Menu
▾
▴
Re: [Audit-test-developer] [PATCH 1/5] audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux
|
From: Jiri J. <jja...@re...> - 2014-07-11 11:21:47
|
On 07/03/2014 09:45 AM, AKASHI Takahiro wrote:
> Current makefile uses DISTRO(== SUSE) to keep SE-Linux related programs
> from being compiled and executed. This is incovenient for other
> ditributions or rootfs build tools, like Buildroot and OpenEmbedded.
>
> This patch introduces LSM_SELINUX instead to do the same thing.
>
> Signed-off-by: AKASHI Takahiro <tak...@li...>
> ---
> audit-test/rules.mk | 14 ++++++++++----
> audit-test/utils/Makefile | 4 ++++
> audit-test/utils/bin/Makefile | 2 +-
> audit-test/utils/bin/do_creat.c | 4 ++--
> audit-test/utils/bin/do_mkdir.c | 4 ++--
> audit-test/utils/bin/do_mkdirat.c | 4 ++--
> audit-test/utils/bin/do_mknod.c | 4 ++--
> audit-test/utils/bin/do_mknodat.c | 4 ++--
> audit-test/utils/bin/do_mq_open.c | 4 ++--
> audit-test/utils/bin/do_open.c | 4 ++--
> audit-test/utils/bin/do_openat.c | 4 ++--
> audit-test/utils/bin/do_symlink.c | 4 ++--
> audit-test/utils/bin/do_symlinkat.c | 4 ++--
> audit-test/utils/run.bash | 8 ++++++--
> 14 files changed, 41 insertions(+), 27 deletions(-)
>
> diff --git a/audit-test/rules.mk b/audit-test/rules.mk
> index fd2f8a5..25c9758 100644
> --- a/audit-test/rules.mk
> +++ b/audit-test/rules.mk
> @@ -71,17 +71,23 @@ ifneq ($(MODE), $(NATIVE))
> LDFLAGS += -m64
> endif
> endif
> +export LSM_SELINUX=no
> RELEASE = $(wildcard /etc/*-release)
> ifeq (SuSE, $(findstring SuSE, $(RELEASE)))
> CFLAGS +=-DSUSE
> export DISTRO=SUSE
> -endif
> -ifeq (fedora, $(findstring fedora, $(RELEASE)))
> -CFLAGS +=-DFEDORA
> +else ifeq (fedora, $(findstring fedora, $(RELEASE)))
> +CFLAGS +="-DFEDORA -DLSM_SELINUX"
> export DISTRO=FEDORA
> +export LSM_SELINUX=yes
> else ifeq (redhat, $(findstring redhat, $(RELEASE)))
> -CFLAGS +=-DRHEL
> +CFLAGS +="-DRHEL -DLSM_SELINUX"
> export DISTRO=RHEL
> +export LSM_SELINUX=yes
> +else
> +# including Buildroot & OpenEmbedded
> +#CFLAGS +=-DDISTRO_MISC
> +export DISTRO=MISC
Out of curiosity - why do you define DISTRO=MISC as a fallback instead
of leaving it empty? The comment is not really clear on whether it's
required/useful for something. Why can't empty DISTRO be used?
(and possibly defined in other suites/buildroots if they require it)
Same with LSM_SELINUX - empty value is more compatible with cases like
"if [ "$LSM_SELINUX" ]; then ..."
> endif
>
> ifeq (s390x, $(findstring s390x, $(MACHINE)))
> diff --git a/audit-test/utils/Makefile b/audit-test/utils/Makefile
> index 489d98b..a285c45 100644
> --- a/audit-test/utils/Makefile
> +++ b/audit-test/utils/Makefile
> @@ -20,8 +20,12 @@ UTILSDIR = .
