Menu
▾
▴
[Audit-test-developer] [PATCH v3 1/5] audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux
|
From: AKASHI T. <tak...@li...> - 2014-07-23 07:38:29
|
Current makefile uses DISTRO(== SUSE) to keep SE-Linux related programs
from being compiled and executed. This is incovenient for other
ditributions or rootfs build tools, like Buildroot and OpenEmbedded.
This patch introduces LSM_SELINUX instead to do the same thing.
Signed-off-by: AKASHI Takahiro <tak...@li...>
---
audit-test/filter/run.conf | 2 ++
audit-test/rules.mk | 9 +++++----
audit-test/utils/Makefile | 7 ++++++-
audit-test/utils/bin/Makefile | 2 +-
audit-test/utils/bin/do_creat.c | 4 ++--
audit-test/utils/bin/do_mkdir.c | 4 ++--
audit-test/utils/bin/do_mkdirat.c | 4 ++--
audit-test/utils/bin/do_mknod.c | 4 ++--
audit-test/utils/bin/do_mknodat.c | 4 ++--
audit-test/utils/bin/do_mq_open.c | 4 ++--
audit-test/utils/bin/do_open.c | 4 ++--
audit-test/utils/bin/do_openat.c | 4 ++--
audit-test/utils/bin/do_symlink.c | 4 ++--
audit-test/utils/bin/do_symlinkat.c | 4 ++--
audit-test/utils/run.bash | 8 ++++++--
15 files changed, 40 insertions(+), 28 deletions(-)
diff --git a/audit-test/filter/run.conf b/audit-test/filter/run.conf
index 3ac111a..6d46786 100644
--- a/audit-test/filter/run.conf
+++ b/audit-test/filter/run.conf
@@ -79,11 +79,13 @@ fi
+ class_write
+ class_exec
+ class_attr
+if [[ $LSM_SELINUX == true ]]; then
+ secontext subj_sen
+ secontext subj_clr
+ secontext subj_role
+ secontext obj_lev_low
+ secontext obj_lev_high_base
+fi
if [[ $PPROFILE == lspp ]]; then
+ secontext obj_lev_high_mls
fi
diff --git a/audit-test/rules.mk b/audit-test/rules.mk
index fd2f8a5..509b288 100644
--- a/audit-test/rules.mk
+++ b/audit-test/rules.mk
@@ -75,13 +75,14 @@ RELEASE = $(wildcard /etc/*-release)
ifeq (SuSE, $(findstring SuSE, $(RELEASE)))
CFLAGS +=-DSUSE
export DISTRO=SUSE
-endif
-ifeq (fedora, $(findstring fedora, $(RELEASE)))
-CFLAGS +=-DFEDORA
+else ifeq (fedora, $(findstring fedora, $(RELEASE)))
+CFLAGS +="-DFEDORA -DLSM_SELINUX"
export DISTRO=FEDORA
+export LSM_SELINUX=true
else ifeq (redhat, $(findstring redhat, $(RELEASE)))
-CFLAGS +=-DRHEL
+CFLAGS +="-DRHEL -DLSM_SELINUX"
export DISTRO=RHEL
+export LSM_SELINUX=true
endif
ifeq (s390x, $(findstring s390x, $(MACHINE)))
diff --git a/audit-test/utils/Makefile b/audit-test/utils/Makefile
index 489d98b..52b9f38 100644
--- a/audit-test/utils/Makefile
+++ b/audit-test/utils/Makefile
@@ -18,14 +18,19 @@
TOPDIR = ..
UTILSDIR = .
CPPFLAGS += -I$(UTILSDIR)/include
+ifeq ($(LSM_SELINUX), true)
LDLIBS += -lselinux
UTILS_EXE = test_context \
test_setcon
+endif
ALL_EXE = $(UTILS_EXE)
-SUB_DIRS = bin network-server
+SUB_DIRS = bin
+ifeq ($(LSM_SELINUX), true)
+SUB_DIRS += network-server
+endif
include $(TOPDIR)/rules.mk
diff --git a/audit-test/utils/bin/Makefile b/audit-test/utils/bin/Makefile
index 098d46c..42b94ea 100644
--- a/audit-test/utils/bin/Makefile
+++ b/audit-test/utils/bin/Makefile
@@ -193,7 +193,7 @@ ALL_EXE += $(ONLY86_EXE)
endif
$(CAPS_EXE): LDLIBS += -lcap
-ifneq ($(DISTRO), SUSE)
+ifeq ($(LSM_SELINUX), true)
$(CREATE_EXE): LDLIBS += -lselinux
$(MQ_EXE): LDLIBS += -lrt -lselinux
else
diff --git a/audit-test/utils/bin/do_creat.c b/audit-test/utils/bin/do_creat.c
index 85b31fb..81b0686 100644
--- a/audit-test/utils/bin/do_creat.c
+++ b/audit-test/utils/bin/do_creat.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -27,7 +27,7 @@ int main(int argc, char **argv)
return 1;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
perror("do_creat: setfscreatecon");
return 1;
diff --git a/audit-test/utils/bin/do_mkdir.c b/audit-test/utils/bin/do_mkdir.c
index f06f394..d601903 100644
--- a/audit-test/utils/bin/do_mkdir.c
+++ b/audit-test/utils/bin/do_mkdir.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -27,7 +27,7 @@ int main(int argc, char **argv)
return 1;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
perror("do_mkdir: setfscreatecon");
return 1;
diff --git a/audit-test/utils/bin/do_mkdirat.c b/audit-test/utils/bin/do_mkdirat.c
index 67d5ac9..5a6e54f 100644
--- a/audit-test/utils/bin/do_mkdirat.c
+++ b/audit-test/utils/bin/do_mkdirat.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -28,7 +28,7 @@ int main(int argc, char **argv)
