Menu
▾
▴
Re: [Audit-test-developer] [PATCH v4 1/5] audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux
|
From: Miroslav V. <mva...@re...> - 2014-07-25 13:01:23
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
thanks for the patches.
On 07/24/2014 08:02 AM, AKASHI Takahiro wrote:
> Current makefile uses DISTRO(== SUSE) to keep SE-Linux related programs from being compiled and
> executed. This is incovenient for other ditributions or rootfs build tools, like Buildroot and
> OpenEmbedded.
>
> This patch introduces LSM_SELINUX instead to do the same thing.
>
> Signed-off-by: AKASHI Takahiro <tak...@li...> --- audit-test/filter/run.conf
> | 2 ++ audit-test/rules.mk | 9 +++++---- audit-test/utils/Makefile
> | 7 ++++++- audit-test/utils/bin/Makefile | 2 +- audit-test/utils/bin/do_creat.c
> | 4 ++-- audit-test/utils/bin/do_mkdir.c | 4 ++-- audit-test/utils/bin/do_mkdirat.c
> | 4 ++-- audit-test/utils/bin/do_mknod.c | 4 ++-- audit-test/utils/bin/do_mknodat.c
> | 4 ++-- audit-test/utils/bin/do_mq_open.c | 4 ++-- audit-test/utils/bin/do_open.c
> | 4 ++-- audit-test/utils/bin/do_openat.c | 4 ++-- audit-test/utils/bin/do_symlink.c
> | 4 ++-- audit-test/utils/bin/do_symlinkat.c | 4 ++-- audit-test/utils/run.bash
> | 8 ++++++-- 15 files changed, 40 insertions(+), 28 deletions(-)
>
> diff --git a/audit-test/filter/run.conf b/audit-test/filter/run.conf index 3ac111a..d52cf00
> 100644 --- a/audit-test/filter/run.conf +++ b/audit-test/filter/run.conf @@ -79,11 +79,13 @@
> fi + class_write + class_exec + class_attr +if [[ $LSM_SELINUX ]]; then + secontext subj_sen +
> secontext subj_clr + secontext subj_role + secontext obj_lev_low + secontext obj_lev_high_base
> +fi if [[ $PPROFILE == lspp ]]; then + secontext obj_lev_high_mls fi diff --git
> a/audit-test/rules.mk b/audit-test/rules.mk index fd2f8a5..49c0df2 100644 ---
> a/audit-test/rules.mk +++ b/audit-test/rules.mk @@ -75,13 +75,14 @@ RELEASE = $(wildcard
> /etc/*-release) ifeq (SuSE, $(findstring SuSE, $(RELEASE))) CFLAGS +=-DSUSE export DISTRO=SUSE
> -endif -ifeq (fedora, $(findstring fedora, $(RELEASE))) -CFLAGS +=-DFEDORA +else ifeq (fedora,
> $(findstring fedora, $(RELEASE))) +CFLAGS +="-DFEDORA -DLSM_SELINUX"
This will not work, you need to omit the double quotes, the compiler will silently ignore
those CFLAGS:
cc -g -O2 -Wall -Werror -D_GNU_SOURCE -fno-strict-aliasing "-DRHEL -DLSM_SELINUX" -I../include
do_creat.c -lselinux -o do_creat
will you correct these small typos or should we do it?
