From: Garrett Cooper <yanegomi@gmail.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
ltp-list@lists.sourceforge.net
Subject: Re: [LTP] regression: selinux testsuite broken since October
Date: Wed, 13 Jan 2010 10:52:34 -0800 [thread overview]
Message-ID: <364299f41001131052s27019ebl53f4e3f76bb4598e@mail.gmail.com> (raw)
In-Reply-To: <1263390194.31509.4.camel@moss-pluto.epoch.ncsc.mil>
On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
>> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
>> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
>> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
>> >> > Make logic):
>> >> >
>> >> > Index: refpolicy/Makefile
>> >> > ===================================================================
>> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> >> > retrieving revision 1.12
>> >> > diff -u -r1.12 Makefile
>> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
>> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
>> >> > @@ -17,7 +17,7 @@
>> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
>> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>> >> > #
>> >> > -# Garrett Cooper, August 2009
>> >> > +# Garrett Cooper, January 2010
>> >> > #
>> >> >
>> >> > top_srcdir ?= ../../../../..
>> >> > @@ -32,6 +32,7 @@
>> >> >
>> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> >> >
>> >> > +# Avoid empty strings.
>> >> > ifeq ($(strip $(DISTRO_VER)),)
>> >> > DISTRO_VER := generic
>> >> > endif
>> >> > @@ -41,10 +42,17 @@
>> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>> >> >
>> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
>> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>> >> >
>> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >> >
>> >> > +# Do we have a special set of policies in the SCM to install?
>> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
>> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> > +else
>> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> > +endif
>> >> > +
>> >> > .PHONY: all clean cleanup install load
>> >> >
>> >> > CLEAN_DEPS := cleanup
>> >> > @@ -55,34 +63,24 @@
>> >> > -$(SEMODULE) -r test_policy
>> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>> >> >
>> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
>> >> > -MAKE_TARGETS :=
>> >> > -
>> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> > -
>> >> > -# load remains for backwards compatibility...
>> >> > -load:
>> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
>> >> > -else
>> >> > -
>> >> > MAKE_TARGETS := test_policy.te
>> >> >
>> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> > -
>> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
>> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> >> > -
>> >> > ifneq ($(CHECKPOLICY_VERS),24)
>> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
>> >> > endif
>> >> >
>> >> > +# This is being done to preserve precedence; test_global.te must come first.
>> >> > +POLICY_FILES := test_global.te \
>> >> > + $(filter-out test_global.te,$(notdir $(wildcard
>> >> > $(TEST_POLICY_DIR)/*.te)))
>> >> > +
>> >> > load:
>> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
>> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
>> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
>> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
>> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
>> >> > else \
>> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
>> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> >> > false; \
>> >> > fi
>> >>
>> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
>> >> be deleted as well, FYI...
>> >
>> > Ok. test policy appears to build (on Fedora) when running make by hand
>> > from the refpolicy directory, but you still can't run the tests, either
>> > from /opt/ltp or from the source tree.
>> >
>> > # cd /opt/ltp/testscripts && ./test_selinux.sh
>> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> > /etc/selinux /opt/ltp
>> > /opt/ltp
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > building and installing test_policy module...
>> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
>> > make: *** No rule to make target `load'. Stop.
>> > Failed to build and load test_policy module, aborting test run.
>> > /etc/selinux /opt/ltp
>> > /opt/ltp
>> >
>> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
>> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> > /etc/selinux /home/sds/ltp
>> > /home/sds/ltp
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > building and installing test_policy module...
>> > make[1]: Entering directory `/usr/share/selinux/devel'
>> > rm -fR tmp
>> > rm -f *.pp
>> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> > make[1]: Entering directory `/usr/share/selinux/devel'
>> > Compiling targeted test_policy module
>> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
>> > /usr/bin/checkmodule: policy configuration loaded
>> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
>> > Creating targeted test_policy.pp policy package
>> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
>> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> > Successfully built and loaded test_policy module.
>> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> > Running the SELinux testsuite...
>> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
>> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
>> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
>> > /usr/bin/chcon: missing operand
>> > Try `/usr/bin/chcon --help' for more information.
>> > Removing test_policy module...
>> > /usr/sbin/semodule -r test_policy
>> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > Done.
>> >
>> > Both test_selinux.sh and tests/runtest.sh need to be updated.
>> >
>> > --
>> > Stephen Smalley
>> > National Security Agency
>>
>> Ok, next patch then... Let me know how this goes (I took a quick
>> look and I didn't see anything suspicious in the test scripts
>> themselves..).
