* [LTP] regression: selinux testsuite broken since October @ 2010-01-06 15:25 Stephen Smalley 2010-01-06 17:18 ` Serge E. Hallyn ` (3 more replies) 0 siblings, 4 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-06 15:25 UTC (permalink / raw) To: ltp-list; +Cc: James Morris, Eric Paris It seems the Makefile rewrite last October broke the selinux testsuite. Is it unreasonable to expect that someone who rewrote the Makefile would actually try running the testsuite? Please, revert the changes or fix them. See testcases/kernel/security/selinux-testsuite/README for the instructions. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley @ 2010-01-06 17:18 ` Serge E. Hallyn 2010-01-07 9:04 ` Garrett Cooper 2010-01-06 18:50 ` Serge E. Hallyn ` (2 subsequent siblings) 3 siblings, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-06 17:18 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Stephen Smalley (sds@tycho.nsa.gov): > It seems the Makefile rewrite last October broke the selinux testsuite. > Is it unreasonable to expect that someone who rewrote the Makefile would > actually try running the testsuite? > > Please, revert the changes or fix them. > > See testcases/kernel/security/selinux-testsuite/README for the > instructions. Seems I have a part in breakage as well. Here are patches to get the execshare_parent to compile. Now to get the policy to compile... --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2009-11-03 15:07:35.000000000 -0500 +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2010-01-06 11:58:47.000000000 -0500 @@ -18,9 +18,12 @@ #include <selinux/selinux.h> #include <selinux/context.h> #include <sched.h> +#include <test.h> -int clone_fn(char **argv) +int clone_fn(void *in) { + char **argv = (char **) in; + execv(argv[3], argv+3); perror(argv[3]); return -1; @@ -73,7 +76,7 @@ int main(int argc, char **argv) fprintf(stderr, "%s: unable to set exec context to %s\n", argv[0], context_s); exit(-1); } - pid = ltp_clone_quick(cloneflags | SIGCHLD, child_fn, argv); + pid = ltp_clone_quick(cloneflags | SIGCHLD, clone_fn, argv); if (pid < 0) { perror("clone"); exit(-1); --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2009-10-09 13:55:51.000000000 -0400 +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2010-01-06 11:53:53.000000000 -0500 @@ -25,6 +25,6 @@ top_srcdir ?= ../../../../. include $(top_srcdir)/include/mk/env_pre.mk include $(abs_srcdir)/../Makefile.inc -LDLIBS += -lselinux +LDLIBS += -lselinux -lltp include $(top_srcdir)/include/mk/generic_leaf_target.mk ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 17:18 ` Serge E. Hallyn @ 2010-01-07 9:04 ` Garrett Cooper 0 siblings, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-07 9:04 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Wed, Jan 6, 2010 at 9:18 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> It seems the Makefile rewrite last October broke the selinux testsuite. >> Is it unreasonable to expect that someone who rewrote the Makefile would >> actually try running the testsuite? >> >> Please, revert the changes or fix them. >> >> See testcases/kernel/security/selinux-testsuite/README for the >> instructions. > > Seems I have a part in breakage as well. Here are patches to get the > execshare_parent to compile. > > Now to get the policy to compile... > > --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2009-11-03 15:07:35.000000000 -0500 > +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2010-01-06 11:58:47.000000000 -0500 > @@ -18,9 +18,12 @@ > #include <selinux/selinux.h> > #include <selinux/context.h> > #include <sched.h> > +#include <test.h> > > -int clone_fn(char **argv) > +int clone_fn(void *in) > { > + char **argv = (char **) in; > + > execv(argv[3], argv+3); > perror(argv[3]); > return -1; > @@ -73,7 +76,7 @@ int main(int argc, char **argv) > fprintf(stderr, "%s: unable to set exec context to %s\n", argv[0], context_s); > exit(-1); > } > - pid = ltp_clone_quick(cloneflags | SIGCHLD, child_fn, argv); > + pid = ltp_clone_quick(cloneflags | SIGCHLD, clone_fn, argv); > if (pid < 0) { > perror("clone"); > exit(-1); > > --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2009-10-09 13:55:51.000000000 -0400 > +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2010-01-06 11:53:53.000000000 -0500 > @@ -25,6 +25,6 @@ top_srcdir ?= ../../../../. > include $(top_srcdir)/include/mk/env_pre.mk > include $(abs_srcdir)/../Makefile.inc > > -LDLIBS += -lselinux > +LDLIBS += -lselinux -lltp > > include $(top_srcdir)/include/mk/generic_leaf_target.mk Committed. -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley 2010-01-06 17:18 ` Serge E. Hallyn @ 2010-01-06 18:50 ` Serge E. Hallyn 2010-01-07 19:40 ` Stephen Smalley 2010-01-06 18:58 ` Serge E. Hallyn 2010-01-07 9:18 ` Garrett Cooper 3 siblings, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-06 18:50 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Stephen Smalley (sds@tycho.nsa.gov): > It seems the Makefile rewrite last October broke the selinux testsuite. > Is it unreasonable to expect that someone who rewrote the Makefile would > actually try running the testsuite? > > Please, revert the changes or fix them. > > See testcases/kernel/security/selinux-testsuite/README for the > instructions. Frankly I think reverting the Makefiles is best since it doesn't get auto-compiled anyway. The new Makefile is much longer and more complicated for no apparent gain. The following patch makes policy compilation work on rhel 5, but I doubt it'll work anywhere else. Running the testsuite still fails due to the change to running ltp from a different dir (i.e. /usr/bin/chcon: /root/ltp-full-20091231/testcases/bin: No such file or directory ). -serge diff -Nrup ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2009-10-10 19:53:29.000000000 -0400 +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-06 13:43:19.000000000 -0500 @@ -33,19 +33,16 @@ CHECKPOLICY_VERS ?