + fi +fi -# Negative tests on a single guest domain -+ pci_passthrough simple_double_attach -+ pci_passthrough simple_double_detach +# Run these tests in CAPP and LSPP +if [[ $PPROFILE == capp || $PPROFILE == lspp ]]; then + # Positive tests for basic sanity + + pci_passthrough sanity_attach_after_boot + + pci_passthrough sanity_attach_on_boot + + pci_passthrough sanity_detach_1 + + pci_passthrough sanity_detach_2 -# Negative tests on two guest domain -+ pci_passthrough shared_attach_on_boot -+ pci_passthrough shared_attach_used -+ pci_passthrough shared_detach_used + # Negative tests on a single guest domain + + pci_passthrough simple_double_attach + + pci_passthrough simple_double_detach -# USB PT attach tests -+ usb_passthrough sanity_attach_after_boot -+ usb_passthrough sanity_attach_on_boot + # Negative tests on two guest domain + + pci_passthrough shared_attach_on_boot + + pci_passthrough shared_attach_used + + pci_passthrough shared_detach_used -# USB PT detach tests -+ usb_passthrough sanity_detach_1 -+ usb_passthrough sanity_detach_2 + # USB PT attach tests + + usb_passthrough sanity_attach_after_boot + + usb_passthrough sanity_attach_on_boot -# USB PT dynamic attach test -+ usb_passthrough dynamic_attach_on_boot + # USB PT detach tests + + usb_passthrough sanity_detach_1 + + usb_passthrough sanity_detach_2 +fi + +# Run these tests only in CAPP +if [[ $PPROFILE == capp ]]; then + # USB PT dynamic attach test + + usb_passthrough dynamic_attach_on_boot +fi -- 1.7.1 |
From: <mva...@re...> - 2011-10-27 21:52:28
|
From: Ondrej Moris <om...@re...> Signed-off-by: Ondrej Moris <om...@re...> --- audit/kvm/run.conf | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/audit/kvm/run.conf b/audit/kvm/run.conf index a03137b..ba33972 100644 --- a/audit/kvm/run.conf +++ b/audit/kvm/run.conf @@ -33,7 +33,7 @@ function kvm_install { rm -f /var/lib/libvirt/images/$i.img qemu-img create /var/lib/libvirt/images/$1.img ${disksize}G - chown -R qemu. /var/lib/libvbirt/images/ + chown -R qemu. /var/lib/libvirt/images/ restorecon -R /var/lib/libvirt/images/ virt-install --name $1 \ @@ -60,7 +60,7 @@ function kvm_install_kickstart { rm -f /var/lib/libvirt/images/$i.img qemu-img create /var/lib/libvirt/images/$1.img ${disksize}G - chown -R qemu. /var/lib/libvbirt/images/ + chown -R qemu. /var/lib/libvirt/images/ restorecon -R /var/lib/libvirt/images/ virt-install --name $1 \ -- 1.7.1 |
From: <mva...@re...> - 2011-10-27 21:52:30
|
From: Ondrej Moris <om...@re...> Signed-off-by: Ondrej Moris <om...@re...> --- audit/ltp/README_ltp | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/audit/ltp/README_ltp b/audit/ltp/README_ltp index c3183a1..47cc1f3 100644 --- a/audit/ltp/README_ltp +++ b/audit/ltp/README_ltp @@ -8,7 +8,7 @@ directory "ltp" to the designated locations as shown below. cc_ospp.sh -> ltp/testscripts/cc_ospp.sh cc_commands -> ltp/runtest/cc_commands -ssh03 -> ltp/testcases/network/tcp_cmds/ssh03 +ssh03 -> ltp/testcases/network/tcp_cmds/ssh/ssh03 su01 -> ltp/testcases/commands/su/su01 create tarball of the ltp tree -- 1.7.1 |
From: Miroslav V. <mva...@re...> - 2011-10-27 21:56:36
|
I pulled in these patches that fix various small issues. I hope the README.run change is ok for everyone. If any objection please let me know. This solution solves the issues with incorrect permissions on test files for me. ----- Original Message ----- > From: Ondrej Moris <om...@re...> > > > Signed-off-by: Ondrej Moris <om...@re...> > --- > audit/README.run | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/audit/README.run b/audit/README.run > index 99106b8..e990437 100644 > --- a/audit/README.run > +++ b/audit/README.run > @@ -85,6 +85,9 @@ directory. > Set the directory permissions appropriately to allow the tests to be > built > and run: > # chown -R root:root /usr/local/eal4_testing > +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 > {} \; > +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 > {} \; > +# find /usr/local/eal4_testing -type f -not -executable -exec chmod > 644 {} \; > > Build > ----- > -- > 1.7.1 > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more > rapidly. > Take a complimentary Learning@Cisco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer > |
From: Linda K. <lin...@hp...> - 2011-10-31 19:35:01
|
I'm curious about this patch and why these steps are necessary. I have never needed to do them. I don't even do the chown. Does anyone else have to? If so, I wonder if its related to how we populate the /usr/local/eal4_testing directory. I always do a 'make dist' at the top of my git tree (as me) and then untar the tarball into the target directory as root. The README was originally drafted when we were using CVS and had a master tarball that a bunch of testers used. Now that we're using git, perhaps we should update the instructions to start with cloning the git tree and creating the tarball? I can do that if it will help. -- ljk mva...@re... wrote: > From: Ondrej Moris <om...@re...> > > > Signed-off-by: Ondrej Moris <om...@re...> > --- > audit/README.run | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/audit/README.run b/audit/README.run > index 99106b8..e990437 100644 > --- a/audit/README.run > +++ b/audit/README.run > @@ -85,6 +85,9 @@ directory. > Set the directory permissions appropriately to allow the tests to be built > and run: > # chown -R root:root /usr/local/eal4_testing > +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 {} \; > +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 {} \; > +# find /usr/local/eal4_testing -type f -not -executable -exec chmod 644 {} \; > > Build > ----- |
From: Linda K. <lin...@hp...> - 2011-10-31 23:19:32
|
Linda Knippers wrote: > I'm curious about this patch and why these steps are necessary. > I have never needed to do them. I don't even do the chown. > Does anyone else have to? After sending this mail, I updated my git tree and then installed and ran the tests. I hit a permissions problem and in looking back over the README.run file, I noticed that I had skipped the step to relabel the tests with this: # make -C utils/selinux-policy relabel verify Once I did that, all was well again. Of course, that only explains problems due to labels and your chmod's are for DAC permissions, so perhaps there is still something different about what we're doing? -- ljk > > If so, I wonder if its related to how we populate the /usr/local/eal4_testing > directory. I always do a 'make dist' at the top of my git tree (as me) and then untar > the tarball into the target directory as root. > > The README was originally drafted when we were using CVS and had a master tarball > that a bunch of testers used. Now that we're using git, perhaps we should update > the instructions to start with cloning the git tree and creating the tarball? > I can do that if it will help. > > -- ljk > > mva...@re... wrote: >> From: Ondrej Moris <om...@re...> >> >> >> Signed-off-by: Ondrej Moris <om...@re...> >> --- >> audit/README.run | 3 +++ >> 1 files changed, 3 insertions(+), 0 deletions(-) >> >> diff --git a/audit/README.run b/audit/README.run >> index 99106b8..e990437 100644 >> --- a/audit/README.run >> +++ b/audit/README.run >> @@ -85,6 +85,9 @@ directory. >> Set the directory permissions appropriately to allow the tests to be built >> and run: >> # chown -R root:root /usr/local/eal4_testing >> +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 {} \; >> +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 {} \; >> +# find /usr/local/eal4_testing -type f -not -executable -exec chmod 644 {} \; >> >> Build >> ----- > > > ------------------------------------------------------------------------------ > Get your Android app more play: Bring it to the BlackBerry PlayBook > in minutes. BlackBerry App World™ now supports Android™ Apps > for the BlackBerry® PlayBook™. Discover just how easy and simple > it is! http://p.sf.net/sfu/android-dev2dev > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer |
From: Miroslav V. <mva...@re...> - 2011-11-01 09:37:11
|
Hi Linda, I think this is needed because the umask is set to 027. Can you confirm you have this umask set on your box? When I do git clone I end up with 750/640 permissions on all files. This makes the syscalls test failing as they expect 755/644 on all files. # git clone git://audit-test.git.sourceforge.net/gitroot/audit-test/audit-test # cd audit-test/audit # ll total 160 -rw-r-----. 1 root root 959 Nov 1 06:31 audit-test.spec drwxr-x---. 3 root root 4096 Nov 1 06:31 audit-tools drwxr-x---. 2 root root 4096 Nov 1 06:31 audit-trail-protection -rw-r-----. 1 root root 17990 Nov 1 06:31 COPYRIGHT drwxr-x---. 3 root root 4096 Nov 1 06:31 crypto drwxr-x---. 2 root root 4096 Nov 1 06:31 docs drwxr-x---. 3 root root 4096 Nov 1 06:31 fail-safe drwxr-x---. 3 root root 4096 Nov 1 06:31 filter drwxr-x---. 2 root root 4096 Nov 1 06:31 kvm [snip] I hope I'm right here :) Regards, /M On 11/01/2011 12:16 AM, Linda Knippers wrote: > Linda Knippers wrote: >> I'm curious about this patch and why these steps are necessary. >> I have never needed to do them. I don't even do the chown. >> Does anyone else have to? > > After sending this mail, I updated my git tree and then installed and > ran the tests. I hit a permissions problem and in looking back over > the README.run file, I noticed that I had skipped the step to relabel > the tests with this: > > # make -C utils/selinux-policy relabel verify > > Once I did that, all was well again. Of course, that only explains problems > due to labels and your chmod's are for DAC permissions, so perhaps there is > still something different about what we're doing? > > -- ljk > >> >> If so, I wonder if its related to how we populate the /usr/local/eal4_testing >> directory. I always do a 'make dist' at the top of my git tree (as me) and then untar >> the tarball into the target directory as root. >> >> The README was originally drafted when we were using CVS and had a master tarball >> that a bunch of testers used. Now that we're using git, perhaps we should update >> the instructions to start with cloning the git tree and creating the tarball? >> I can do that if it will help. >> >> -- ljk >> >> mva...@re... wrote: >>> From: Ondrej Moris<om...@re...> >>> >>> >>> Signed-off-by: Ondrej Moris<om...@re...> >>> --- >>> audit/README.run | 3 +++ >>> 1 files changed, 3 insertions(+), 0 deletions(-) >>> >>> diff --git a/audit/README.run b/audit/README.run >>> index 99106b8..e990437 100644 >>> --- a/audit/README.run >>> +++ b/audit/README.run >>> @@ -85,6 +85,9 @@ directory. >>> Set the directory permissions appropriately to allow the tests to be built >>> and run: >>> # chown -R root:root /usr/local/eal4_testing >>> +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 {} \; >>> +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 {} \; >>> +# find /usr/local/eal4_testing -type f -not -executable -exec chmod 644 {} \; >>> >>> Build >>> ----- >> >> >> ------------------------------------------------------------------------------ >> Get your Android app more play: Bring it to the BlackBerry PlayBook >> in minutes. BlackBerry App World™ now supports Android™ Apps >> for the BlackBerry® PlayBook™. Discover just how easy and simple >> it is! http://p.sf.net/sfu/android-dev2dev >> _______________________________________________ >> Audit-test-developer mailing list >> Aud...@li... >> https://lists.sourceforge.net/lists/listinfo/audit-test-developer > -- Miroslav Vadkerti :: QA Engineer / RHCE :: BaseOS QE - Security IRC mvadkert at #qe #urt #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Phone +420 532 294 129 :: CZ +420 775 039 842 :: SK +421 904 135 440 Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic |
From: Linda K. <lin...@hp...> - 2011-11-01 14:29:25
|
Hi Miro, Miroslav Vadkerti wrote: > Hi Linda, > > I think this is needed because the umask is set to 027. Can you > confirm you have this umask set on your box? > > When I do git clone I end up with 750/640 permissions on all files. > This makes the syscalls test failing as they expect 755/644 on all files. > > # git clone > git://audit-test.git.sourceforge.net/gitroot/audit-test/audit-test > # cd audit-test/audit > # ll > total 160 > -rw-r-----. 1 root root 959 Nov 1 06:31 audit-test.spec > drwxr-x---. 3 root root 4096 Nov 1 06:31 audit-tools > drwxr-x---. 2 root root 4096 Nov 1 06:31 audit-trail-protection > -rw-r-----. 1 root root 17990 Nov 1 06:31 COPYRIGHT > drwxr-x---. 3 root root 4096 Nov 1 06:31 crypto > drwxr-x---. 2 root root 4096 Nov 1 06:31 docs > drwxr-x---. 3 root root 4096 Nov 1 06:31 fail-safe > drwxr-x---. 3 root root 4096 Nov 1 06:31 filter > drwxr-x---. 2 root root 4096 Nov 1 06:31 kvm > [snip] > > I hope I'm right here :) Yes, you're right up to that point. That's what I see as well. I think the difference is with how we're moving the tests from the git tree to the /usr/local/eal4_testing area. I use 'make dist' at the top of the tree, which creates a tarball, that I then untar into the test area. It puts things in an audit-test directory, rather than an audit directory, and before creating the tarball, the makefile does a chmod on the files. That's why I don't need the extra steps. It works just as well if you use a git tree on a development system and just copy the tarball to the TOE. Since I'd like this to be as automated as possible, would it be better if I updated the README.run to include the steps of cloning the git tree, building the tarball and populating the test area? The 'make dist' part is currently undocumented, which is unfortunate since both you and Jim have hit this problem. -- ljk > > Regards, > /M > > On 11/01/2011 12:16 AM, Linda Knippers wrote: >> Linda Knippers wrote: >>> I'm curious about this patch and why these steps are necessary. >>> I have never needed to do them. I don't even do the chown. >>> Does anyone else have to? >> >> After sending this mail, I updated my git tree and then installed and >> ran the tests. I hit a permissions problem and in looking back over >> the README.run file, I noticed that I had skipped the step to relabel >> the tests with this: >> >> # make -C utils/selinux-policy relabel verify >> >> Once I did that, all was well again. Of course, that only explains >> problems >> due to labels and your chmod's are for DAC permissions, so perhaps >> there is >> still something different about what we're doing? >> >> -- ljk >> >>> >>> If so, I wonder if its related to how we populate the >>> /usr/local/eal4_testing >>> directory. I always do a 'make dist' at the top of my git tree (as >>> me) and then untar >>> the tarball into the target directory as root. >>> >>> The README was originally drafted when we were using CVS and had a >>> master tarball >>> that a bunch of testers used. Now that we're using git, perhaps we >>> should update >>> the instructions to start with cloning the git tree and creating the >>> tarball? >>> I can do that if it will help. >>> >>> -- ljk >>> >>> mva...@re... wrote: >>>> From: Ondrej Moris<om...@re...> >>>> >>>> >>>> Signed-off-by: Ondrej Moris<om...@re...