Menu
▾
▴
Re: [Audit-test-developer] [PATCH v3 1/5] audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux
|
From: Jiri J. <jja...@re...> - 2014-07-23 08:41:00
|
On 07/23/2014 09:37 AM, AKASHI Takahiro wrote:
> Current makefile uses DISTRO(== SUSE) to keep SE-Linux related programs
> from being compiled and executed. This is incovenient for other
> ditributions or rootfs build tools, like Buildroot and OpenEmbedded.
>
> This patch introduces LSM_SELINUX instead to do the same thing.
>
> Signed-off-by: AKASHI Takahiro <tak...@li...>
> ---
> audit-test/filter/run.conf | 2 ++
> audit-test/rules.mk | 9 +++++----
> audit-test/utils/Makefile | 7 ++++++-
> audit-test/utils/bin/Makefile | 2 +-
> audit-test/utils/bin/do_creat.c | 4 ++--
> audit-test/utils/bin/do_mkdir.c | 4 ++--
> audit-test/utils/bin/do_mkdirat.c | 4 ++--
> audit-test/utils/bin/do_mknod.c | 4 ++--
> audit-test/utils/bin/do_mknodat.c | 4 ++--
> audit-test/utils/bin/do_mq_open.c | 4 ++--
> audit-test/utils/bin/do_open.c | 4 ++--
> audit-test/utils/bin/do_openat.c | 4 ++--
> audit-test/utils/bin/do_symlink.c | 4 ++--
> audit-test/utils/bin/do_symlinkat.c | 4 ++--
> audit-test/utils/run.bash | 8 ++++++--
> 15 files changed, 40 insertions(+), 28 deletions(-)
>
> diff --git a/audit-test/filter/run.conf b/audit-test/filter/run.conf
> index 3ac111a..6d46786 100644
> --- a/audit-test/filter/run.conf
> +++ b/audit-test/filter/run.conf
> @@ -79,11 +79,13 @@ fi
> + class_write
> + class_exec
> + class_attr
> +if [[ $LSM_SELINUX == true ]]; then
> + secontext subj_sen
> + secontext subj_clr
> + secontext subj_role
> + secontext obj_lev_low
> + secontext obj_lev_high_base
> +fi
> if [[ $PPROFILE == lspp ]]; then
> + secontext obj_lev_high_mls
> fi
> diff --git a/audit-test/rules.mk b/audit-test/rules.mk
> index fd2f8a5..509b288 100644
> --- a/audit-test/rules.mk
> +++ b/audit-test/rules.mk
> @@ -75,13 +75,14 @@ RELEASE = $(wildcard /etc/*-release)
> ifeq (SuSE, $(findstring SuSE, $(RELEASE)))
> CFLAGS +=-DSUSE
> export DISTRO=SUSE
> -endif
> -ifeq (fedora, $(findstring fedora, $(RELEASE)))
> -CFLAGS +=-DFEDORA
> +else ifeq (fedora, $(findstring fedora, $(RELEASE)))
> +CFLAGS +="-DFEDORA -DLSM_SELINUX"
> export DISTRO=FEDORA
> +export LSM_SELINUX=true
> else ifeq (redhat, $(findstring redhat, $(RELEASE)))
> -CFLAGS +=-DRHEL
> +CFLAGS +="-DRHEL -DLSM_SELINUX"
> export DISTRO=RHEL
> +export LSM_SELINUX=true
> endif
>
> ifeq (s390x, $(findstring s390x, $(MACHINE)))
> diff --git a/audit-test/utils/Makefile b/audit-test/utils/Makefile
> index 489d98b..52b9f38 100644
> --- a/audit-test/utils/Makefile
> +++ b/audit-test/utils/Makefile
> @@ -18,14 +18,19 @@
> TOPDIR = ..
> UTILSDIR = .
> CPPFLAGS += -I$(UTILSDIR)/include
> +ifeq ($(LSM_SELINUX), true)
You missed the point. :)
The ifdef / simple [[ $var ]] works and IMHO should be used,
the variable just needs to be nonempty.
ie.
export LSM_SELINUX=1
ifdef LSM_SELINUX
...
endif
if [[ "$LSM_SELINUX" ]]; then
...
