From: Subrata M. <su...@li...> - 2007-12-07 16:25:41
|
Hi All, Today i had the opportunity to meet James Morris from Red Hat at FOSS.in held at Bangalore, India. After his talks on Se-Linux, we were discussing about the Policy Reference support for Se-linux available in LTP under the directory: ltp/testcases/kernel/security/selinux-testsuite/ Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i have not seen the testcases under: ltp/testcases/kernel/security/selinux-testsuite/ updated for more than an year. I am not aware exactly about the reason for the same. I would like to request you send me any updates that you may want to give to LTP for your selinux-testsuite. Regards-- Subrata |
From: Subrata M. <su...@li...> - 2007-12-10 06:01:46
|
On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > Hi All, > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > held at Bangalore, India. After his talks on Se-Linux, we were > discussing about the Policy Reference support for Se-linux available in > LTP under the directory: > ltp/testcases/kernel/security/selinux-testsuite/ > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > have not seen the testcases under: > ltp/testcases/kernel/security/selinux-testsuite/ > updated for more than an year. I am not aware exactly about the reason > for the same. I would like to request you send me any updates that you > may want to give to LTP for your selinux-testsuite. Can somebody give me some direction on this ?? --Subrata > > Regards-- > Subrata > > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to maj...@ty... with > the words "unsubscribe selinux" without quotes as the message. |
From: Stephen S. <sd...@ty...> - 2007-12-10 14:01:22
|
On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > Hi All, > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > held at Bangalore, India. After his talks on Se-Linux, we were > > discussing about the Policy Reference support for Se-linux available in > > LTP under the directory: > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > have not seen the testcases under: > > ltp/testcases/kernel/security/selinux-testsuite/ > > updated for more than an year. I am not aware exactly about the reason > > for the same. I would like to request you send me any updates that you > > may want to give to LTP for your selinux-testsuite. > > Can somebody give me some direction on this ?? What kind of direction are you seeking? We gave the selinux testsuite to IBM at their request, and they ported it over to the LTP and submitted it there. Joy Latten was involved in the porting; I've cc'd her above. -- Stephen Smalley National Security Agency |
From: Serge E. H. <se...@us...> - 2007-12-10 17:17:06
|
Quoting Stephen Smalley (sd...@ty...): > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > Hi All, > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > discussing about the Policy Reference support for Se-linux available in > > > LTP under the directory: > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > have not seen the testcases under: > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > updated for more than an year. I am not aware exactly about the reason > > > for the same. I would like to request you send me any updates that you > > > may want to give to LTP for your selinux-testsuite. > > > > Can somebody give me some direction on this ?? > > What kind of direction are you seeking? > > We gave the selinux testsuite to IBM at their request, and they ported > it over to the LTP and submitted it there. Joy Latten was involved in > the porting; I've cc'd her above. So the question is who should update the testsuite. This is not just an issue for selinux, but for all the ltp tests. One could say it's Joy because she submitted the testcases. But let me warn you that that attitude will definitely decrease the likelyhood of testcases being submitted to LTP. (It'll certainly deter me) One could say it should be the selinux community in general, but that community is too large for such an answer to be helpful, and it may not be fair since they can say "we didn't submit that." One could say it should be the reference policy maintainer, because I suspect refpolicy updates will be the biggest cause of breakage - but that isn't fair to him since again he didn't submit it. One might say it should be the ltp community - after the biggest advantage of submitting to LTP should be some free maintenance. However it likely doesn't have the needed expertise. Anyway I think there is value to having the selinux testsuite. Though one problem with having it in LTP is that most LTP runs are done on machines which are not set up right for selinux. I personally haven't had enough potential target machines to be able to run the tests regularly. So I don't even know whether anyone has run ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy might know though. So given that I personally don't know who to pin down, and given that I don't have time to maintain the testsuite by myself, if I could get two or three other people to volunteer to help out, I wouldn't mind being part of a group responsible for the maintenance. For starters, I finally have a fedora 8 vm set up which once I'm done with another test i can use to try out the existing testsuite. Hopefully that'll be later this week (no guarantees). I'll report on the results. -serge |
From: Subrata M. <su...@li...> - 2007-12-11 14:23:25
|
On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sd...@ty...): > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > Hi All, > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > discussing about the Policy Reference support for Se-linux available in > > > > LTP under the directory: > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > have not seen the testcases under: > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > updated for more than an year. I am not aware exactly about the reason > > > > for the same. I would like to request you send me any updates that you > > > > may want to give to LTP for your selinux-testsuite. > > > > > > Can somebody give me some direction on this ?? > > > > What kind of direction are you seeking? > > > > We gave the selinux testsuite to IBM at their request, and they ported > > it over to the LTP and submitted it there. Joy Latten was involved in > > the porting; I've cc'd her above. Well i have not received any selinux testcases updates for reference policy for the last 3 quarters. What i have received and released is EAL4+ Certification Test Suite, which includes rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to find whether there are any se-linux testcases included here, which are apparently present in ltp/testcases/kernel/security/selinux-testsuite/ directory of ltp-full-20073011.tgz (can be downloaded from http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). I did not find either of them. They seemed different to me. > > So the question is who should update the testsuite. This is not just an > issue for selinux, but for all the ltp tests. > > One could say it's Joy because she submitted the testcases. But let me > warn you that that attitude will definitely decrease the likelyhood of > testcases being submitted to LTP. (It'll certainly deter me) > > One could say it should be the selinux community in general, but that > community is too large for such an answer to be helpful, and it may not > be fair since they can say "we didn't submit that." > > One could say it should be the reference policy maintainer, because I > suspect refpolicy updates will be the biggest cause of breakage - but > that isn't fair to him since again he didn't submit it. > > One might say it should be the ltp community - after the biggest > advantage of submitting to LTP should be some free maintenance. However > it likely doesn't have the needed expertise. Ok. This is i would say as a collective responsibility rather than somebodyś alone. It is the responsibility of the maintainer (here LTP and hence myself) to find out the validity of test cases in his/her project he/she is maintaining, and, then try to contact the author(s) of that particular test case component to provide updates if even he/she (Author(s)) has the updates themselves. Now it is upto their (Author(s)) interest to write back if they are interested. Else the Maintainer is helpless. I initiated this mail as i found it my