= $(shell $(CHECKPOLIC CLEAN_TARGETS := test_policy.te -INSTALL_TARGETS := *.te +INSTALL_TARGETS := $(REDHAT_VERS)/*.te +INSTALL_TARGETS_FULL := $(builddir)/redhat/$(REDHAT_VERS)/*.te ifeq ($(CHECKPOLICY_VERS),24) INSTALL_TARGETS := $(filter-out %/test_bounds.te,$(INSTALL_TARGETS)) +INSTALL_TARGES_FULL := $(filter-out %/test_bounds.te,$(INSTALL_TARGES_FULL)) endif TE_SRCDIR := $(abs_srcdir) -ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) -ifneq ($(wildcard $(abs_srcdir)/redhat/$(REDHAT_VER)),) -TE_SRCDIR := $(abs_srcdir)/redhat/$(REDHAT_VER) -endif -endif .PHONY: all clean cleanup install load @@ -60,14 +57,18 @@ cleanup: install: all # load remains for backwards compatibility... -load: $(builddir)/test_policy.te +load: +ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) + $(MAKE) -C redhat/$(REDHAT_VERS) +else @if [ -d "$(POLICYDEVEL)" ]; then \ - cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS) $(POLICY_DEVEL); \ + cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS_FULL) $(POLICYDEVEL); \ $(MAKE) -C $(POLICYDEVEL) clean test_policy.pp; \ $(SEMODULE) -i $(POLICYDEVEL)/test_policy.pp; \ else \ echo "ERROR: You must have selinux-policy-devel installed."; \ fi +endif $(builddir)/test_policy.te: (cd "$(TE_SRCDIR)" && cat $(INSTALL_TARGETS)) > "$@"; ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 18:50 ` Serge E. Hallyn @ 2010-01-07 19:40 ` Stephen Smalley 2010-01-08 18:20 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-07 19:40 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris On Wed, 2010-01-06 at 12:50 -0600, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > It seems the Makefile rewrite last October broke the selinux testsuite. > > Is it unreasonable to expect that someone who rewrote the Makefile would > > actually try running the testsuite? > > > > Please, revert the changes or fix them. > > > > See testcases/kernel/security/selinux-testsuite/README for the > > instructions. > > Frankly I think reverting the Makefiles is best since it doesn't get > auto-compiled anyway. The new Makefile is much longer and more complicated > for no apparent gain. > > The following patch makes policy compilation work on rhel 5, but I doubt > it'll work anywhere else. Right, this won't work for Fedora. > Running the testsuite still fails due to the change to running ltp from > a different dir (i.e. > /usr/bin/chcon: /root/ltp-full-20091231/testcases/bin: No such file or directory > ). > > -serge > > diff -Nrup ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2009-10-10 19:53:29.000000000 -0400 > +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-06 13:43:19.000000000 -0500 > @@ -33,19 +33,16 @@ CHECKPOLICY_VERS ?= $(shell $(CHECKPOLIC > > CLEAN_TARGETS := test_policy.te > > -INSTALL_TARGETS := *.te > +INSTALL_TARGETS := $(REDHAT_VERS)/*.te > +INSTALL_TARGETS_FULL := $(builddir)/redhat/$(REDHAT_VERS)/*.te Using the .te files under redhat/$(REDHAT_VERS) needs to be conditional on actually running on rhel. There was logic for that down below but it looks like it has a typo. > ifeq ($(CHECKPOLICY_VERS),24) > INSTALL_TARGETS := $(filter-out %/test_bounds.te,$(INSTALL_TARGETS)) > +INSTALL_TARGES_FULL := $(filter-out %/test_bounds.te,$(INSTALL_TARGES_FULL)) Typo: TARGES vs TARGETS > endif > > TE_SRCDIR := $(abs_srcdir) > > -ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) > -ifneq ($(wildcard $(abs_srcdir)/redhat/$(REDHAT_VER)),) > -TE_SRCDIR := $(abs_srcdir)/redhat/$(REDHAT_VER) > -endif > -endif This is what should have pulled in the redhat/5 .te files, but it seems buggy - there is a typo (VER vs VERS) and I'm not sure why there is the inner ifneq block - that didn't exist in the original Makefile. > .PHONY: all clean cleanup install load > > @@ -60,14 +57,18 @@ cleanup: > install: all > > # load remains for backwards compatibility... > -load: $(builddir)/test_policy.te > +load: > +ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) > + $(MAKE) -C redhat/$(REDHAT_VERS) > +else This reverts to what was in the original Makefile, which takes us back to just using the makefile down in redhat/5, which wasn't updated. > @if [ -d "$(POLICYDEVEL)" ]; then \ > - cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS) $(POLICY_DEVEL); \ > + cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS_FULL) $(POLICYDEVEL); \ Only test_policy.* should be copied to $POLICYDEVEL, not the individual .te files. > $(MAKE) -C $(POLICYDEVEL) clean test_policy.pp; \ > $(SEMODULE) -i $(POLICYDEVEL)/test_policy.pp; \ > else \ > echo "ERROR: You must have selinux-policy-devel installed."; \ > fi > +endif > > $(builddir)/test_policy.te: > (cd "$(TE_SRCDIR)" && cat $(INSTALL_TARGETS)) > "$@"; -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-07 19:40 ` Stephen Smalley @ 2010-01-08 18:20 ` Garrett Cooper 2010-01-08 18:45 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-08 18:20 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Thu, Jan 7, 2010 at 11:40 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Wed, 2010-01-06 at 12:50 -0600, Serge E. Hallyn wrote: >> Quoting Stephen Smalley (sds@tycho.nsa.gov): >> > It seems the Makefile rewrite last October broke the selinux testsuite. >> > Is it unreasonable to expect that someone who rewrote the Makefile would >> > actually try running the testsuite? >> > >> > Please, revert the changes or fix them. >> > >> > See testcases/kernel/security/selinux-testsuite/README for the >> > instructions. >> >> Frankly I think reverting the Makefiles is best since it doesn't get >> auto-compiled anyway. The new Makefile is much longer and more complicated >> for no apparent gain. >> >> The following patch makes policy compilation work on rhel 5, but I doubt >> it'll work anywhere else. > > Right, this won't work for Fedora. > >> Running the testsuite still fails due to the change to running ltp from >> a different dir (i.e. >> /usr/bin/chcon: /root/ltp-full-20091231/testcases/bin: No such file or directory >> ). >> >> -serge >> >> diff -Nrup ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile >> --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2009-10-10 19:53:29.000000000 -0400 >> +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-06 13:43:19.000000000 -0500 >> @@ -33,19 +33,16 @@ CHECKPOLICY_VERS ?