> CPPFLAGS += -I$(UTILSDIR)/include
> LDLIBS += -lselinux
>
> +ifeq ($(LSM_SELINUX), yes)
> UTILS_EXE = test_context \
> test_setcon
> +else
> +UTILS_EXE =
> +endif
>
> ALL_EXE = $(UTILS_EXE)
>
> diff --git a/audit-test/utils/bin/Makefile b/audit-test/utils/bin/Makefile
> index 098d46c..6c361e1 100644
> --- a/audit-test/utils/bin/Makefile
> +++ b/audit-test/utils/bin/Makefile
> @@ -193,7 +193,7 @@ ALL_EXE += $(ONLY86_EXE)
> endif
>
> $(CAPS_EXE): LDLIBS += -lcap
> -ifneq ($(DISTRO), SUSE)
> +ifeq ($(LSM_SELINUX), yes)
> $(CREATE_EXE): LDLIBS += -lselinux
> $(MQ_EXE): LDLIBS += -lrt -lselinux
> else
> diff --git a/audit-test/utils/bin/do_creat.c b/audit-test/utils/bin/do_creat.c
> index 85b31fb..81b0686 100644
> --- a/audit-test/utils/bin/do_creat.c
> +++ b/audit-test/utils/bin/do_creat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_creat: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_mkdir.c b/audit-test/utils/bin/do_mkdir.c
> index f06f394..d601903 100644
> --- a/audit-test/utils/bin/do_mkdir.c
> +++ b/audit-test/utils/bin/do_mkdir.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_mkdir: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_mkdirat.c b/audit-test/utils/bin/do_mkdirat.c
> index 67d5ac9..5a6e54f 100644
> --- a/audit-test/utils/bin/do_mkdirat.c
> +++ b/audit-test/utils/bin/do_mkdirat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -28,7 +28,7 @@ int main(int argc, char **argv)
> return TEST_ERROR;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_mkdirat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/bin/do_mknod.c b/audit-test/utils/bin/do_mknod.c
> index 07ca554..c12c76d 100644
> --- a/audit-test/utils/bin/do_mknod.c
> +++ b/audit-test/utils/bin/do_mknod.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_mknod: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_mknodat.c b/audit-test/utils/bin/do_mknodat.c
> index 5acb057..7e9ea2c 100644
> --- a/audit-test/utils/bin/do_mknodat.c
> +++ b/audit-test/utils/bin/do_mknodat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -31,7 +31,7 @@ int main(int argc, char **argv)
> dir_fd = open(argv[1], O_DIRECTORY);
> if (dir_fd < 0)
> return TEST_ERROR;
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if (argc == 4 && setfscreatecon(argv[3]) < 0) {
> perror("do_mknodat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/bin/do_mq_open.c b/audit-test/utils/bin/do_mq_open.c
> index 25adc8b..8d0ec9d 100644
> --- a/audit-test/utils/bin/do_mq_open.c
> +++ b/audit-test/utils/bin/do_mq_open.c
> @@ -15,7 +15,7 @@
>
> #include "includes.h"
> #include <mqueue.h>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -45,7 +45,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_mq_open: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_open.c b/audit-test/utils/bin/do_open.c
> index 1068461..781f6f9 100644
> --- a/audit-test/utils/bin/do_open.c
> +++ b/audit-test/utils/bin/do_open.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -46,7 +46,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_open: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_openat.c b/audit-test/utils/bin/do_openat.c
> index 43da725..6205406 100644
> --- a/audit-test/utils/bin/do_openat.c
> +++ b/audit-test/utils/bin/do_openat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -53,7 +53,7 @@ int main(int argc, char **argv)
> perror("do_openat: open dirfd");
> return TEST_ERROR;
> }
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if (argc == 5 && setfscreatecon(argv[4]) < 0) {
> perror("do_openat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/bin/do_symlink.c b/audit-test/utils/bin/do_symlink.c
> index 75dfe0b..d902493 100644
> --- a/audit-test/utils/bin/do_symlink.c
> +++ b/audit-test/utils/bin/do_symlink.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_symlink: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_symlinkat.c b/audit-test/utils/bin/do_symlinkat.c
> index 9e67a28..1829dcf 100644
> --- a/audit-test/utils/bin/do_symlinkat.c
> +++ b/audit-test/utils/bin/do_symlinkat.c
> @@ -15,7 +15,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -32,7 +32,7 @@ int main(int argc, char **argv)
> dir_fd = open(argv[1], O_DIRECTORY);
> if (dir_fd < 0)
> return TEST_ERROR;
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if (argc == 5 && setfscreatecon(argv[4]) < 0) {
> perror("do_symlinkat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
> index a2a5da6..629e0a3 100755
> --- a/audit-test/utils/run.bash
> +++ b/audit-test/utils/run.bash
> @@ -463,11 +463,15 @@ function show_header {
> printf "%-32s %s\n" Mode: "${MODE:-(native)}"
> printf "%-32s %s\n" Hostname: "$(uname -n)"
> printf "%-32s %s\n" Profile: "$PPROFILE"
> - printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)"
> + if [[ $LSM_SELINUX == yes ]] ; then
> + printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)"
> + fi
> if [[ $PPROFILE == lspp ]] ; then
> printf "%-32s %s\n" "lspp_test policy version:" "$(semodule -l | grep lspp_test | awk '{print $2}')"
> fi
> - printf "\n%s\n" "$(sestatus)"
> + if [[ $LSM_SELINUX == yes ]] ; then
> + printf "\n%s\n" "$(sestatus)"
> + fi
> echo
> } | tee $opt_logdir/$header_log
> }
>
|