responsibility to find out authors who actually wrote these reference policy test cases for se-linux, and which are part of LTP in ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the author(s) respond, then i would work hard to integrate the same. After interaction with James Morris at FOSS.in, Bangalore, India, i came to know that he is also working on se-linux and he mentioned about the presence of reference policy support in LTP. I pointed him the release that i made this year (EAL4+ Certification Test Suite) and also requested him whether he can update me on the se-linux reference policy test cases of se-linux available inside Main LTP, he pointed me to write to se-linux test suite mailing list. Hence this mail. Now i myself has never executed these test case, so not aware of them much. But that should not prevent me from requesting updates of the same. I would be extremely happy even if we can reach the final updates through some pointer-to-pointer and that will serve my purpose of having all updates in LTP. Just to cite an example, i recently found out that there are updates being made to pounder21 test suite(present inside LTP), by somebody for his/her internal project use. Now, the same has never been updated in LTP for quite long time. I immediately mailed to him requesting him for updates. Now my purpose will be served if i get updates from him, let alone it comes to me after long time is not the question. > > Anyway I think there is value to having the selinux testsuite. Though > one problem with having it in LTP is that most LTP runs are done on > machines which are not set up right for selinux. I personally haven't > had enough potential target machines to be able to run the tests > regularly. So I don't even know whether anyone has run > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > might know though. > > So given that I personally don't know who to pin down, and given that I > don't have time to maintain the testsuite by myself, if I could get two > or three other people to volunteer to help out, I wouldn't mind being > part of a group responsible for the maintenance. > > For starters, I finally have a fedora 8 vm set up which once I'm done > with another test i can use to try out the existing testsuite. > Hopefully that'll be later this week (no guarantees). I'll report on > the results. > > -serge Thanks Serge. Will wait for your results. Regards-- Subrata |
From: Serge E. H. <se...@us...> - 2007-12-11 17:05:40
|
Quoting Subrata Modak (su...@li...): > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > Quoting Stephen Smalley (sd...@ty...): > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > Hi All, > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > LTP under the directory: > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > have not seen the testcases under: > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > for the same. I would like to request you send me any updates that you > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > Can somebody give me some direction on this ?? > > > > > > What kind of direction are you seeking? > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > the porting; I've cc'd her above. > > Well i have not received any selinux testcases updates for reference > policy for the last 3 quarters. What i have received and released is > EAL4+ Certification Test Suite, which includes > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > find whether there are any se-linux testcases included here, which are > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > directory of ltp-full-20073011.tgz (can be downloaded from > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > I did not find either of them. They seemed different to me. > > > > > So the question is who should update the testsuite. This is not just an > > issue for selinux, but for all the ltp tests. > > > > One could say it's Joy because she submitted the testcases. But let me > > warn you that that attitude will definitely decrease the likelyhood of > > testcases being submitted to LTP. (It'll certainly deter me) > > > > One could say it should be the selinux community in general, but that > > community is too large for such an answer to be helpful, and it may not > > be fair since they can say "we didn't submit that." > > > > One could say it should be the reference policy maintainer, because I > > suspect refpolicy updates will be the biggest cause of breakage - but > > that isn't fair to him since again he didn't submit it. > > > > One might say it should be the ltp community - after the biggest > > advantage of submitting to LTP should be some free maintenance. However > > it likely doesn't have the needed expertise. > > Ok. This is i would say as a collective responsibility rather than > somebody?? alone. It is the responsibility of the maintainer (here LTP > and hence myself) to find out the validity of test cases in his/her > project he/she is maintaining, and, then try to contact the author(s) of > that particular test case component to provide updates if even he/she > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > interest to write back if they are interested. Else the Maintainer is > helpless. > I initiated this mail as i found it my responsibility to find out > authors who actually wrote these reference policy test cases for > se-linux, and which are part of LTP in > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > author(s) respond, then i would work hard to integrate the same. > After interaction with James Morris at FOSS.in, Bangalore, India, i came > to know that he is also working on se-linux and he mentioned about the > presence of reference policy support in LTP. I pointed him the release > that i made this year (EAL4+ Certification Test Suite) and also > requested him whether he can update me on the se-linux reference policy > test cases of se-linux available inside Main LTP, he pointed me to write > to se-linux test suite mailing list. Hence this mail. Reasonable. And it looks like the prod was needed. > Now i myself has never executed these test case, so not aware of them > much. But that should not prevent me from requesting updates of the > same. I would be extremely happy even if we can reach the final updates > through some pointer-to-pointer and that will serve my purpose of having > all updates in LTP. > > Just to cite an example, i recently found out that there are updates > being made to pounder21 test suite(present inside LTP), by somebody for > his/her internal project use. Now, the same has never been updated in > LTP for quite long time. I immediately mailed to him requesting him for > updates. Now my purpose will be served if i get updates from him, let > alone it comes to me after long time is not the question. > > > > > Anyway I think there is value to having the selinux testsuite. Though > > one problem with having it in LTP is that most LTP runs are done on > > machines which are not set up right for selinux. I personally haven't > > had enough potential target machines to be able to run the tests > > regularly. So I don't even know whether anyone has run > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > might know though. > > > > So given that I personally don't know who to pin down, and given that I > > don't have time to maintain the testsuite by myself, if I could get two > > or three other people to volunteer to help out, I wouldn't mind being > > part of a group responsible for the maintenance. > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > with another test i can use to try out the existing testsuite. > > Hopefully that'll be later this week (no guarantees). I'll report on > > the results. > > > > -serge > > Thanks Serge. Will wait for your results. thanks, -serge |
From: Subrata M. <su...@li...> - 2007-12-12 11:17:53
|