With these corrections all test pass also in MLS:
TALLIED RESULTS
1049 pass (100%)
0 fail (0%)
0 error (0%)
- ------------------
1049 total
Best regards,
/M
> export DISTRO=FEDORA +export LSM_SELINUX=1 else ifeq (redhat, $(findstring redhat,
> $(RELEASE))) -CFLAGS +=-DRHEL +CFLAGS +="-DRHEL -DLSM_SELINUX" export DISTRO=RHEL +export
> LSM_SELINUX=1 endif
>
> ifeq (s390x, $(findstring s390x, $(MACHINE))) diff --git a/audit-test/utils/Makefile
> b/audit-test/utils/Makefile index 489d98b..f43b0f1 100644 --- a/audit-test/utils/Makefile +++
> b/audit-test/utils/Makefile @@ -18,14 +18,19 @@ TOPDIR = .. UTILSDIR = . CPPFLAGS +=
> -I$(UTILSDIR)/include +ifdef LSM_SELINUX LDLIBS += -lselinux
>
> UTILS_EXE = test_context \ test_setcon +endif
>
> ALL_EXE = $(UTILS_EXE)
>
> -SUB_DIRS = bin network-server +SUB_DIRS = bin +ifdef LSM_SELINUX +SUB_DIRS += network-server
> +endif
>
> include $(TOPDIR)/rules.mk
>
> diff --git a/audit-test/utils/bin/Makefile b/audit-test/utils/bin/Makefile index
> 098d46c..654ef9c 100644 --- a/audit-test/utils/bin/Makefile +++
> b/audit-test/utils/bin/Makefile @@ -193,7 +193,7 @@ ALL_EXE += $(ONLY86_EXE) endif
>
> $(CAPS_EXE): LDLIBS += -lcap -ifneq ($(DISTRO), SUSE) +ifdef LSM_SELINUX $(CREATE_EXE): LDLIBS
> += -lselinux $(MQ_EXE): LDLIBS += -lrt -lselinux else diff --git
> a/audit-test/utils/bin/do_creat.c b/audit-test/utils/bin/do_creat.c index 85b31fb..81b0686
> 100644 --- a/audit-test/utils/bin/do_creat.c +++ b/audit-test/utils/bin/do_creat.c @@ -14,7
> +14,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv) return 1; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_creat: setfscreatecon"); return 1; diff --git a/audit-test/utils/bin/do_mkdir.c
> b/audit-test/utils/bin/do_mkdir.c index f06f394..d601903 100644 ---
> a/audit-test/utils/bin/do_mkdir.c +++ b/audit-test/utils/bin/do_mkdir.c @@ -14,7 +14,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv) return 1; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_mkdir: setfscreatecon"); return 1; diff --git a/audit-test/utils/bin/do_mkdirat.c
> b/audit-test/utils/bin/do_mkdirat.c index 67d5ac9..5a6e54f 100644 ---
> a/audit-test/utils/bin/do_mkdirat.c +++ b/audit-test/utils/bin/do_mkdirat.c @@ -14,7 +14,7 @@
> */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -28,7 +28,7 @@ int main(int argc, char **argv) return TEST_ERROR; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_mkdirat: setfscreatecon"); return TEST_ERROR; diff --git
> a/audit-test/utils/bin/do_mknod.c b/audit-test/utils/bin/do_mknod.c index 07ca554..c12c76d
> 100644 --- a/audit-test/utils/bin/do_mknod.c +++ b/audit-test/utils/bin/do_mknod.c @@ -14,7
> +14,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv) return 1; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 2) && (setfscreatecon(argv[2]) < 0)) {
> perror("do_mknod: setfscreatecon"); return 1; diff --git a/audit-test/utils/bin/do_mknodat.c
> b/audit-test/utils/bin/do_mknodat.c index 5acb057..7e9ea2c 100644 ---
> a/audit-test/utils/bin/do_mknodat.c +++ b/audit-test/utils/bin/do_mknodat.c @@ -14,7 +14,7 @@
> */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -31,7 +31,7 @@ int main(int argc, char **argv) dir_fd = open(argv[1], O_DIRECTORY); if
> (dir_fd < 0) return TEST_ERROR; -#ifndef SUSE +#ifdef LSM_SELINUX if (argc == 4 &&
> setfscreatecon(argv[3]) < 0) { perror("do_mknodat: setfscreatecon"); return TEST_ERROR; diff
> --git a/audit-test/utils/bin/do_mq_open.c b/audit-test/utils/bin/do_mq_open.c index
> 25adc8b..8d0ec9d 100644 --- a/audit-test/utils/bin/do_mq_open.c +++
> b/audit-test/utils/bin/do_mq_open.c @@ -15,7 +15,7 @@
>
> #include "includes.h" #include <mqueue.h> -#ifndef SUSE +#ifdef LSM_SELINUX #include