fi
> LDLIBS += -lselinux
>
> UTILS_EXE = test_context \
> test_setcon
> +endif
>
> ALL_EXE = $(UTILS_EXE)
>
> -SUB_DIRS = bin network-server
> +SUB_DIRS = bin
> +ifeq ($(LSM_SELINUX), true)
> +SUB_DIRS += network-server
> +endif
>
> include $(TOPDIR)/rules.mk
>
> diff --git a/audit-test/utils/bin/Makefile b/audit-test/utils/bin/Makefile
> index 098d46c..42b94ea 100644
> --- a/audit-test/utils/bin/Makefile
> +++ b/audit-test/utils/bin/Makefile
> @@ -193,7 +193,7 @@ ALL_EXE += $(ONLY86_EXE)
> endif
>
> $(CAPS_EXE): LDLIBS += -lcap
> -ifneq ($(DISTRO), SUSE)
> +ifeq ($(LSM_SELINUX), true)
> $(CREATE_EXE): LDLIBS += -lselinux
> $(MQ_EXE): LDLIBS += -lrt -lselinux
> else
> diff --git a/audit-test/utils/bin/do_creat.c b/audit-test/utils/bin/do_creat.c
> index 85b31fb..81b0686 100644
> --- a/audit-test/utils/bin/do_creat.c
> +++ b/audit-test/utils/bin/do_creat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_creat: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_mkdir.c b/audit-test/utils/bin/do_mkdir.c
> index f06f394..d601903 100644
> --- a/audit-test/utils/bin/do_mkdir.c
> +++ b/audit-test/utils/bin/do_mkdir.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_mkdir: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_mkdirat.c b/audit-test/utils/bin/do_mkdirat.c
> index 67d5ac9..5a6e54f 100644
> --- a/audit-test/utils/bin/do_mkdirat.c
> +++ b/audit-test/utils/bin/do_mkdirat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -28,7 +28,7 @@ int main(int argc, char **argv)
> return TEST_ERROR;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_mkdirat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/bin/do_mknod.c b/audit-test/utils/bin/do_mknod.c
> index 07ca554..c12c76d 100644
> --- a/audit-test/utils/bin/do_mknod.c
> +++ b/audit-test/utils/bin/do_mknod.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_mknod: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_mknodat.c b/audit-test/utils/bin/do_mknodat.c
> index 5acb057..7e9ea2c 100644
> --- a/audit-test/utils/bin/do_mknodat.c
> +++ b/audit-test/utils/bin/do_mknodat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -31,7 +31,7 @@ int main(int argc, char **argv)
> dir_fd = open(argv[1], O_DIRECTORY);
> if (dir_fd < 0)
> return TEST_ERROR;
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if (argc == 4 && setfscreatecon(argv[3]) < 0) {
> perror("do_mknodat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/bin/do_mq_open.c b/audit-test/utils/bin/do_mq_open.c
> index 25adc8b..8d0ec9d 100644
> --- a/audit-test/utils/bin/do_mq_open.c
> +++ b/audit-test/utils/bin/do_mq_open.c
> @@ -15,7 +15,7 @@
>
> #include "includes.h"
> #include <mqueue.h>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -45,7 +45,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_mq_open: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_open.c b/audit-test/utils/bin/do_open.c
> index 1068461..781f6f9 100644
> --- a/audit-test/utils/bin/do_open.c
> +++ b/audit-test/utils/bin/do_open.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -46,7 +46,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_open: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_openat.c b/audit-test/utils/bin/do_openat.c
> index 43da725..6205406 100644
> --- a/audit-test/utils/bin/do_openat.c
> +++ b/audit-test/utils/bin/do_openat.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -53,7 +53,7 @@ int main(int argc, char **argv)
> perror("do_openat: open dirfd");
> return TEST_ERROR;
> }
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if (argc == 5 && setfscreatecon(argv[4]) < 0) {
> perror("do_openat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/bin/do_symlink.c b/audit-test/utils/bin/do_symlink.c
> index 75dfe0b..d902493 100644
> --- a/audit-test/utils/bin/do_symlink.c
> +++ b/audit-test/utils/bin/do_symlink.c
> @@ -14,7 +14,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv)
> return 1;
> }
>
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_symlink: setfscreatecon");
> return 1;
> diff --git a/audit-test/utils/bin/do_symlinkat.c b/audit-test/utils/bin/do_symlinkat.c
> index 9e67a28..1829dcf 100644
> --- a/audit-test/utils/bin/do_symlinkat.c
> +++ b/audit-test/utils/bin/do_symlinkat.c
> @@ -15,7 +15,7 @@
> */
>
> #include "includes.h"
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> #include <selinux/selinux.h>
> #endif
>
> @@ -32,7 +32,7 @@ int main(int argc, char **argv)
> dir_fd = open(argv[1], O_DIRECTORY);
> if (dir_fd < 0)
> return TEST_ERROR;
> -#ifndef SUSE
> +#ifdef LSM_SELINUX
> if (argc == 5 && setfscreatecon(argv[4]) < 0) {
> perror("do_symlinkat: setfscreatecon");
> return TEST_ERROR;
> diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
> index a2a5da6..ca7aad7 100755
> --- a/audit-test/utils/run.bash
> +++ b/audit-test/utils/run.bash
> @@ -463,11 +463,15 @@ function show_header {
> printf "%-32s %s\n" Mode: "${MODE:-(native)}"
> printf "%-32s %s\n" Hostname: "$(uname -n)"
> printf "%-32s %s\n" Profile: "$PPROFILE"
> - printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)"
> + if [[ $LSM_SELINUX == true ]] ; then
> + printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)"
> + fi
> if [[ $PPROFILE == lspp ]] ; then
> printf "%-32s %s\n" "lspp_test policy version:" "$(semodule -l | grep lspp_test | awk '{print $2}')"
> fi
> - printf "\n%s\n" "$(sestatus)"
> + if [[ $LSM_SELINUX == true ]] ; then
> + printf "\n%s\n" "$(sestatus)"
> + fi
> echo
> } | tee $opt_logdir/$header_log
> }
>
|