On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > Quoting Subrata Modak (su...@li...): > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > Quoting Stephen Smalley (sd...@ty...): > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > Hi All, > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > LTP under the directory: > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > have not seen the testcases under: > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > for the same. I would like to request you send me any updates that you > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > What kind of direction are you seeking? > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > the porting; I've cc'd her above. > > > > Well i have not received any selinux testcases updates for reference > > policy for the last 3 quarters. What i have received and released is > > EAL4+ Certification Test Suite, which includes > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > find whether there are any se-linux testcases included here, which are > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > directory of ltp-full-20073011.tgz (can be downloaded from > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > I did not find either of them. They seemed different to me. > > > > > > > > So the question is who should update the testsuite. This is not just an > > > issue for selinux, but for all the ltp tests. > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > warn you that that attitude will definitely decrease the likelyhood of > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > One could say it should be the selinux community in general, but that > > > community is too large for such an answer to be helpful, and it may not > > > be fair since they can say "we didn't submit that." > > > > > > One could say it should be the reference policy maintainer, because I > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > that isn't fair to him since again he didn't submit it. > > > > > > One might say it should be the ltp community - after the biggest > > > advantage of submitting to LTP should be some free maintenance. However > > > it likely doesn't have the needed expertise. > > > > Ok. This is i would say as a collective responsibility rather than > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > and hence myself) to find out the validity of test cases in his/her > > project he/she is maintaining, and, then try to contact the author(s) of > > that particular test case component to provide updates if even he/she > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > interest to write back if they are interested. Else the Maintainer is > > helpless. > > I initiated this mail as i found it my responsibility to find out > > authors who actually wrote these reference policy test cases for > > se-linux, and which are part of LTP in > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > author(s) respond, then i would work hard to integrate the same. > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > to know that he is also working on se-linux and he mentioned about the > > presence of reference policy support in LTP. I pointed him the release > > that i made this year (EAL4+ Certification Test Suite) and also > > requested him whether he can update me on the se-linux reference policy > > test cases of se-linux available inside Main LTP, he pointed me to write > > to se-linux test suite mailing list. Hence this mail. > > Reasonable. And it looks like the prod was needed. So, can somebody now give me some updates for testcases in this Directory:: http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, Regards-- Subrata > > > Now i myself has never executed these test case, so not aware of them > > much. But that should not prevent me from requesting updates of the > > same. I would be extremely happy even if we can reach the final updates > > through some pointer-to-pointer and that will serve my purpose of having > > all updates in LTP. > > > > Just to cite an example, i recently found out that there are updates > > being made to pounder21 test suite(present inside LTP), by somebody for > > his/her internal project use. Now, the same has never been updated in > > LTP for quite long time. I immediately mailed to him requesting him for > > updates. Now my purpose will be served if i get updates from him, let > > alone it comes to me after long time is not the question. > > > > > > > > Anyway I think there is value to having the selinux testsuite. Though > > > one problem with having it in LTP is that most LTP runs are done on > > > machines which are not set up right for selinux. I personally haven't > > > had enough potential target machines to be able to run the tests > > > regularly. So I don't even know whether anyone has run > > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > > might know though. > > > > > > So given that I personally don't know who to pin down, and given that I > > > don't have time to maintain the testsuite by myself, if I could get two > > > or three other people to volunteer to help out, I wouldn't mind being > > > part of a group responsible for the maintenance. > > > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > > with another test i can use to try out the existing testsuite. > > > Hopefully that'll be later this week (no guarantees). I'll report on > > > the results. > > > > > > -serge > > > > Thanks Serge. Will wait for your results. > > thanks, > -serge > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to maj...@ty... with > the words "unsubscribe selinux" without quotes as the message. |
From: Stephen S. <sd...@ty...> - 2007-12-13 00:17:45
Attachments:
ltp-selinux.diff
|
On Wed, 2007-12-12 at 16:47 +0530, Subrata Modak wrote: > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > Quoting Subrata Modak (su...@li...): > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > Quoting Stephen Smalley (sd...@ty...): > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > Hi All, > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > LTP under the directory: > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > have not seen the testcases under: > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > the porting; I've cc'd her above. > > > > > > Well i have not received any selinux testcases updates for reference > > > policy for the last 3 quarters. What i have received and released is > > > EAL4+ Certification Test Suite, which includes > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > find whether there are any se-linux testcases included here, which are > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > issue for selinux, but for all the ltp tests. > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > One could say it should be the selinux community in general, but that > > > > community is too large for such an answer to be helpful, and it may not > > > > be fair since they can say "we didn't submit that." > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > One might say it should be the ltp community - after the biggest > > > > advantage of submitting to LTP should be some free maintenance. However > > > > it likely doesn't have the needed expertise. > > > > > > Ok. This is i would say as a collective responsibility rather than > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > and hence myself) to find out the validity of test cases in his/her > > > project he/she is maintaining, and, then try to contact the author(s) of > > > that particular test case component to provide updates if even he/she > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > interest to write back if they are interested. Else the Maintainer is > > > helpless. > > > I initiated this mail as i found it my responsibility to find out > > > authors who actually wrote these reference policy test cases for > > > se-linux, and which are part of LTP in > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > author(s) respond, then i would work hard to integrate the same. > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > to know that he is also working on se-linux and he mentioned about the > > > presence of reference policy support in LTP. I pointed him the release > > > that i made this year (EAL4+ Certification Test Suite) and also > > > requested him whether he can update me on the se-linux reference policy > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > to se-linux test suite mailing list. Hence this mail. > > > > Reasonable. And it looks like the prod was needed. > > So, can somebody now give me some updates for testcases in this > Directory:: > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, Patch attached. -- Stephen Smalley National Security Agency |
From: Stephen S. <sd...@ty...> - 2007-12-20 19:58:00
|
