SourceForge.net

This is the second message from Stephen Smalley that was Auto-discarded. I
don't know why. Perhaps you can shed some light in the subject.

The attached message has been automatically discarded.
[-- Attachment #2 --]
[-- Type: message/rfc822, Encoding: 7bit, Size: 5.2K --]
Content-Type: message/rfc822
MIME-Version: 1.0

Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.91]
helo=mail.sourceforge.net)
by sc8-sf-list1-new.sourceforge.net with esmtp (Exim 4.43)
id 1JU0Ns-0006WP-6M
for ltp-list@lists.sourceforge.net; Tue, 26 Feb 2008 06:02:16
-0800
Received: from zombie.ncsc.mil ([144.51.88.131])
by mail.sourceforge.net with esmtp (Exim 4.44) id 1JU0Nq-00006c-K3
for ltp-list@lists.sourceforge.net; Tue, 26 Feb 2008 06:02:16
-0800
Received: from facesaver.epoch.ncsc.mil (jazzdrum.ncsc.mil [144.51.5.7])
by zombie.ncsc.mil (8.12.10/8.12.10) with ESMTP id m1QE15WF017693;
Tue, 26 Feb 2008 14:01:05 GMT
Received: from [144.51.25.121] (moss-spartans [144.51.25.121])
by facesaver.epoch.ncsc.mil (8.13.1/8.13.1) with ESMTP id
m1QE12uP023529; Tue, 26 Feb 2008 09:01:02 -0500
Subject: Re: [LTP] ltp selinux patch
From: Stephen Smalley <sds@epoch.ncsc.mil>
To: jburke@redhat.com
Cc: subrata@linux.vnet.ibm.com, "Serge E. Hallyn" <serue@us.ibm.com>,
George Wilson <gcwilson@us.ibm.com>,
Joy Latten <latten@austin.ibm.com>, ltp-list@lists.sourceforge.net
In-Reply-To: <47C41897.3040509@redhat.com>
References: <20080130002110.GA4943@sergelap.austin.ibm.com>
<1201695623.2823.127.camel@moss-spartans.epoch.ncsc.mil>
<1203945994.5227.0.camel@subratamodak.linux.ibm.com>
<1203948521.2804.180.camel@moss-spartans.epoch.ncsc.mil>
<1204011680.4591.1.camel@subratamodak.linux.ibm.com>
<47C41897.3040509@redhat.com>
Content-Type: text/plain
Organization: National Security Agency
Date: Tue, 26 Feb 2008 09:01:02 -0500
Message-Id: <1204034462.2804.297.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-1.fc8)
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.5 required=3.5 tests=ALL_TRUSTED,AWL,BAYES_00
autolearn=ham version=3.1.8
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
facesaver.epoch.ncsc.mil
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by sourceforge.net.
See http://spamassassin.org/tag/ for more details.
Report problems to
http://sf.net/tracker/?func=add&group_id=1&atid=200001


On Tue, 2008-02-26 at 08:48 -0500, Jeff Burke wrote:
> Subrata Modak wrote:
> > On Mon, 2008-02-25 at 09:08 -0500, Stephen Smalley wrote:
> >> On Mon, 2008-02-25 at 18:56 +0530, Subrata Modak wrote:
> >>> Stephen,
> >>>
> >>> Any new Patches for LTP-Selinux ?
> >> I don't have any updates, no.
> >>
> >> I have noticed that on x86_64, there are a number of FAILs that are
not
> >> present on x86, in particular in the System V IPC tests (msg, sem,
shm).
> >> I don't know if that has always been the case or not, as the tests
were
> >> all originally written and tested on x86 only.
> >
> > Turing this on to Jeff and Sergei, who used these test cases a lot on
> > their machines.
> Subrata,
> Currently I don't have any patches. But I am still running the
> ltp-full-20071231 release. I am primarily focusing on RHEL so we still
> may have issues the selinux test and Fedora. At the current time we are
> in a "lock down" mode for the release of RHEL5.2 so I can't change the
> baseline tests that are being used.
>
> One thing that I did discover is that with the release of SELinux
that
> is in 5.2 and they way the test is run we have to set a boolean for the
> test to pass. If the boolean exists
> /usr/sbin/setsebool allow_domain_fd_use=0 We may want to add that to the
> README.

Ok, that's due to a policy change by Dan in the base policy.

> Here is what I think still needs to be done. Currently there is no
way
> to put the system back into the state it was before the test ran. This
> should be handled as part of the testcase. At this point in time we make
> sure that this is the last test that gets run on that system.

Not sure what you mean - the test_selinux.sh script removes the test
policy module after running the tests. Also, Serge submitted patches to
automatically save, modify, and restore semanage.conf in test_selinux.sh
so that it doesn't require manual modification. test_selinux.sh could
also handle the setting and restoring of that boolean, although it needs
to gracefully proceed if that boolean happens to not exist in the
particular system being tested.

> Comment or questions?
> Jeff
> >
> > --Subrata
> >>> Regards--
> >>> Subrata
> >>>
> >>> On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote:
> >>>> On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote:
> >>>>> Here is a patch against this morning's ltp cvs snapshot to
implement
> >>>>> Stephen's suggestion of setting expand-check=0 for the duration of
> >>>>> the policy load. This allowed me to get rid of the hack
> >>>>> ++domain_type(test_create_no_t) in refpolicy/test_task_create.te,
also
> >>>>> done in this patch.
> >>>>>
> >>>>> (I think it also inlines a patch Stephen sent on jan 23 which
> >>>>> wasn't yet in ltp cvs)
> >>>
> >>>
> >>>
-------------------------------------------------------------------------
> >>> This SF.net email is sponsored by: Microsoft
> >>> Defy all challenges. Microsoft(R) Visual Studio 2008.
> >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >>> _______________________________________________
> >>> Ltp-list mailing list
> >>> Ltp-list@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/ltp-list
> >
> >
--
Stephen Smalley
National Security Agency