> >>>> --- >>>> audit/README.run | 3 +++ >>>> 1 files changed, 3 insertions(+), 0 deletions(-) >>>> >>>> diff --git a/audit/README.run b/audit/README.run >>>> index 99106b8..e990437 100644 >>>> --- a/audit/README.run >>>> +++ b/audit/README.run >>>> @@ -85,6 +85,9 @@ directory. >>>> Set the directory permissions appropriately to allow the tests to >>>> be built >>>> and run: >>>> # chown -R root:root /usr/local/eal4_testing >>>> +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 >>>> {} \; >>>> +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 >>>> {} \; >>>> +# find /usr/local/eal4_testing -type f -not -executable -exec chmod >>>> 644 {} \; >>>> >>>> Build >>>> ----- >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Get your Android app more play: Bring it to the BlackBerry PlayBook >>> in minutes. BlackBerry App World™ now supports Android™ Apps >>> for the BlackBerry® PlayBook™. Discover just how easy and >>> simple >>> it is! http://p.sf.net/sfu/android-dev2dev >>> _______________________________________________ >>> Audit-test-developer mailing list >>> Aud...@li... >>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer >> > > |
From: Miroslav V. <mva...@re...> - 2011-11-01 14:43:36
|
Hi, On 11/01/2011 03:26 PM, Linda Knippers wrote: > Hi Miro, > > Miroslav Vadkerti wrote: >> Hi Linda, >> >> I think this is needed because the umask is set to 027. Can you >> confirm you have this umask set on your box? >> >> When I do git clone I end up with 750/640 permissions on all files. >> This makes the syscalls test failing as they expect 755/644 on all files. >> >> # git clone >> git://audit-test.git.sourceforge.net/gitroot/audit-test/audit-test >> # cd audit-test/audit >> # ll >> total 160 >> -rw-r-----. 1 root root 959 Nov 1 06:31 audit-test.spec >> drwxr-x---. 3 root root 4096 Nov 1 06:31 audit-tools >> drwxr-x---. 2 root root 4096 Nov 1 06:31 audit-trail-protection >> -rw-r-----. 1 root root 17990 Nov 1 06:31 COPYRIGHT >> drwxr-x---. 3 root root 4096 Nov 1 06:31 crypto >> drwxr-x---. 2 root root 4096 Nov 1 06:31 docs >> drwxr-x---. 3 root root 4096 Nov 1 06:31 fail-safe >> drwxr-x---. 3 root root 4096 Nov 1 06:31 filter >> drwxr-x---. 2 root root 4096 Nov 1 06:31 kvm >> [snip] >> >> I hope I'm right here :) > > Yes, you're right up to that point. That's what I see as well. > > I think the difference is with how we're moving the tests from the > git tree to the /usr/local/eal4_testing area. I use 'make dist' > at the top of the tree, which creates a tarball, that I then > untar into the test area. It puts things in an audit-test > directory, rather than an audit directory, and before creating > the tarball, the makefile does a chmod on the files. That's > why I don't need the extra steps. It works just as well if you > use a git tree on a development system and just copy the tarball > to the TOE. > > Since I'd like this to be as automated as possible, would it be > better if I updated the README.run to include the steps of cloning > the git tree, building the tarball and populating the test area? > The 'make dist' part is currently undocumented, which is unfortunate > since both you and Jim have hit this problem. Yep I wasn't aware of that step. Sure please update the README.run so we all are doing this the right way. Also you can drop my recent README.run additions. Thanks for the explanation, /M > > > -- ljk > >> >> Regards, >> /M >> >> On 11/01/2011 12:16 AM, Linda Knippers wrote: >>> Linda Knippers wrote: >>>> I'm curious about this patch and why these steps are necessary. >>>> I have never needed to do them. I don't even do the chown. >>>> Does anyone else have to? >>> >>> After sending this mail, I updated my git tree and then installed and >>> ran the tests. I hit a permissions problem and in looking back over >>> the README.run file, I noticed that I had skipped the step to relabel >>> the tests with this: >>> >>> # make -C utils/selinux-policy relabel verify >>> >>> Once