On Thu, 2007-12-20 at 09:32 -0600, Serge E. Hallyn wrote: > Quoting Subrata Modak (su...@li...): > > Ok. Stephen?? Patch has been Recalled and Jeff?? Applied for all the Fixes > > he mentions. Thanks to you all for getting this Fixed. > > > > --Subrata > > For the policy to compile without warnings on Fedora 8, I needed the > following patch as well. I'm not sure whether it's safe for RHEL5 > machines then, though, if the *_bin_* macros there don't include > sbin. Don't apply - my original patch likewise switched the sbin to bin references, and that broke the test policy on rhel5. What we need is better encapsulation of the test policy dependencies. Until then, we may need to maintain multiple test policies for different distro+release combinations, possibly as a common base plus a per-distro-release diff. > Module couldn't install because semodule runs out of memory on a > 1G ram machine :( Hmmm...that's interesting; I haven't seen that. Take that up as a separate issue on selinux list with as much detail as possible. > Maybe it would help to load the modules for one test at a time, > but semodule takes so long that might make the test an all-night > affair. Shouldn't be required - let's fix the real problem instead. -- Stephen Smalley National Security Agency |
From: Serge E. H. <se...@us...> - 2007-12-20 21:20:32
|
Quoting Stephen Smalley (sd...@ty...): > On Thu, 2007-12-20 at 09:32 -0600, Serge E. Hallyn wrote: > > Quoting Subrata Modak (su...@li...): > > > Ok. Stephen?? Patch has been Recalled and Jeff?? Applied for all the Fixes > > > he mentions. Thanks to you all for getting this Fixed. > > > > > > --Subrata > > > > For the policy to compile without warnings on Fedora 8, I needed the > > following patch as well. I'm not sure whether it's safe for RHEL5 > > machines then, though, if the *_bin_* macros there don't include > > sbin. > > Don't apply - my original patch likewise switched the sbin to bin > references, and that broke the test policy on rhel5. Ok, I feared as much. > What we need is better encapsulation of the test policy dependencies. > Until then, we may need to maintain multiple test policies for different > distro+release combinations, possibly as a common base plus a > per-distro-release diff. Sounds reasonable. > > Module couldn't install because semodule runs out of memory on a > > 1G ram machine :( > > Hmmm...that's interesting; I haven't seen that. Take that up as a > separate issue on selinux list with as much detail as possible. Will do. > > Maybe it would help to load the modules for one test at a time, > > but semodule takes so long that might make the test an all-night > > affair. > > Shouldn't be required - let's fix the real problem instead. Ok. thanks, -serge |
From: Serge E. H. <se...@us...> - 2007-12-31 18:35:51
|
Quoting Stephen Smalley (sd...@ty...): > On Thu, 2007-12-20 at 09:32 -0600, Serge E. Hallyn wrote: > > Quoting Subrata Modak (su...@li...): > > > Ok. Stephen?? Patch has been Recalled and Jeff?? Applied for all the Fixes > > > he mentions. Thanks to you all for getting this Fixed. > > > > > > --Subrata > > > > For the policy to compile without warnings on Fedora 8, I needed the > > following patch as well. I'm not sure whether it's safe for RHEL5 > > machines then, though, if the *_bin_* macros there don't include > > sbin. > > Don't apply - my original patch likewise switched the sbin to bin > references, and that broke the test policy on rhel5. > > What we need is better encapsulation of the test policy dependencies. > Until then, we may need to maintain multiple test policies for different > distro+release combinations, possibly as a common base plus a > per-distro-release diff. Ok, the following patch conditionally patches the refpolicy if corecmd_sbin_entry_type() is marked deprecated. It patches it to use *_bin_* instead of *_sbin_*, plus a few other changes needed to get the tests to run on F8. I'm also appending the current logfile and outfiles from running the testsuite. There are some failures I haven't looked into yet. Maybe George or Joy will get a chance before I do :) Note that the test_create_no_t type is definately wrong now. It had been not using 'domain_type() because we want to deny fork to it. So that explainse SELinux29's failure at least. > > Module couldn't install because semodule runs out of memory on a > > 1G ram machine :( > > Hmmm...that's interesting; I haven't seen that. Take that up as a > separate issue on selinux list with as much detail as possible. The out of memory error seems to be spurious. Basically I avoid it by being in runlevel 3 and only having one open shell when I compile the module :) > > Maybe it would help to load the modules for one test at a time, > > but semodule takes so long that might make the test an all-night > > affair. > > Shouldn't be required - let's fix the real problem instead. thanks, -serge |
From: Subrata M. <su...@li...> - 2008-01-02 11:58:58
|
And this has been taken in to. Thanks. --Subrata On Mon, 2007-12-31 at 12:34 -0600, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sd...@ty...): > > On Thu, 2007-12-20 at 09:32 -0600, Serge E. Hallyn wrote: > > > Quoting Subrata Modak (su...@li...): > > > > Ok. Stephen?? Patch has been Recalled and Jeff?? Applied for all the Fixes > > > > he mentions. Thanks to you all for getting this Fixed. > > > > > > > > --Subrata > > > > > > For the policy to compile without warnings on Fedora 8, I needed the > > > following patch as well. I'm not sure whether it's safe for RHEL5 > > > machines then, though, if the *_bin_* macros there don't include > > > sbin. > > > > Don't apply - my original patch likewise switched the sbin to bin > > references, and that broke the test policy on rhel5. > > > > What we need is better encapsulation of the test policy dependencies. > > Until then, we may need to maintain multiple test policies for different > > distro+release combinations, possibly as a common base plus a > > per-distro-release diff. > > Ok, the following patch conditionally patches the refpolicy if > corecmd_sbin_entry_type() is marked deprecated. It patches it > to use *_bin_* instead of *_sbin_*, plus a few other changes > needed to get the tests to run on F8. > > I'm also appending the current logfile and outfiles from running > the testsuite. There are some failures I haven't looked into > yet. Maybe George or Joy will get a chance before I do :) Note > that the test_create_no_t type is definately wrong now. It had > been not using 'domain_type() because we want to deny fork to > it. So that explainse SELinux29's failure at least. > > > > Module couldn't install because semodule runs out of memory on a > > > 1G ram machine :( > > > > Hmmm...that's interesting; I haven't seen that. Take that up as a > > separate issue on selinux list with as much detail as possible. > > The out of memory error seems to be spurious. Basically I avoid > it by being in runlevel 3 and only having one open shell when I compile > the module :) > > > > Maybe it would help to load the modules for one test at a time, > > > but semodule takes so long that might make the test an all-night > > > affair. > > > > Shouldn't be required - let's fix the real problem instead. > > thanks, > -serge |
From: Subrata M. <su...@li...> - 2007-12-20 09:38:58
|
Ok. Stephenś Patch has been Recalled and Jeffś Applied for all the Fixes he mentions. Thanks to you all for getting this Fixed. --Subrata On Wed, 2007-12-19 at 11:25 -0500, Stephen Smalley wrote: > On Tue, 2007-12-18 at 15:36 -0500, Jeff Burke wrote: > > Stephen Smalley wrote: > > > On Mon, 2007-12-17 at 13:50 -0500, Stephen Smalley wrote: > > >> On Mon, 2007-12-17 at 13:43 -0500, Stephen Smalley wrote: > > >>> On Thu, 2007-12-13 at 19:33 -0500, Jeff Burke wrote: > > >>>> Stephen, Joy, Dan and James > > >>>> Using Stephens latest patch. Here are the results for the selinux tests > > >>>> ltp-full-20071130, RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3: > > >>> Reverting the prior patches and applying this one instead, I am able to > > >>> run all of the test cases successfully on RHEL5.1 with that policy > > >>> version. > > >>> > > >>> I never did get a failure on SELinux10 though even with the old patch. > > >>> Looking at your log file, it suggests that you were running the tests > > >>> without a controlling tty? That will break that particular test at > > >>> least (sendsigio_task). > > >>> > > >>> As for the build failure on execshare_parent, I don't know how to fix > > >>> that on ia64 - is there a portable way to write a call to clone(2) that > > >>> will work there? I don't have ia64 hardware readily available to me. > > >> Ah, from the clone(2) man page, I see that one is supposed to use > > >> clone2() instead on IA-64. But someone else will have to do that and > > >> test it - I don't have an ia64 machine at my disposal. > > > > > >>From the example of other code in the ltp, it looks like the following > > > patch should work for ia-64. This patch for the execshare test program > > > is in addition to the prior policy patch. > > > > Stephen, > > This ran successful with ltp-full-20071130 + Attached Patches on > > RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3 > > Good, so the earlier patch should be reverted and these patches should > be applied instead to the ltp cvs. > > > I had to do a couple of things. Attached are all the patches that you > > created. Plus a patch from me for the controlling tty issue. Also a > > minor change to your patch for the ia64 compile failure. > > I'll trust you on the latter, as I can't test on ia64. > > > I also believe that the ./testscripts/test_selinux.sh should do > > something like the this. > > > > # Backing up files > > cp /etc/selinux/semanage.conf etc/selinux/semanage.conf.orig > > > > # Added expand-check=0 to /etc/selinux/semanage.conf file > > # as the test policy will violate some of the neverallow > > # rules in the base policy. ltp testing. > > echo expand-check=0 >> /etc/selinux/semanage.conf > > cp /etc/selinux/semanage.conf /etc/selinux/semanage.conf.orig > > echo expand-check=0 >> /etc/selinux/semanage.conf > > # Read in new semanage.conf file > > /usr/sbin/semodule -B > > You don't actually need that semodule -B command; the updated > semanage.conf is read whenever libsemanage gets used, so it will be > taken into account when semodule is run to insert the test policy. > semodule -B is for rebuilding the actual policy; semanage.conf is not > part of the policy. > > > Then before test_selinux.sh exits it should > > > > # Putting origianal /etc/selinux/semanage.conf back > > cp /etc/selinux/semanage.conf.orig /etc/selinux/semanage.conf > > /sbin/restorecon -v -F /etc/selinux/semanage.conf > > /usr/sbin/semodule -B > > Likewise, you won't need the semodule -B here. > But otherwise, looks ok - can either be part of test_selinux.sh or just > part of the instructions in the README. > > > > > Thanks, > > Jeff > > |
From: Serge E. H. <se...@us...> - 2007-12-20 15:33:34
Attachments:
ltp-selinux-f8.diff
|
Quoting Subrata Modak (su...@li...): > Ok. Stephen?? Patch has been Recalled and Jeff?? Applied for all the Fixes > he mentions. Thanks to you all for getting this Fixed. > > --Subrata For the policy to compile without warnings on Fedora 8, I needed the following patch as well. I'm not sure whether it's safe for RHEL5 machines then, though, if the *_bin_* macros there don't include sbin. Module couldn't install because semodule runs out of memory on a 1G ram machine :( Maybe it would help to load the modules for one test at a time, but semodule takes so long that might make the test an all-night affair. -serge |
From: Serge E. H. <se...@us...> - 2007-12-12 15:28:49
|
Quoting Subrata Modak (su...@li...): > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > Quoting Subrata Modak (su...@li...): > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > Quoting Stephen Smalley (sd...@ty...): > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > Hi All, > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > LTP under the directory: > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > have not seen the testcases under: > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > the porting; I've cc'd her above. > > > > > > Well i have not received any selinux testcases updates for reference > > > policy for the last 3 quarters. What i have received and released is > > > EAL4+ Certification Test Suite, which includes > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > find whether there are any se-linux testcases included here, which are > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > issue for selinux, but for all the ltp tests. > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > One could say it should be the selinux community in general, but that > > > > community is too large for such an answer to be helpful, and it may not > > > > be fair since they can say "we didn't submit that." > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > One might say it should be the ltp community - after the biggest > > > > advantage of submitting to LTP should be some free maintenance. However > > > > it likely doesn't have the needed expertise. > > > > > > Ok. This is i would say as a collective responsibility rather than > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > and hence myself) to find out the validity of test cases in his/her > > > project he/she is maintaining, and, then try to contact the author(s) of > > > that particular test case component to provide updates if even he/she > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > interest to write back if they are interested. Else the Maintainer is > > > helpless. > > > I initiated this mail as i found it my responsibility to find out > > > authors who actually wrote these reference policy test cases for > > > se-linux, and which are part of LTP in > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > author(s) respond, then i would work hard to integrate the same. > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > to know that he is also working on se-linux and he mentioned about the > > > presence of reference policy support in LTP. I pointed him the release > > > that i made this year (EAL4+ Certification Test Suite) and also > > > requested him whether he can update me on the se-linux reference policy > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > to se-linux test suite mailing list. Hence this mail. > > > > Reasonable. And it looks like the prod was needed. > > So, can somebody now give me some updates for testcases in this > Directory:: > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, No. I thought I'd made it clear that I was going to try running them under FC8 later this week or early next and report back. No one has any updates at the moment. (which is why the prod was needed :) -serge |
From: Subrata M. <su...@li...> - 2007-12-13 09:42:35
|
On Wed, 2007-12-12 at 09:27 -0600, Serge E. Hallyn wrote: > Quoting Subrata Modak (su...@li...): > > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > > Quoting Subrata Modak (su...@li...): > > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > > Quoting Stephen Smalley (sd...@ty...): > > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > > Hi All, > > > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > > LTP under the directory: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > > have not seen the testcases under: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > > the porting; I've cc'd her above. > > > > > > > > Well i have not received any selinux testcases updates for reference > > > > policy for the last 3 quarters. What i have received and released is > > > > EAL4+ Certification Test Suite, which includes > > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > > find whether there are any se-linux testcases included here, which are > > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > > issue for selinux, but for all the ltp tests. > > > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > > > One could say it should be the selinux community in general, but that > > > > > community is too large for such an answer to be helpful, and it may not > > > > > be fair since they can say "we didn't submit that." > > > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > > > One might say it should be the ltp community - after the biggest > > > > > advantage of submitting to LTP should be some free maintenance. However > > > > > it likely doesn't have the needed expertise. > > > > > > > > Ok. This is i would say as a collective responsibility rather than > > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > > and hence myself) to find out the validity of test cases in his/her > > > > project he/she is maintaining, and, then try to contact the author(s) of > > > > that particular test case component to provide updates if even he/she > > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > > interest