= $(shell $(CHECKPOLIC >> >> CLEAN_TARGETS := test_policy.te >> >> -INSTALL_TARGETS := *.te >> +INSTALL_TARGETS := $(REDHAT_VERS)/*.te >> +INSTALL_TARGETS_FULL := $(builddir)/redhat/$(REDHAT_VERS)/*.te > > Using the .te files under redhat/$(REDHAT_VERS) needs to be conditional > on actually running on rhel. There was logic for that down below but > it looks like it has a typo. > >> ifeq ($(CHECKPOLICY_VERS),24) >> INSTALL_TARGETS := $(filter-out %/test_bounds.te,$(INSTALL_TARGETS)) >> +INSTALL_TARGES_FULL := $(filter-out %/test_bounds.te,$(INSTALL_TARGES_FULL)) > > Typo: TARGES vs TARGETS > >> endif >> >> TE_SRCDIR := $(abs_srcdir) >> >> -ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) >> -ifneq ($(wildcard $(abs_srcdir)/redhat/$(REDHAT_VER)),) >> -TE_SRCDIR := $(abs_srcdir)/redhat/$(REDHAT_VER) >> -endif >> -endif > > This is what should have pulled in the redhat/5 .te files, but it seems > buggy - there is a typo (VER vs VERS) and I'm not sure why there is the > inner ifneq block - that didn't exist in the original Makefile. > >> .PHONY: all clean cleanup install load >> >> @@ -60,14 +57,18 @@ cleanup: >> install: all >> >> # load remains for backwards compatibility... >> -load: $(builddir)/test_policy.te >> +load: >> +ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) >> + $(MAKE) -C redhat/$(REDHAT_VERS) >> +else > > This reverts to what was in the original Makefile, which takes us back > to just using the makefile down in redhat/5, which wasn't updated. > >> @if [ -d "$(POLICYDEVEL)" ]; then \ >> - cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS) $(POLICY_DEVEL); \ >> + cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS_FULL) $(POLICYDEVEL); \ > > Only test_policy.* should be copied to $POLICYDEVEL, not the > individual .te files. > >> $(MAKE) -C $(POLICYDEVEL) clean test_policy.pp; \ >> $(SEMODULE) -i $(POLICYDEVEL)/test_policy.pp; \ >> else \ >> echo "ERROR: You must have selinux-policy-devel installed."; \ >> fi >> +endif >> >> $(builddir)/test_policy.te: >> (cd "$(TE_SRCDIR)" && cat $(INSTALL_TARGETS)) > "$@"; Thanks for the feedback and details Stephen. Would you be kind enough to try out the version from CVS to see whether or not it resolves your issue? You'll also need to update $LTPROOT/scripts in order to use the new version as I added a distro detection script which opens up /etc/redhat-release (for redhat) as opposed to using rpm to query the release. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-08 18:20 ` Garrett Cooper @ 2010-01-08 18:45 ` Stephen Smalley 2010-01-08 18:50 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-08 18:45 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > Thanks for the feedback and details Stephen. > Would you be kind enough to try out the version from CVS to see > whether or not it resolves your issue? You'll also need to update > $LTPROOT/scripts in order to use the new version as I added a distro > detection script which opens up /etc/redhat-release (for redhat) as > opposed to using rpm to query the release. > Thanks, > -Garrett The attempt to make the test policy immediately dies with: detect_distro.sh: ERROR: Bad release file: /etc/redhat-release -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-08 18:45 ` Stephen Smalley @ 2010-01-08 18:50 ` Stephen Smalley 2010-01-08 21:38 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-08 18:50 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > > Thanks for the feedback and details Stephen. > > Would you be kind enough to try out the version from CVS to see > > whether or not it resolves your issue? You'll also need to update > > $LTPROOT/scripts in order to use the new version as I added a distro > > detection script which opens up /etc/redhat-release (for redhat) as > > opposed to using rpm to query the release. > > Thanks, > > -Garrett > > The attempt to make the test policy immediately dies with: > detect_distro.sh: ERROR: Bad release file: /etc/redhat-release I should note that I'm running it on Fedora, so I wouldn't expect that file to exist. But the script needs to handle it gracefully; we just use the generic test policy files in that situation. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-08 18:50 ` Stephen Smalley @ 2010-01-08 21:38 ` Garrett Cooper 2010-01-08 22:00 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-08 21:38 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: >> > Thanks for the feedback and details Stephen. >> > Would you be kind enough to try out the version from CVS to see >> > whether or not it resolves your issue? You'll also need to update >> > $LTPROOT/scripts in order to use the new version as I added a distro >> > detection script which opens up /etc/redhat-release (for redhat) as >> > opposed to using rpm to query the release. >> > Thanks, >> > -Garrett >> >> The attempt to make the test policy immediately dies with: >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > > I should note that I'm running it on Fedora, so I wouldn't expect that > file to exist. But the script needs to handle it gracefully; we just > use the generic test policy files in that situation. What does /etc/redhat-release look like (feel free to reply to me off-list)? Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-08 21:38 ` Garrett Cooper @ 2010-01-08 22:00 ` Stephen Smalley 2010-01-08 22:08 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-08 22:00 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: > On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > >> > Thanks for the feedback and details Stephen. > >> > Would you be kind enough to try out the version from CVS to see > >> > whether or not it resolves your issue? You'll also need to update > >> > $LTPROOT/scripts in order to use the new version as I added a distro > >> > detection script which opens up /etc/redhat-release (for redhat) as > >> > opposed to using rpm to query the release. > >> > Thanks, > >> > -Garrett > >> > >> The attempt to make the test policy immediately dies with: > >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > > > > I should note that I'm running it on Fedora, so I wouldn't expect that > > file to exist. But the script needs to handle it gracefully; we just > > use the generic test policy files in that situation. > > What does /etc/redhat-release look like (feel free to reply to me off-list)? On RHEL5, it can look like one of the following: Red Hat Enterprise Linux Server release 5 (Tikanga) Red Hat Enterprise Linux Server release 5.x (Tikanga) Red Hat Enterprise Linux Client release 5 (Tikanga) Red Hat Enterprise Linux Client release 5.x (Tikanga) -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-08 22:00 ` Stephen Smalley @ 2010-01-08 22:08 ` Garrett Cooper 2010-01-09 7:27 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-08 22:08 