I did that, all was well again. Of course, that only explains >>> problems >>> due to labels and your chmod's are for DAC permissions, so perhaps >>> there is >>> still something different about what we're doing? >>> >>> -- ljk >>> >>>> >>>> If so, I wonder if its related to how we populate the >>>> /usr/local/eal4_testing >>>> directory. I always do a 'make dist' at the top of my git tree (as >>>> me) and then untar >>>> the tarball into the target directory as root. >>>> >>>> The README was originally drafted when we were using CVS and had a >>>> master tarball >>>> that a bunch of testers used. Now that we're using git, perhaps we >>>> should update >>>> the instructions to start with cloning the git tree and creating the >>>> tarball? >>>> I can do that if it will help. >>>> >>>> -- ljk >>>> >>>> mva...@re... wrote: >>>>> From: Ondrej Moris<om...@re...> >>>>> >>>>> >>>>> Signed-off-by: Ondrej Moris<om...@re...> >>>>> --- >>>>> audit/README.run | 3 +++ >>>>> 1 files changed, 3 insertions(+), 0 deletions(-) >>>>> >>>>> diff --git a/audit/README.run b/audit/README.run >>>>> index 99106b8..e990437 100644 >>>>> --- a/audit/README.run >>>>> +++ b/audit/README.run >>>>> @@ -85,6 +85,9 @@ directory. >>>>> Set the directory permissions appropriately to allow the tests to >>>>> be built >>>>> and run: >>>>> # chown -R root:root /usr/local/eal4_testing >>>>> +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 >>>>> {} \; >>>>> +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 >>>>> {} \; >>>>> +# find /usr/local/eal4_testing -type f -not -executable -exec chmod >>>>> 644 {} \; >>>>> >>>>> Build >>>>> ----- >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> Get your Android app more play: Bring it to the BlackBerry PlayBook >>>> in minutes. BlackBerry App World™ now supports Android™ Apps >>>> for the BlackBerry® PlayBook™. Discover just how easy and >>>> simple >>>> it is! http://p.sf.net/sfu/android-dev2dev >>>> _______________________________________________ >>>> Audit-test-developer mailing list >>>> Aud...@li... >>>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer >>> >> >> > -- Miroslav Vadkerti :: QA Engineer / RHCE :: BaseOS QE - Security IRC mvadkert at #qe #urt #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Phone +420 532 294 129 :: CZ +420 775 039 842 :: SK +421 904 135 440 Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic |
From: Linda K. <lin...@hp...> - 2011-11-01 15:44:18
|
Miroslav Vadkerti wrote: > Hi, > > On 11/01/2011 03:26 PM, Linda Knippers wrote: >> Hi Miro, >> >> Miroslav Vadkerti wrote: >>> Hi Linda, >>> >>> I think this is needed because the umask is set to 027. Can you >>> confirm you have this umask set on your box? >>> >>> When I do git clone I end up with 750/640 permissions on all files. >>> This makes the syscalls test failing as they expect 755/644 on all >>> files. >>> >>> # git clone >>> git://audit-test.git.sourceforge.net/gitroot/audit-test/audit-test >>> # cd audit-test/audit >>> # ll >>> total 160 >>> -rw-r-----. 1 root root 959 Nov 1 06:31 audit-test.spec >>> drwxr-x---. 3 root root 4096 Nov 1 06:31 audit-tools >>> drwxr-x---. 2 root root 4096 Nov 1 06:31 audit-trail-protection >>> -rw-r-----. 1 root root 17990 Nov 1 06:31 COPYRIGHT >>> drwxr-x---. 3 root root 4096 Nov 1 06:31 crypto >>> drwxr-x---. 2 root root 4096 Nov 1 06:31 docs >>> drwxr-x---. 3 root root 4096 Nov 1 06:31 fail-safe >>> drwxr-x---. 3 root root 4096 Nov 1 06:31 filter >>> drwxr-x---. 