to write back if they are interested. Else the Maintainer is > > > > helpless. > > > > I initiated this mail as i found it my responsibility to find out > > > > authors who actually wrote these reference policy test cases for > > > > se-linux, and which are part of LTP in > > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > > author(s) respond, then i would work hard to integrate the same. > > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > > to know that he is also working on se-linux and he mentioned about the > > > > presence of reference policy support in LTP. I pointed him the release > > > > that i made this year (EAL4+ Certification Test Suite) and also > > > > requested him whether he can update me on the se-linux reference policy > > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > > to se-linux test suite mailing list. Hence this mail. > > > > > > Reasonable. And it looks like the prod was needed. > > > > So, can somebody now give me some updates for testcases in this > > Directory:: > > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, > > No. I thought I'd made it clear that I was going to try running them > under FC8 later this week or early next and report back. No one has > any updates at the moment. (which is why the prod was needed :) > Please apply Stephenś Patch and then share your test results. --Subrata > -serge |
From: Joy L. <la...@au...> - 2007-12-12 22:58:54
|
My apologies for the delay in responding. I would like to consult with a colleague about status of the selinux testcases in LTP, but he is out for rest of year. Is it ok if I get back to you with a conclusion at the beginning of the new year? regards, Joy On Wed, 2007-12-12 at 16:47 +0530, Subrata Modak wrote: > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > Quoting Subrata Modak (su...@li...): > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > Quoting Stephen Smalley (sd...@ty...): > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > Hi All, > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > LTP under the directory: > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > have not seen the testcases under: > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > the porting; I've cc'd her above. > > > > > > Well i have not received any selinux testcases updates for reference > > > policy for the last 3 quarters. What i have received and released is > > > EAL4+ Certification Test Suite, which includes > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > find whether there are any se-linux testcases included here, which are > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > issue for selinux, but for all the ltp tests. > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > One could say it should be the selinux community in general, but that > > > > community is too large for such an answer to be helpful, and it may not > > > > be fair since they can say "we didn't submit that." > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > One might say it should be the ltp community - after the biggest > > > > advantage of submitting to LTP should be some free maintenance. However > > > > it likely doesn't have the needed expertise. > > > > > > Ok. This is i would say as a collective responsibility rather than > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > and hence myself) to find out the validity of test cases in his/her > > > project he/she is maintaining, and, then try to contact the author(s) of > > > that particular test case component to provide updates if even he/she > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > interest to write back if they are interested. Else the Maintainer is > > > helpless. > > > I initiated this mail as i found it my responsibility to find out > > > authors who actually wrote these reference policy test cases for > > > se-linux, and which are part of LTP in > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > author(s) respond, then i would work hard to integrate the same. > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > to know that he is also working on se-linux and he mentioned about the > > > presence of reference policy support in LTP. I pointed him the release > > > that i made this year (EAL4+ Certification Test Suite) and also > > > requested him whether he can update me on the se-linux reference policy > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > to se-linux test suite mailing list. Hence this mail. > > > > Reasonable. And it looks like the prod was needed. > > So, can somebody now give me some updates for testcases in this > Directory:: > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, > > Regards-- > Subrata > > > > > > Now i myself has never executed these test case, so not aware of them > > > much. But that should not prevent me from requesting updates of the > > > same. I would be extremely happy even if we can reach the final updates > > > through some pointer-to-pointer and that will serve my purpose of having > > > all updates in LTP. > > > > > > Just to cite an example, i recently found out that there are updates > > > being made to pounder21 test suite(present inside LTP), by somebody for > > > his/her internal project use. Now, the same has never been updated in > > > LTP for quite long time. I immediately mailed to him requesting him for > > > updates. Now my purpose will be served if i get updates from him, let > > > alone it comes to me after long time is not the question. > > > > > > > > > > > Anyway I think there is value to having the selinux testsuite. Though > > > > one problem with having it in LTP is that most LTP runs are done on > > > > machines which are not set up right for selinux. I personally haven't > > > > had enough potential target machines to be able to run the tests > > > > regularly. So I don't even know whether anyone has run > > > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > > > might know though. > > > > > > > > So given that I personally don't know who to pin down, and given that I > > > > don't have time to maintain the testsuite by myself, if I could get two > > > > or three other people to volunteer to help out, I wouldn't mind being > > > > part of a group responsible for the maintenance. > > > > > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > > > with another test i can use to try out the existing testsuite. > > > > Hopefully that'll be later this week (no guarantees). I'll report on > > > > the results. > > > > > > > > -serge > > > > > > Thanks Serge. Will wait for your results. > > > > thanks, > > -serge > > > > -- > > This message was distributed to subscribers of the selinux mailing list. > > If you no longer wish to subscribe, send mail to maj...@ty... with > > the words "unsubscribe selinux" without quotes as the message. > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to maj...@ty... with > the words "unsubscribe selinux" without quotes as the message. |
From: Subrata M. <su...@li...> - 2007-12-13 09:44:19
|
On Wed, 2007-12-12 at 13:47 -0600, Joy Latten wrote: > My apologies for the delay in responding. > I would like to consult with a colleague > about status of the selinux testcases in LTP, > but he is out for rest of year. > > Is it ok if I get back to you with a conclusion at the > beginning of the new year? Thatś OK. Now Stephen has already given the Patch. Now i know that i need to turn to you/Stephen for any updates on se-linux. Please do update us for anything and everything. --Subrata > > regards, > Joy > > > On Wed, 2007-12-12 at 16:47 +0530, Subrata Modak wrote: > > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > > Quoting Subrata Modak (su...@li...): > > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > > Quoting Stephen Smalley (sd...