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: >> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: >> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: >> >> > Thanks for the feedback and details Stephen. >> >> > Would you be kind enough to try out the version from CVS to see >> >> > whether or not it resolves your issue? You'll also need to update >> >> > $LTPROOT/scripts in order to use the new version as I added a distro >> >> > detection script which opens up /etc/redhat-release (for redhat) as >> >> > opposed to using rpm to query the release. >> >> > Thanks, >> >> > -Garrett >> >> >> >> The attempt to make the test policy immediately dies with: >> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release >> > >> > I should note that I'm running it on Fedora, so I wouldn't expect that >> > file to exist. But the script needs to handle it gracefully; we just >> > use the generic test policy files in that situation. >> >> What does /etc/redhat-release look like (feel free to reply to me off-list)? > > On RHEL5, it can look like one of the following: > Red Hat Enterprise Linux Server release 5 (Tikanga) > Red Hat Enterprise Linux Server release 5.x (Tikanga) > Red Hat Enterprise Linux Client release 5 (Tikanga) > Red Hat Enterprise Linux Client release 5.x (Tikanga) Interesting. They switched over to more of the Fedora-style branding, maybe?. [garrcoop@halflife ~]$ cat /etc/redhat-release Red Hat Enterprise Linux AS release 4 (Nahant Update 6) Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-08 22:08 ` Garrett Cooper @ 2010-01-09 7:27 ` Garrett Cooper 2010-01-11 19:12 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-09 7:27 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: >>> >> > Thanks for the feedback and details Stephen. >>> >> > Would you be kind enough to try out the version from CVS to see >>> >> > whether or not it resolves your issue? You'll also need to update >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro >>> >> > detection script which opens up /etc/redhat-release (for redhat) as >>> >> > opposed to using rpm to query the release. >>> >> > Thanks, >>> >> > -Garrett >>> >> >>> >> The attempt to make the test policy immediately dies with: >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release >>> > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that >>> > file to exist. But the script needs to handle it gracefully; we just >>> > use the generic test policy files in that situation. >>> >>> What does /etc/redhat-release look like (feel free to reply to me off-list)? >> >> On RHEL5, it can look like one of the following: >> Red Hat Enterprise Linux Server release 5 (Tikanga) >> Red Hat Enterprise Linux Server release 5.x (Tikanga) >> Red Hat Enterprise Linux Client release 5 (Tikanga) >> Red Hat Enterprise Linux Client release 5.x (Tikanga) > > Interesting. They switched over to more of the Fedora-style branding, maybe?. > > [garrcoop@halflife ~]$ cat /etc/redhat-release > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) Could you try again please :)? Thanks! -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-09 7:27 ` Garrett Cooper @ 2010-01-11 19:12 ` Stephen Smalley 2010-01-11 19:50 ` Serge E. Hallyn 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-11 19:12 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > >>> >> > Thanks for the feedback and details Stephen. > >>> >> > Would you be kind enough to try out the version from CVS to see > >>> >> > whether or not it resolves your issue? You'll also need to update > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as > >>> >> > opposed to using rpm to query the release. > >>> >> > Thanks, > >>> >> > -Garrett > >>> >> > >>> >> The attempt to make the test policy immediately dies with: > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > >>> > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that > >>> > file to exist. But the script needs to handle it gracefully; we just > >>> > use the generic test policy files in that situation. > >>> > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)? > >> > >> On RHEL5, it can look like one of the following: > >> Red Hat Enterprise Linux Server release 5 (Tikanga) > >> Red Hat Enterprise Linux Server release 5.x (Tikanga) > >> Red Hat Enterprise Linux Client release 5 (Tikanga) > >> Red Hat Enterprise Linux Client release 5.x (Tikanga) > > > > Interesting. They switched over to more of the Fedora-style branding, maybe?. > > > > [garrcoop@halflife ~]$ cat /etc/redhat-release > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) > > Could you try again please :)? Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 19:12 ` Stephen Smalley @ 2010-01-11 19:50 ` Serge E. Hallyn 2010-01-11 19:55 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-11 19:50 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Stephen Smalley (sds@tycho.nsa.gov): > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > > >>> >> > Thanks for the feedback and details Stephen. > > >>> >> > Would you be kind enough to try out the version from CVS to see > > >>> >> > whether or not it resolves your issue? You'll also need to update > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as > > >>> >> > opposed to using rpm to query the release. > > >>> >> > Thanks, > > >>> >> > -Garrett > > >>> >> > > >>> >> The attempt to make the test policy immediately dies with: > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > > >>> > > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that > > >>> > file to exist. But the script needs to handle it gracefully; we just > > >>> > use the generic test policy files in that situation. > > >>> > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)? > > >> > > >> On RHEL5, it can look like one of the following: > > >> Red Hat Enterprise Linux Server release 5 (Tikanga) > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga) > > >> Red Hat Enterprise Linux Client release 5 (Tikanga) > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga) > > > > > > Interesting. They switched over to more of the Fedora-style branding, maybe?. > > > > > > [garrcoop@halflife ~]$ cat /etc/redhat-release > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) > > > > Could you try again please :)? > > Fails with: > cp: cannot stat > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? -serge ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 19:50 ` Serge E. Hallyn @ 2010-01-11 19:55 ` Stephen Smalley 2010-01-11 20:19 ` Serge E. Hallyn 2010-01-12 8:43 ` Garrett Cooper 0 siblings, 2 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-11 19:55 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: > > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: > > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > > > >>> >> > Thanks for the feedback and details Stephen. > > > >>> >> > Would you be kind enough to try out the version from CVS to see > > > >>> >> > whether or not it resolves your issue? You'll also need to update > > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro > > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as > > > >>> >> > opposed to using rpm to query the release. > > > >>> >> > Thanks, > > > >>> >> > -Garrett > > > >>> >> > > > >>> >> The attempt to make the test policy immediately dies with: > > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > > > >>> > > > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that > > > >>> > file to exist. But the script needs to handle it gracefully; we just > > > >>> > use the generic test policy files in that situation. > > > >>> > > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)? > > > >> > > > >> On RHEL5, it can look like one of the following: > > > >> Red Hat Enterprise Linux Server release 5 (Tikanga) > > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga) > > > >> Red Hat Enterprise Linux Client release 5 (Tikanga) > > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga) > > > > > > > > Interesting. They switched over to more of the Fedora-style branding, maybe?. > > > > > > > > [garrcoop@halflife ~]$ cat /etc/redhat-release > > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) > > > > > > Could you try again please :)? > > > > Fails with: > > cp: cannot stat > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > I think we are supposed to actually be running > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 19:55 ` Stephen Smalley @ 2010-01-11 20:19 ` Serge E. Hallyn 2010-01-11 20:58 ` Serge E. Hallyn 2010-01-12 8:43 ` Garrett Cooper 1 sibling, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-11 20:19 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Stephen Smalley (sds@tycho.nsa.gov): > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > > > Fails with: > > > cp: cannot stat > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > > > I think we are supposed to actually be running > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > > testscript? Or should the policy sources be copied into /opt? > > Ok, but regardless: the refpolicy Makefile is still broken. Yup. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 20:19 ` Serge E. Hallyn @ 2010-01-11 20:58 ` Serge E. Hallyn 2010-01-11 21:00 ` Serge E. Hallyn 0 siblings, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-11 20:58 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Serge E. Hallyn (serue@us.ibm.com): > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > > > > Fails with: > > > > cp: cannot stat > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > > > > > I think we are supposed to actually be running > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > > > testscript? Or should the policy sources be copied into /opt? > > > > Ok, but regardless: the refpolicy Makefile is still broken. > > Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. -serge ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 20:58 ` Serge E. Hallyn @ 2010-01-11 21:00 ` Serge E. Hallyn 2010-01-11 21:31 ` Serge E. Hallyn 2010-01-12 8:29 ` Garrett Cooper 0 siblings, 2 replies; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-11 21:00 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris [-- Attachment #1: Type: text/plain, Size: 1599 bytes --] Quoting Serge E. Hallyn (serue@us.ibm.com): > Quoting Serge E. Hallyn (serue@us.ibm.com): > > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > > > > > Fails with: > > > > > cp: cannot stat > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > > > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > > > > > > > I think we are supposed to actually be running > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > > > > testscript? Or should the policy sources be copied into /opt? > > > > > > Ok, but regardless: the refpolicy Makefile is still broken. > > > > Yup. > > All right, baby-steps. > > The attached test_selinux.diff is not to be applied, but something > like it is needed. Should we have the ltp 'make install' fill in > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > that is the issue I was saying is shared between test_selinux.sh > and some others including test_robind.sh. That's why I'm not just > sending a patch to make it work, bc i think we need more general > guidance. > > The second match makes the 'make load' part of test_selinux.sh > succeed on rhel5.4. Stephen, how does it do on fedora? > > After loading policy it fails to execute ltp-pan, but I figure let's > get policy loading working first. > > -serge gah, attaching the actual patches this time. -serge [-- Attachment #2: Makefile.diff --] [-- Type: text/x-diff, Size: 431 bytes --] --- /root/ltp_cvs_orig/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-08 04:39:20.000000000 -0500 +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-11 15:52:13.000000000 -0500 @@ -34,6 +34,8 @@ ifeq ($(strip $(DISTRO_VER)),) DISTRO_VER := generic +else +DISTRO_VER := $(shell echo $(DISTRO_VER) | cut -d . -f 1 - ) endif CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy [-- Attachment #3: test_selinux.diff --] [-- Type: text/x-diff, Size: 630 bytes --] --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 15:11:34.000000000 -0500 @@ -77,10 +77,12 @@ SEMODULE="/usr/sbin/semodule" +TOP_SRCDIR=/root/ltp + if [ -f $SEMODULE ]; then - POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy" + POLICYDIR="$TOP_SRCDIR/testcases/kernel/security/selinux-testsuite/refpolicy" else - POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/policy" + POLICYDIR="$TOP_SRCDIR/testcases/kernel/security/selinux-testsuite/policy" fi config_set_expandcheck [-- Attachment #4: Type: text/plain, Size: 390 bytes --] ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev [-- Attachment #5: Type: text/plain, Size: 155 bytes --] _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 21:00 ` Serge E. Hallyn @ 2010-01-11 21:31 ` Serge E. Hallyn 2010-01-12 8:36 ` Garrett Cooper 2010-01-12 13:16 ` Stephen Smalley 2010-01-12 8:29 ` Garrett Cooper 1 sibling, 2 replies; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-11 21:31 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Serge E. Hallyn (serue@us.ibm.com): > Quoting Serge E. Hallyn (serue@us.ibm.com): > > Quoting Serge E. Hallyn (serue@us.ibm.com): > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > > > > > > Fails with: > > > > > > cp: cannot stat > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > > > > > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > > > > > > > > > I think we are supposed to actually be running > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > > > > > testscript? Or should the policy sources be copied into /opt? > > > > > > > > Ok, but regardless: the refpolicy Makefile is still broken. > > > > > > Yup. > > > > All right, baby-steps. > > > > The attached test_selinux.diff is not to be applied, but something > > like it is needed. Should we have the ltp 'make install' fill in > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > > that is the issue I was saying is shared between test_selinux.sh > > and some others including test_robind.sh. That's why I'm not just > > sending a patch to make it work, bc i think we need more general > > guidance. > > > > The second match makes the 'make load' part of test_selinux.sh > > succeed on rhel5.4. Stephen, how does it do on fedora? > > > > After loading policy it fails to execute ltp-pan, but I figure let's > > get policy loading working first. All right well just doing --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 @@ -115,7 +117,7 @@ SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux # cleanup before exiting ================================================================ in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all up to then pass) Again this is on RHEL5.4. -serge ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 21:31 ` Serge E. Hallyn @ 2010-01-12 8:36 ` Garrett Cooper 2010-01-12 13:16 ` Stephen Smalley 1 sibling, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 8:36 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Mon, Jan 11, 2010 at 1:31 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > Quoting Serge E. Hallyn (serue@us.ibm.com): >> Quoting Serge E. Hallyn (serue@us.ibm.com): >> > Quoting Serge E. Hallyn (serue@us.ibm.com): >> > > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> > > > > > Fails with: >> > > > > > cp: cannot stat >> > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> > > > > >> > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> > > > > >> > > > > I think we are supposed to actually be running >> > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> > > > > testscript? Or should the policy sources be copied into /opt? >> > > > >> > > > Ok, but regardless: the refpolicy Makefile is still broken. >> > > >> > > Yup. >> > >> > All right, baby-steps. >> > >> > The attached test_selinux.diff is not to be applied, but something >> > like it is needed. Should we have the ltp 'make install' fill in >> > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >> > that is the issue I was saying is shared between test_selinux.sh >> > and some others including test_robind.sh. That's why I'm not just >> > sending a patch to make it work, bc i think we need more general >> > guidance. >> > >> > The second match makes the 'make load' part of test_selinux.sh >> > succeed on rhel5.4. Stephen, how does it do on fedora? >> > >> > After loading policy it fails to execute ltp-pan, but I figure let's >> > get policy loading working first. > > All right well just doing > > --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 > +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 > @@ -115,7 +117,7 @@ > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin > > -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > > # cleanup before exiting > > ================================================================ > in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all > up to then pass) > > Again this is on RHEL5.4. > > -serge Yowch. This was a problem in more than just that script. Apparently PAN was incorrect for test_containers.sh and test_filecaps.sh as well. Fixed. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 21:31 ` Serge E. Hallyn 2010-01-12 8:36 ` Garrett Cooper @ 2010-01-12 13:16 ` Stephen Smalley 2010-01-12 16:55 ` Garrett Cooper 1 sibling, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-12 13:16 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: > Quoting Serge E. Hallyn (serue@us.ibm.com): > > Quoting Serge E. Hallyn (serue@us.ibm.com): > > > Quoting Serge E. Hallyn (serue@us.ibm.com): > > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > > > > > > > Fails with: > > > > > > > cp: cannot stat > > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > > > > > > > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > > > > > > > > > > > I think we are supposed to actually be running > > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > > > > > > testscript? Or should the policy sources be copied into /opt? > > > > > > > > > > Ok, but regardless: the refpolicy Makefile is still broken. > > > > > > > > Yup. > > > > > > All right, baby-steps. > > > > > > The attached test_selinux.diff is not to be applied, but something > > > like it is needed. Should we have the ltp 'make install' fill in > > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > > > that is the issue I was saying is shared between test_selinux.sh > > > and some others including test_robind.sh. That's why I'm not just > > > sending a patch to make it work, bc i think we need more general > > > guidance. > > > > > > The second match makes the 'make load' part of test_selinux.sh > > > succeed on rhel5.4. Stephen, how does it do on fedora? > > > > > > After loading policy it fails to execute ltp-pan, but I figure let's > > > get policy loading working first. > > All right well just doing > > --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 > +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 > @@ -115,7 +117,7 @@ > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin > > -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > > # cleanup before exiting > > ================================================================ > in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all > up to then pass) > > Again this is on RHEL5.4. test39 isn't supposed to be run on RHEL5.4. The old tests/Makefile had conditional logic to exclude certain tests on RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 13:16 ` Stephen Smalley @ 2010-01-12 16:55 ` Garrett Cooper 2010-01-12 17:19 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 16:55 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: >> Quoting Serge E. Hallyn (serue@us.ibm.com): >> > Quoting Serge E. Hallyn (serue@us.ibm.com): >> > > Quoting Serge E. Hallyn (serue@us.ibm.com): >> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> > > > > > > Fails with: >> > > > > > > cp: cannot stat >> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> > > > > > >> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> > > > > > >> > > > > > I think we are supposed to actually be running >> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> > > > > > testscript? Or should the policy sources be copied into /opt? >> > > > > >> > > > > Ok, but regardless: the refpolicy Makefile is still broken. >> > > > >> > > > Yup. >> > > >> > > All right, baby-steps. >> > > >> > > The attached test_selinux.diff is not to be applied, but something >> > > like it is needed. Should we have the ltp 'make install' fill in >> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >> > > that is the issue I was saying is shared between test_selinux.sh >> > > and some others including test_robind.sh. That's why I'm not just >> > > sending a patch to make it work, bc i think we need more general >> > > guidance. >> > > >> > > The second match makes the 'make load' part of test_selinux.sh >> > > succeed on rhel5.4. Stephen, how does it do on fedora? >> > > >> > > After loading policy it fails to execute ltp-pan, but I figure let's >> > > get policy loading working first. >> >> All right well just doing >> >> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 >> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 >> @@ -115,7 +117,7 @@ >> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` >> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin >> >> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >> >> # cleanup before exiting >> >> ================================================================ >> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all >> up to then pass) >> >> Again this is on RHEL5.4. > > test39 isn't supposed to be run on RHEL5.4. > The old tests/Makefile had conditional logic to exclude certain tests on > RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. Something that fell through the cracks because I didn't take the time to actually determine _what_ the requirements were for the tests so they would report configuration failure instead of failure. Please try this (I properly pasted it this time instead of using my xterm window and paste): Index: tests/Makefile =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 +++ tests/Makefile 12 Jan 2010 16:53:57 -0000 @@ -24,11 +24,26 @@ include $(top_srcdir)/include/mk/env_pre.mk -RECURSIVE_TARGETS := install +ARGS = -m +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. +ifneq ($(strip $(DESTDIR)),) +ARGS += -d $(DESTDIR) +endif -include $(top_srcdir)/include/mk/generic_trunk_target.mk +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) + +# +# Certain tests should be excluded on RHEL [45].x as their kernels don't +# support the tests. +# +# XXX (garrcoop): actually complete the work to add proper checks to the tests +# to report TCONF on configuration failure. +# +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) +FILTER_OUT_DIRS += dyntrace dyntrans +endif +ifeq (redhat-4,$(DISTRO_VER)) +FILTER_OUT_DIRS += bounds +endif -all: - @set -e; for i in $(SUBDIRS); do \ - $(MAKE) -C $$i $@; \ - done +include $(top_srcdir)/include/mk/generic_trunk_target.mk ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 16:55 ` Garrett Cooper @ 2010-01-12 17:19 ` Garrett Cooper 2010-01-12 17:24 ` Garrett Cooper 2010-01-12 17:26 ` Garrett Cooper 0 siblings, 2 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 17:19 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: >>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>> > Quoting Serge E. Hallyn (serue@us.ibm.com): >>> > > Quoting Serge E. Hallyn (serue@us.ibm.com): >>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): >>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >>> > > > > > > Fails with: >>> > > > > > > cp: cannot stat >>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >>> > > > > > >>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >>> > > > > > >>> > > > > > I think we are supposed to actually be running >>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >>> > > > > > testscript? Or should the policy sources be copied into /opt? >>> > > > > >>> > > > > Ok, but regardless: the refpolicy Makefile is still broken. >>> > > > >>> > > > Yup. >>> > > >>> > > All right, baby-steps. >>> > > >>> > > The attached test_selinux.diff is not to be applied, but something >>> > > like it is needed. Should we have the ltp 'make install' fill in >>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >>> > > that is the issue I was saying is shared between test_selinux.sh >>> > > and some others including test_robind.sh. That's why I'm not just >>> > > sending a patch to make it work, bc i think we need more general >>> > > guidance. >>> > > >>> > > The second match makes the 'make load' part of test_selinux.sh >>> > > succeed on rhel5.4. Stephen, how does it do on fedora? >>> > > >>> > > After loading policy it fails to execute ltp-pan, but I figure let's >>> > > get policy loading working first. >>> >>> All right well just doing >>> >>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 >>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 >>> @@ -115,7 +117,7 @@ >>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` >>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin >>> >>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >>> >>> # cleanup