>> Thanks,
>> -Garrett
>
> patching file ../../../../testscripts/test_selinux.sh
> Hunk #2 FAILED at 23.
> Hunk #3 FAILED at 57.
> 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
>
> I think it would work better if you just committed all of the patches
> thus far and I can just re-test cvs head.
>
> If you do post any further patches, please make them relative to the top
> of the tree.
Ugh, I hate CVS diffs too (so I understand)... I was trying to
avoid committing intermediate work, but as long as this gets fixed
before the next snapshot, I guess that's fine. Committed the next step
to CVS.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next prev parent reply other threads:[~2010-01-13 18:53 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley
2010-01-06 17:18 ` Serge E. Hallyn
2010-01-07 9:04 ` Garrett Cooper
2010-01-06 18:50 ` Serge E. Hallyn
2010-01-07 19:40 ` Stephen Smalley
2010-01-08 18:20 ` Garrett Cooper
2010-01-08 18:45 ` Stephen Smalley
2010-01-08 18:50 ` Stephen Smalley
2010-01-08 21:38 ` Garrett Cooper
2010-01-08 22:00 ` Stephen Smalley
2010-01-08 22:08 ` Garrett Cooper
2010-01-09 7:27 ` Garrett Cooper
2010-01-11 19:12 ` Stephen Smalley
2010-01-11 19:50 ` Serge E. Hallyn
2010-01-11 19:55 ` Stephen Smalley
2010-01-11 20:19 ` Serge E. Hallyn
2010-01-11 20:58 ` Serge E. Hallyn
2010-01-11 21:00 ` Serge E. Hallyn
2010-01-11 21:31 ` Serge E. Hallyn
2010-01-12 8:36 ` Garrett Cooper
2010-01-12 13:16 ` Stephen Smalley
2010-01-12 16:55 ` Garrett Cooper
2010-01-12 17:19 ` Garrett Cooper
2010-01-12 17:24 ` Garrett Cooper
2010-01-12 17:26 ` Garrett Cooper
2010-01-12 19:12 ` Stephen Smalley
2010-01-13 6:51 ` Garrett Cooper
2010-01-13 6:54 ` Garrett Cooper
2010-01-13 13:43 ` Stephen Smalley
2010-01-13 18:52 ` Garrett Cooper [this message]
2010-01-13 19:18 ` Stephen Smalley
2010-01-13 19:37 ` Garrett Cooper
2010-01-13 19:49 ` Stephen Smalley
2010-01-13 21:58 ` Garrett Cooper
2010-01-13 22:00 ` Serge E. Hallyn
2010-01-13 22:03 ` Stephen Smalley
2010-01-13 22:49 ` Garrett Cooper
2010-01-14 14:07 ` Stephen Smalley
2010-01-14 20:10 ` Garrett Cooper
2010-01-14 20:35 ` Stephen Smalley
2010-01-14 20:44 ` Stephen Smalley
2010-01-14 21:29 ` Garrett Cooper
2010-01-14 21:32 ` Garrett Cooper
2010-01-14 21:59 ` Stephen Smalley
2010-01-14 22:31 ` Stephen Smalley
2010-01-15 4:22 ` Garrett Cooper
2010-01-15 4:44 ` Garrett Cooper
2010-01-15 14:11 ` Stephen Smalley
2010-01-15 14:17 ` Stephen Smalley
2010-01-12 8:29 ` Garrett Cooper
2010-01-12 13:00 ` Stephen Smalley
2010-01-12 15:38 ` Serge E. Hallyn
2010-01-12 16:56 ` Garrett Cooper
2010-01-12 18:51 ` Stephen Smalley
2010-01-15 17:48 ` Garrett Cooper
2010-01-26 8:31 ` Garrett Cooper
2010-01-26 14:30 ` Stephen Smalley
2010-01-27 6:34 ` Garrett Cooper
2010-01-27 19:12 ` Stephen Smalley
2010-01-27 22:37 ` Garrett Cooper
2010-01-28 5:56 ` Garrett Cooper
2010-01-28 14:02 ` Stephen Smalley
2010-01-28 15:10 ` Garrett Cooper
2010-01-12 8:43 ` Garrett Cooper
2010-01-12 13:08 ` Stephen Smalley
2010-01-06 18:58 ` Serge E. Hallyn
2010-01-07 9:05 ` Garrett Cooper
2010-01-07 19:23 ` Stephen Smalley
2010-01-07 9:18 ` Garrett Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=364299f41001131052s27019ebl53f4e3f76bb4598e@mail.gmail.com \
--to=yanegomi@gmail.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=ltp-list@lists.sourceforge.net \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.