2 root root 4096 Nov 1 06:31 kvm >>> [snip] >>> >>> I hope I'm right here :) >> >> Yes, you're right up to that point. That's what I see as well. >> >> I think the difference is with how we're moving the tests from the >> git tree to the /usr/local/eal4_testing area. I use 'make dist' >> at the top of the tree, which creates a tarball, that I then >> untar into the test area. It puts things in an audit-test >> directory, rather than an audit directory, and before creating >> the tarball, the makefile does a chmod on the files. That's >> why I don't need the extra steps. It works just as well if you >> use a git tree on a development system and just copy the tarball >> to the TOE. >> >> Since I'd like this to be as automated as possible, would it be >> better if I updated the README.run to include the steps of cloning >> the git tree, building the tarball and populating the test area? >> The 'make dist' part is currently undocumented, which is unfortunate >> since both you and Jim have hit this problem. > > Yep I wasn't aware of that step. Sure please update the README.run > so we all are doing this the right way. Also you can drop my recent > README.run additions. I will do that. Sorry this was so poorly documented before. -- ljk > > Thanks for the explanation, > /M >> >> >> -- ljk >> >>> >>> Regards, >>> /M >>> >>> On 11/01/2011 12:16 AM, Linda Knippers wrote: >>>> Linda Knippers wrote: >>>>> I'm curious about this patch and why these steps are necessary. >>>>> I have never needed to do them. I don't even do the chown. >>>>> Does anyone else have to? >>>> >>>> After sending this mail, I updated my git tree and then installed and >>>> ran the tests. I hit a permissions problem and in looking back over >>>> the README.run file, I noticed that I had skipped the step to relabel >>>> the tests with this: >>>> >>>> # make -C utils/selinux-policy relabel verify >>>> >>>> Once I did that, all was well again. Of course, that only explains >>>> problems >>>> due to labels and your chmod's are for DAC permissions, so perhaps >>>> there is >>>> still something different about what we're doing? >>>> >>>> -- ljk >>>> >>>>> >>>>> If so, I wonder if its related to how we populate the >>>>> /usr/local/eal4_testing >>>>> directory. I always do a 'make dist' at the top of my git tree (as >>>>> me) and then untar >>>>> the tarball into the target directory as root. >>>>> >>>>> The README was originally drafted when we were using CVS and had a >>>>> master tarball >>>>> that a bunch of testers used. Now that we're using git, perhaps we >>>>> should update >>>>> the instructions to start with cloning the git tree and creating the >>>>> tarball? >>>>> I can do that if it will help. >>>>> >>>>> -- ljk >>>>> >>>>> mva...@re... wrote: >>>>>> From: Ondrej Moris<om...@re...> >>>>>> >>>>>> >>>>>> Signed-off-by: Ondrej Moris<om...@re...> >>>>>> --- >>>>>> audit/README.run | 3 +++ >>>>>> 1 files changed, 3 insertions(+), 0 deletions(-) >>>>>> >>>>>> diff --git a/audit/README.run b/audit/README.run >>>>>> index 99106b8..e990437 100644 >>>>>> --- a/audit/README.run >>>>>> +++ b/audit/README.run >>>>>> @@ -85,6 +85,9 @@ directory. >>>>>> Set the directory permissions appropriately to allow the tests to >>>>>> be built >>>>>> and run: >>>>>> # chown -R root:root /usr/local/eal4_testing >>>>>> +# find /usr/local/eal4_testing -executable -type f -exec chmod 755 >>>>>> {} \; >>>>>> +# find /usr/local/eal4_testing -executable -type d -exec chmod 755 >>>>>> {} \; >>>>>> +# find /usr/local/eal4_testing -type f -not -executable -exec chmod >>>>>> 644 {} \; >>>>>> >>>>>> Build >>>>>> ----- >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> >>>>> Get your Android app more play: Bring it to the BlackBerry PlayBook >>>>> in minutes. BlackBerry App World™ now supports Android™ Apps >>>>> for the BlackBerry® PlayBook™. Discover just how easy and >>>>> simple >>>>> it is! http://p.sf.net/sfu/android-dev2dev >>>>> _______________________________________________ >>>>> Audit-test-developer mailing list >>>>> Aud...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/audit-test-developer >>>> >>> >>> >> > > |