Menu
▾
▴
Re: [LTP] ltp selinux patch
|
From: Serge E. H. <se...@us...> - 2008-01-30 20:52:37
|
Quoting Stephen Smalley (sd...@ty...): > > On Wed, 2008-01-30 at 11:37 -0600, Serge E. Hallyn wrote: > > Quoting Stephen Smalley (sd...@ty...): > > > > > > On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote: > > > > On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote: > > > > > Here is a patch against this morning's ltp cvs snapshot to implement > > > > > Stephen's suggestion of setting expand-check=0 for the duration of > > > > > the policy load. This allowed me to get rid of the hack > > > > > ++domain_type(test_create_no_t) in refpolicy/test_task_create.te, also > > > > > done in this patch. > > > > > > > > > > (I think it also inlines a patch Stephen sent on jan 23 which > > > > > wasn't yet in ltp cvs) > > > > > > > > As far as I can tell, no one has merged the two patches that I sent > > > > earlier, which explains why you are still seeing failures (the one patch > > > > I sent added permissions needed for the tests). I've seen no reply to > > > > my patches, although I've seen other patches responded to. > > > > > > Actually, I see that your patch does include the permissions from my > > > patch (still not sure why my patch hasn't been merged), so I don't know > > > why you'd still be seeing failures. I only get 3 failures with my > > > patch applied, on inherit and fdreceive (due to Fedora 8 policy granting > > > fd:use permission liberally to all domains) and on task_create (due to > > > the refpolicy granting process:fork to all domains), so I would only > > > expect you to get 2 failures after your patch. > > > > Interesting. I'll look into some these on Friday. Here is the list of > > failures btw: > > Are you running mcstrans? If not, start it first. > > Original testsuite predates MCS/MLS and thus when it fabricates security > contexts, it doesn't include a MCS/MLS level. mcstrans makes that > transparent and thus it just works. Alternatively, the test scripts > could be made a bit smarter. Ah, that brought my # failures down to 5 :) t Start Time: Wed Jan 30 09:39:18 2008 ----------------------------------------- Testcase Result Exit Value -------- ------ ---------- SELinux01 PASS 0 SELinux02 PASS 0 SELinux03 PASS 0 SELinux04 PASS 0 SELinux05 PASS 0 SELinux06 PASS 0 SELinux07 PASS 0 SELinux08 PASS 0 SELinux09 FAIL 1 SELinux10 FAIL 2 SELinux11 FAIL 1 SELinux12 PASS 0 SELinux13 PASS 0 SELinux14 FAIL 1 SELinux15 PASS 0 SELinux16 PASS 0 SELinux17 PASS 0 SELinux18 PASS 0 SELinux19 FAIL 1 SELinux20 PASS 0 SELinux21 PASS 0 SELinux22 PASS 0 SELinux23 PASS 0 SELinux24 PASS 0 SELinux25 PASS 0 SELinux26 PASS 0 SELinux27 PASS 0 SELinux28 PASS 0 SELinux29 PASS 0 SELinux30 PASS 0 SELinux31 PASS 0 SELinux32 PASS 0 SELinux33 PASS 0 SELinux34 PASS 0 SELinux35 PASS 0 SELinux36 PASS 0 SELinux37 PASS 0 SELinux38 PASS 0 ----------------------------------------------- Total Tests: 38 Total Failures: 5 Kernel Version: 2.6.23.1-42.fc8 Machine Architecture: i686 Hostname: localhost.localdomain thanks, -serge |