> <selinux/selinux.h> #endif
>
> @@ -45,7 +45,7 @@ int main(int argc, char **argv) return 1; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_mq_open: setfscreatecon"); return 1; diff --git a/audit-test/utils/bin/do_open.c
> b/audit-test/utils/bin/do_open.c index 1068461..781f6f9 100644 ---
> a/audit-test/utils/bin/do_open.c +++ b/audit-test/utils/bin/do_open.c @@ -14,7 +14,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -46,7 +46,7 @@ int main(int argc, char **argv) return 1; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_open: setfscreatecon"); return 1; diff --git a/audit-test/utils/bin/do_openat.c
> b/audit-test/utils/bin/do_openat.c index 43da725..6205406 100644 ---
> a/audit-test/utils/bin/do_openat.c +++ b/audit-test/utils/bin/do_openat.c @@ -14,7 +14,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -53,7 +53,7 @@ int main(int argc, char **argv) perror("do_openat: open dirfd"); return
> TEST_ERROR; } -#ifndef SUSE +#ifdef LSM_SELINUX if (argc == 5 && setfscreatecon(argv[4]) < 0)
> { perror("do_openat: setfscreatecon"); return TEST_ERROR; diff --git
> a/audit-test/utils/bin/do_symlink.c b/audit-test/utils/bin/do_symlink.c index 75dfe0b..d902493
> 100644 --- a/audit-test/utils/bin/do_symlink.c +++ b/audit-test/utils/bin/do_symlink.c @@ -14,7
> +14,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -27,7 +27,7 @@ int main(int argc, char **argv) return 1; }
>
> -#ifndef SUSE +#ifdef LSM_SELINUX if ((argc > 3) && (setfscreatecon(argv[3]) < 0)) {
> perror("do_symlink: setfscreatecon"); return 1; diff --git
> a/audit-test/utils/bin/do_symlinkat.c b/audit-test/utils/bin/do_symlinkat.c index
> 9e67a28..1829dcf 100644 --- a/audit-test/utils/bin/do_symlinkat.c +++
> b/audit-test/utils/bin/do_symlinkat.c @@ -15,7 +15,7 @@ */
>
> #include "includes.h" -#ifndef SUSE +#ifdef LSM_SELINUX #include <selinux/selinux.h> #endif
>
> @@ -32,7 +32,7 @@ int main(int argc, char **argv) dir_fd = open(argv[1], O_DIRECTORY); if
> (dir_fd < 0) return TEST_ERROR; -#ifndef SUSE +#ifdef LSM_SELINUX if (argc == 5 &&
> setfscreatecon(argv[4]) < 0) { perror("do_symlinkat: setfscreatecon"); return TEST_ERROR; diff
> --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash index a2a5da6..721e744 100755 ---
> a/audit-test/utils/run.bash +++ b/audit-test/utils/run.bash @@ -463,11 +463,15 @@ function
> show_header { printf "%-32s %s\n" Mode: "${MODE:-(native)}" printf "%-32s %s\n" Hostname:
> "$(uname -n)" printf "%-32s %s\n" Profile: "$PPROFILE" - printf "%-32s %s\n"
> "selinux-policy version:" "$(rpm -q selinux-policy)" + if [[ $LSM_SELINUX ]] ; then +
> printf "%-32s %s\n" "selinux-policy version:" "$(rpm -q selinux-policy)" + fi if [[
> $PPROFILE == lspp ]] ; then printf "%-32s %s\n" "lspp_test policy version:" "$(semodule -l |
> grep lspp_test | awk '{print $2}')" fi - printf "\n%s\n" "$(sestatus)" + if [[
> $LSM_SELINUX ]] ; then + printf "\n%s\n" "$(sestatus)" + fi echo } | tee
> $opt_logdir/$header_log }
>
- --
Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security
Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440
IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu
Red Hat s.r.o, Purky?ova 99/71, 612 45, Brno, Czech Republic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJT0lUTAAoJEBliWhMliBCHaOcIAJ3Xe7zNoZy+mSIFo+Krax4c
hxOXQuR2UiBTowiC78vNWxoCG0u1sN2iSM76O4UTNwQ2ILIF4tOpFYE8d2/K+xke
zsLG+vTUbaTIRO0TEyl6V42Kpmrj5KVW4ipEiic/EQhHgKoMmNxVb2jL9ZACoOgm
pzIqjjw3atjN5A+MnBqna+G3542cP/rhjCJn5J6eD7aPkT/iNB0sPfWjH2BYXMaW
ZPoWh3jUhhFzP0+lCkbSbs7GnPtEnDlPH9uBcGA5W+ftHMyVwLOlPYxeSRxv5BDW
ZhDd18Gm/OYEl7AeGEdQKD2vcb1E8D4b5yXyYhT9+TxQVmJk4koghsDMRPpr4p0=
=xFXJ
-----END PGP SIGNATURE-----
|