return TEST_ERROR;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
perror("do_mkdirat: setfscreatecon");
return TEST_ERROR;
diff --git a/audit-test/utils/bin/do_mknod.c b/audit-test/utils/bin/do_mknod.c
index 07ca554..c12c76d 100644
--- a/audit-test/utils/bin/do_mknod.c
+++ b/audit-test/utils/bin/do_mknod.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -27,7 +27,7 @@ int main(int argc, char **argv)
return 1;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
perror("do_mknod: setfscreatecon");
return 1;
diff --git a/audit-test/utils/bin/do_mknodat.c b/audit-test/utils/bin/do_mknodat.c
index 5acb057..7e9ea2c 100644
--- a/audit-test/utils/bin/do_mknodat.c
+++ b/audit-test/utils/bin/do_mknodat.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -31,7 +31,7 @@ int main(int argc, char **argv)
dir_fd = open(argv[1], O_DIRECTORY);
if (dir_fd < 0)
return TEST_ERROR;
-#ifndef SUSE
+#ifdef LSM_SELINUX
if (argc == 4 && setfscreatecon(argv[3]) < 0) {
perror("do_mknodat: setfscreatecon");
return TEST_ERROR;
diff --git a/audit-test/utils/bin/do_mq_open.c b/audit-test/utils/bin/do_mq_open.c
index 25adc8b..8d0ec9d 100644
--- a/audit-test/utils/bin/do_mq_open.c
+++ b/audit-test/utils/bin/do_mq_open.c
@@ -15,7 +15,7 @@
#include "includes.h"
#include <mqueue.h>
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -45,7 +45,7 @@ int main(int argc, char **argv)
return 1;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
perror("do_mq_open: setfscreatecon");
return 1;
diff --git a/audit-test/utils/bin/do_open.c b/audit-test/utils/bin/do_open.c
index 1068461..781f6f9 100644
--- a/audit-test/utils/bin/do_open.c
+++ b/audit-test/utils/bin/do_open.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -46,7 +46,7 @@ int main(int argc, char **argv)
return 1;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
perror("do_open: setfscreatecon");
return 1;
diff --git a/audit-test/utils/bin/do_openat.c b/audit-test/utils/bin/do_openat.c
index 43da725..6205406 100644
--- a/audit-test/utils/bin/do_openat.c
+++ b/audit-test/utils/bin/do_openat.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -53,7 +53,7 @@ int main(int argc, char **argv)
perror("do_openat: open dirfd");
return TEST_ERROR;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if (argc == 5 && setfscreatecon(argv[4]) < 0) {
perror("do_openat: setfscreatecon");
return TEST_ERROR;
diff --git a/audit-test/utils/bin/do_symlink.c b/audit-test/utils/bin/do_symlink.c
index 75dfe0b..d902493 100644
--- a/audit-test/utils/bin/do_symlink.c
+++ b/audit-test/utils/bin/do_symlink.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -27,7 +27,7 @@ int main(int argc, char **argv)
return 1;
}
-#ifndef SUSE
+#ifdef LSM_SELINUX
if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
perror("do_symlink: setfscreatecon");
return 1;
diff --git a/audit-test/utils/bin/do_symlinkat.c b/audit-test/utils/bin/do_symlinkat.c
index 9e67a28..1829dcf 100644
--- a/audit-test/utils/bin/do_symlinkat.c
+++ b/audit-test/utils/bin/do_symlinkat.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-#ifndef SUSE
+#ifdef LSM_SELINUX
#include <selinux/selinux.h>
#endif
@@ -32,7 +32,7 @@ int main(int argc, char **argv)
dir_fd = open(argv[1], O_DIRECTORY);
if (dir_fd < 0)
return TEST_ERROR;
-#ifndef SUSE
+#ifdef LSM_SELINUX
if (argc == 5 && setfscreatecon(argv[4]) < 0) {
perror("do_symlinkat: setfscreatecon");
return TEST_ERROR;
diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
index a2a5da6..ca7aad7 100755
--- a/audit-test/utils/run.bash
+++ b/audit-test/utils/run.bash
@@ -463,11 +463,15 @@ function show_header {
printf "%-32s %s\n" Mode: "${MODE:-(native)}"
printf "%-32s %s\n" Hostname: "$(uname -n)"
printf "%-32s %s\n" Profile: "$PPROFILE"
- printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)"
+ if [[ $LSM_SELINUX == true ]] ; then
+ printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)"
+ fi
if [[ $PPROFILE == lspp ]] ; then
printf "%-32s %s\n" "lspp_test policy version:" "$(semodule -l | grep lspp_test | awk '{print $2}')"
fi
- printf "\n%s\n" "$(sestatus)"
+ if [[ $LSM_SELINUX == true ]] ; then
+ printf "\n%s\n" "$(sestatus)"
+ fi
echo
} | tee $opt_logdir/$header_log
}
--
1.7.9.5
|