@ty...): > > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > > Hi All, > > > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > > LTP under the directory: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > > have not seen the testcases under: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > > the porting; I've cc'd her above. > > > > > > > > Well i have not received any selinux testcases updates for reference > > > > policy for the last 3 quarters. What i have received and released is > > > > EAL4+ Certification Test Suite, which includes > > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > > find whether there are any se-linux testcases included here, which are > > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > > issue for selinux, but for all the ltp tests. > > > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > > > One could say it should be the selinux community in general, but that > > > > > community is too large for such an answer to be helpful, and it may not > > > > > be fair since they can say "we didn't submit that." > > > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > > > One might say it should be the ltp community - after the biggest > > > > > advantage of submitting to LTP should be some free maintenance. However > > > > > it likely doesn't have the needed expertise. > > > > > > > > Ok. This is i would say as a collective responsibility rather than > > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > > and hence myself) to find out the validity of test cases in his/her > > > > project he/she is maintaining, and, then try to contact the author(s) of > > > > that particular test case component to provide updates if even he/she > > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > > interest to write back if they are interested. Else the Maintainer is > > > > helpless. > > > > I initiated this mail as i found it my responsibility to find out > > > > authors who actually wrote these reference policy test cases for > > > > se-linux, and which are part of LTP in > > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > > author(s) respond, then i would work hard to integrate the same. > > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > > to know that he is also working on se-linux and he mentioned about the > > > > presence of reference policy support in LTP. I pointed him the release > > > > that i made this year (EAL4+ Certification Test Suite) and also > > > > requested him whether he can update me on the se-linux reference policy > > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > > to se-linux test suite mailing list. Hence this mail. > > > > > > Reasonable. And it looks like the prod was needed. > > > > So, can somebody now give me some updates for testcases in this > > Directory:: > > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, > > > > Regards-- > > Subrata > > > > > > > > > Now i myself has never executed these test case, so not aware of them > > > > much. But that should not prevent me from requesting updates of the > > > > same. I would be extremely happy even if we can reach the final updates > > > > through some pointer-to-pointer and that will serve my purpose of having > > > > all updates in LTP. > > > > > > > > Just to cite an example, i recently found out that there are updates > > > > being made to pounder21 test suite(present inside LTP), by somebody for > > > > his/her internal project use. Now, the same has never been updated in > > > > LTP for quite long time. I immediately mailed to him requesting him for > > > > updates. Now my purpose will be served if i get updates from him, let > > > > alone it comes to me after long time is not the question. > > > > > > > > > > > > > > Anyway I think there is value to having the selinux testsuite. Though > > > > > one problem with having it in LTP is that most LTP runs are done on > > > > > machines which are not set up right for selinux. I personally haven't > > > > > had enough potential target machines to be able to run the tests > > > > > regularly. So I don't even know whether anyone has run > > > > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > > > > might know though. > > > > > > > > > > So given that I personally don't know who to pin down, and given that I > > > > > don't have time to maintain the testsuite by myself, if I could get two > > > > > or three other people to volunteer to help out, I wouldn't mind being > > > > > part of a group responsible for the maintenance. > > > > > > > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > > > > with another test i can use to try out the existing testsuite. > > > > > Hopefully that'll be later this week (no guarantees). I'll report on > > > > > the results. > > > > > > > > > > -serge > > > > > > > > Thanks Serge. Will wait for your results. > > > > > > thanks, > > > -serge > > > > > > -- > > > This message was distributed to subscribers of the selinux mailing list. > > > If you no longer wish to subscribe, send mail to maj...@ty... with > > > the words "unsubscribe selinux" without quotes as the message. > > > > > > -- > > This message was distributed to subscribers of the selinux mailing list. > > If you no longer wish to subscribe, send mail to maj...@ty... with > > the words "unsubscribe selinux" without quotes as the message. |
From: Subrata M. <su...@li...> - 2007-12-13 09:41:45
|
On Wed, 2007-12-12 at 11:30 -0500, Stephen Smalley wrote: > On Wed, 2007-12-12 at 16:47 +0530, Subrata Modak wrote: > > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > > Quoting Subrata Modak (su...@li...): > > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > > Quoting Stephen Smalley (sd...@ty...): > > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > > Hi All, > > > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > > LTP under the directory: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > > have not seen the testcases under: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > > the porting; I've cc'd her above. > > > > > > > > Well i have not received any selinux testcases updates for reference > > > > policy for the last 3 quarters. What i have received and released is > > > > EAL4+ Certification Test Suite, which includes > > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > > find whether there are any se-linux testcases included here, which are > > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > > issue for selinux, but for all the ltp tests. > > > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > > > One could say it should be the selinux community in general, but that > > > > > community is too large for such an answer to be helpful, and it may not > > > > > be fair since they can say "we didn't submit that." > > > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > > > One might say it should be the ltp community - after the biggest > > > > > advantage of submitting to LTP should be some free maintenance. However > > > > > it likely doesn't have the needed expertise. > > > > > > > > Ok. This is i would say as a collective responsibility rather than > > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > > and hence myself) to find out the validity of test cases in his/her > > > > project he/she is maintaining, and, then try to contact the author(s) of > > > > that particular test case component to provide updates if even he/she > > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > > interest to write back if they are interested. Else the Maintainer is > > > > helpless. > > > > I initiated this mail as i found it my responsibility to find out > > > > authors who actually wrote these reference policy test cases for > > > > se-linux, and which are part of LTP in > > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > > author(s) respond, then i would work hard to integrate the same. > > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > > to know that he is also working on se-linux and he mentioned about the > > > > presence of reference policy support in LTP. I pointed him the release > > > > that i made this year (EAL4+ Certification Test Suite) and also > > > > requested him whether he can update me on the se-linux reference policy > > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > > to se-linux test suite mailing list. Hence this mail. > > > > > > Reasonable. And it looks like the prod was needed. > > > > So, can somebody now give me some updates for testcases in this > > Directory:: > > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, > > Patch attached. Thanks. Thatś going to help a lot. --Subrata > |
From: Subrata M. <su...@li...> - 2007-12-13 11:38:40
|
> > > So, can somebody now give me some updates for testcases in this > > > Directory:: > > > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, > > > > Patch attached. > > Thanks. Thatś going to help a lot. Well and Applied too. Thanks a ton. --Subrata > > --Subrata > > > > > ------------------------------------------------------------------------- > SF.Net email is sponsored by: > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services > for just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Ltp-list mailing list > Ltp...@li... > https://lists.sourceforge.net/lists/listinfo/ltp-list |
From: Jeff B. <jb...@re...> - 2007-12-14 00:34:42
Attachments:
selinux.outfile.x86_64
selinux.outfile.i686
|
Stephen, Joy, Dan and James Using Stephens latest patch. Here are the results for the selinux tests ltp-full-20071130, RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3: I have also attached the selinux.outfile for both the i386 and x86_64 testing i386, x86_64, ppc, s390x All fail in a similar manor. ------------------------------------------------------------------------ Test Start Time: Thu Dec 13 17:55:32 2007 ----------------------------------------- Testcase Result Exit Value -------- ------ ---------- SELinux01 PASS 0 SELinux02 FAIL 1 SELinux03 PASS 0 SELinux04 PASS 0 SELinux05 PASS 0 SELinux06 PASS 0 SELinux07 PASS 0 SELinux08 PASS 0 SELinux09 PASS 0 SELinux10 FAIL 2 SELinux11 PASS 0 SELinux12 PASS 0 SELinux13 PASS 0 SELinux14 PASS 0 SELinux15 PASS 0 SELinux16 PASS 0 SELinux17 PASS 0 SELinux18 PASS 0 SELinux19 PASS 0 SELinux20 PASS 0 SELinux21 PASS 0 SELinux22 PASS 0 SELinux23 PASS 0 SELinux24 PASS 0 SELinux25 PASS 0 SELinux26 PASS 0 SELinux27 PASS 0 SELinux28 FAIL 1 SELinux29 FAIL 1 SELinux30 PASS 0 SELinux31 PASS 0 SELinux32 PASS 0 SELinux33 PASS 0 SELinux34 PASS 0 SELinux35 PASS 0 SELinux36 PASS 0 SELinux37 PASS 0 SELinux38 PASS 0 ----------------------------------------------- Total Tests: 38 Total Failures: 4 Kernel Version: 2.6.18-53.el5 Machine Architecture: x86_64 ------------------------------------------------------------------------ ia64 does not compile: ------------------------------------------------------------------------ make -C ltp-full-*/testcases/kernel/security/selinux-testsuite/tests make[1]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests' make[2]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/domain_trans' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/domain_trans' make[2]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/entrypoint' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/entrypoint' make[2]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/execshare' cc selinux_execshare_child.c -lselinux -o selinux_execshare_child cc selinux_execshare_parent.c -lselinux -o selinux_execshare_parent selinux_execshare_parent.c: In function ‘main’: selinux_execshare_parent.c:80: warning: passing argument 1 of ‘clone’ from incompatible pointer type /tmp/ccOYLyhB.o: In function `main': selinux_execshare_parent.c:(.text+0x6f2): undefined reference to `clone' collect2: ld returned 1 exit status make[2]: *** [selinux_execshare_parent] Error 1 make[2]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/execshare' make[1]: *** [all] Error 2 make[1]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests' make: *** [bldselinux] Error 2 ------------------------------------------------------------------------ |
From: Jeff B. <jb...@re...> - 2007-12-15 04:58:37
|
Stephen, Here are the results using the patch that Dan provided. I have attached Dan's patch and also the selinux.output file for i386 and x86_64. ia64 still fails to build. This was also ltp-full-20071130 + Dan Walsh patch, RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3 i386, x86_64, ppc, s390x All fail the same way. -------------------------------------------------------- Test Start Time: Fri Dec 14 17:29:41 2007 ----------------------------------------- Testcase Result Exit Value -------- ------ ---------- SELinux01 PASS 0 SELinux02 FAIL 1 SELinux03 PASS 0 SELinux04 PASS 0 SELinux05 PASS 0 SELinux06 PASS 0 SELinux07 PASS 0 SELinux08 PASS 0 SELinux09 PASS 0 SELinux10 FAIL 2 SELinux11 PASS 0 SELinux12 PASS 0 SELinux13 PASS 0 SELinux14 PASS 0 SELinux15 PASS 0 SELinux16 PASS 0 SELinux17 PASS 0 SELinux18 FAIL 1 SELinux19 PASS 0 SELinux20 PASS 0 SELinux21 FAIL 1 SELinux22 PASS 0 SELinux23 PASS 0 SELinux24 PASS 0 SELinux25 PASS 0 SELinux26 PASS 0 SELinux27 FAIL 1 SELinux28 PASS 0 SELinux29 FAIL 1 SELinux30 PASS 0 SELinux31 PASS 0 SELinux32 PASS 0 SELinux33 PASS 0 SELinux34 PASS 0 SELinux35 PASS 0 SELinux36 PASS 0 SELinux37 FAIL 1 SELinux38 FAIL 255 ----------------------------------------------- Total Tests: 38 Total Failures: 8 Kernel Version: 2.6.18-53.el5 Machine Architecture: i686 -------------------------------------------------------- ia64 still fails to compile -------------------------------------------------------- Building SELinux tests make -C ltp-full-*/testcases/kernel/security/selinux-testsuite/tests make[1]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests' make[2]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/domain_trans' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/domain_trans' make[2]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/entrypoint' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/entrypoint' make[2]: Entering directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/execshare' cc selinux_execshare_child.c -lselinux -o selinux_execshare_child cc selinux_execshare_parent.c -lselinux -o selinux_execshare_parent selinux_execshare_parent.c: In function ‘main’: selinux_execshare_parent.c:80: warning: passing argument 1 of ‘clone’ from incompatible pointer type /tmp/cczh4cfk.o: In function `main': selinux_execshare_parent.c:(.text+0x6f2): undefined reference to `clone' collect2: ld returned 1 exit status make[2]: *** [selinux_execshare_parent] Error 1 make[2]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests/execshare' make[1]: *** [all] Error 2 make[1]: Leaving directory `/mnt/tests/kernel/security/selinux/ltp-selinux/20071130/ltp-full-20071130/testcases/kernel/security/selinux-testsuite/tests' make: *** [bldselinux] Error 2 -------------------------------------------------------- Stephen Smalley wrote: > On Thu, 2007-12-13 at 19:33 -0500, Jeff Burke wrote: >> Stephen, Joy, Dan and James >> Using Stephens latest patch. Here are the results for the selinux tests >> ltp-full-20071130, RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3: > > Hi Jeff, > > I'll take a look. The patch worked for me on Fedora 7. Don't know for > certain how that differs from RHEL5.1 in terms of SELinux functionality > and base policy, but the testsuite is rather sensitive to changes I'm > afraid. > |
From: George K. <gk...@us...> - 2007-12-17 16:25:28
|
On Fri, 2007-12-14 at 23:57 -0500, Jeff Burke wrote: > ----------------------------------------------- > Total Tests: 38 > Total Failures: 8 > Kernel Version: 2.6.18-53.el5 > Machine Architecture: i686 > -------------------------------------------------------- Regarding the 8 selinux failures, are the problems with the OS, or the test cases? George (Gk4) |
From: Stephen S. <sd...@ty...> - 2007-12-17 18:08:55
|
On Mon, 2007-12-17 at 10:16 -0600, George Kraft wrote: > On Fri, 2007-12-14 at 23:57 -0500, Jeff Burke wrote: > > ----------------------------------------------- > > Total Tests: 38 > > Total Failures: 8 > > Kernel Version: 2.6.18-53.el5 > > Machine Architecture: i686 > > -------------------------------------------------------- > > Regarding the 8 selinux failures, are the problems with the OS, or the > test cases? It is test policy dependencies on the base policy being broken by changes in the base policy. As my patch yielded less failures, I'm looking at it further. -- Stephen Smalley National Security Agency |
From: Stephen S. <sd...@ty...> - 2007-12-17 18:44:39
Attachments:
ltp-selinux.diff
|
On Thu, 2007-12-13 at 19:33 -0500, Jeff Burke wrote: > Stephen, Joy, Dan and James > Using Stephens latest patch. Here are the results for the selinux tests > ltp-full-20071130, RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3: Reverting the prior patches and applying this one instead, I am able to run all of the test cases successfully on RHEL5.1 with that policy version. I never did get a failure on SELinux10 though even with the old patch. Looking at your log file, it suggests that you were running the tests without a controlling tty? That will break that particular test at least (sendsigio_task). As for the build failure on execshare_parent, I don't know how to fix that on ia64 - is there a portable way to write a call to clone(2) that will work there? I don't have ia64 hardware readily available to me. -- Stephen Smalley National Security Agency |