before exiting >>> >>> ================================================================ >>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all >>> up to then pass) >>> >>> Again this is on RHEL5.4. >> >> test39 isn't supposed to be run on RHEL5.4. >> The old tests/Makefile had conditional logic to exclude certain tests on >> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. > > > Something that fell through the cracks because I didn't take the time > to actually determine _what_ the requirements were for the tests so > they would report configuration failure instead of failure. Please try > this (I properly pasted it this time instead of using my xterm window > and paste): > > Index: tests/Makefile > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v > retrieving revision 1.7 > diff -u -r1.7 Makefile > --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 > +++ tests/Makefile 12 Jan 2010 16:53:57 -0000 > @@ -24,11 +24,26 @@ > > include $(top_srcdir)/include/mk/env_pre.mk > > -RECURSIVE_TARGETS := install > +ARGS = -m > +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. > +ifneq ($(strip $(DESTDIR)),) > +ARGS += -d $(DESTDIR) > +endif > > -include $(top_srcdir)/include/mk/generic_trunk_target.mk > +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > + > +# > +# Certain tests should be excluded on RHEL [45].x as their kernels don't > +# support the tests. > +# > +# XXX (garrcoop): actually complete the work to add proper checks to the tests > +# to report TCONF on configuration failure. > +# > +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) > +FILTER_OUT_DIRS += dyntrace dyntrans > +endif > +ifeq (redhat-4,$(DISTRO_VER)) > +FILTER_OUT_DIRS += bounds > +endif > > -all: > - @set -e; for i in $(SUBDIRS); do \ > - $(MAKE) -C $$i $@; \ > - done > +include $(top_srcdir)/include/mk/generic_trunk_target.mk > The conditional checks didn't make sense with what Stephen mentioned above to you Serge, so I respun the diff: Index: tests/Makefile =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 +++ tests/Makefile 12 Jan 2010 17:16:09 -0000 @@ -24,11 +24,28 @@ include $(top_srcdir)/include/mk/env_pre.mk -RECURSIVE_TARGETS := install +ARGS = -m +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. +ifneq ($(strip $(DESTDIR)),) +ARGS += -d $(DESTDIR) +endif -include $(top_srcdir)/include/mk/generic_trunk_target.mk +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) + +# +# Certain tests should be excluded on RHEL [45].x as their kernels don't +# support the tests. +# +# XXX (garrcoop): actually complete the work to add proper checks to the tests +# to report TCONF on configuration failure. -all: - @set -e; for i in $(SUBDIRS); do \ - $(MAKE) -C $$i $@; \ - done +# RHEL 4.x doesn't support the dyntrace and dyntrans tests. +ifneq ($(findstring $(DISTRO_VER),redhat-4),) +FILTER_OUT_DIRS += dyntrace dyntrans +endif +# RHEL 5.x doesn't support the bounds test. +ifeq (redhat-5,$(DISTRO_VER)) +FILTER_OUT_DIRS += bounds +endif + +include $(top_srcdir)/include/mk/generic_trunk_target.mk Also, if you guys can try out this patch for refpolicy/Makefile, I'd prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy Make logic): Index: refpolicy/Makefile =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 @@ -17,7 +17,7 @@ # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Garrett Cooper, August 2009 +# Garrett Cooper, January 2010 # top_srcdir ?= ../../../../.. @@ -32,6 +32,7 @@ DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) +# Avoid empty strings. ifeq ($(strip $(DISTRO_VER)),) DISTRO_VER := generic endif @@ -41,10 +42,17 @@ POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel SEMODULE ?= $(DESTDIR)/usr/sbin/semodule -INSTALL_DIR := testcases/kernel/security/selinux-testsuite +INSTALL_DIR := testcases/selinux-testsuite/refpolicy TEST_POLICY_DIR := $(abs_srcdir)/policy_files +# Do we have a special set of policies in the SCM to install? +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) +else +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic +endif + .PHONY: all clean cleanup install load CLEAN_DEPS := cleanup @@ -55,34 +63,24 @@ -$(SEMODULE) -r test_policy $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) -MAKE_TARGETS := - -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) - -# load remains for backwards compatibility... -load: - $(MAKE) -C $(TEST_POLICY_DIR) -else - MAKE_TARGETS := test_policy.te -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic - -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) - ifneq ($(CHECKPOLICY_VERS),24) POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) endif +# This is being done to preserve precedence; test_global.te must come first. +POLICY_FILES := test_global.te \ + $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) + load: - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ else \ - echo "ERROR: You must have selinux-policy-devel installed."; \ + echo "ERROR: You must have selinux-policy?-devel? installed."; \ false; \ fi ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 17:19 ` Garrett Cooper @ 2010-01-12 17:24 ` Garrett Cooper 2010-01-12 17:26 ` Garrett Cooper 1 sibling, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 17:24 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Tue, Jan 12, 2010 at 9:19 AM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yanegomi@gmail.com> wrote: >> On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >>> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: >>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>>> > Quoting Serge E. Hallyn (serue@us.ibm.com): >>>> > > Quoting Serge E. Hallyn (serue@us.ibm.com): >>>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): >>>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >>>> > > > > > > Fails with: >>>> > > > > > > cp: cannot stat >>>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >>>> > > > > > >>>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >>>> > > > > > >>>> > > > > > I think we are supposed to actually be running >>>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >>>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >>>> > > > > > testscript? Or should the policy sources be copied into /opt? >>>> > > > > >>>> > > > > Ok, but regardless: the refpolicy Makefile is still broken. >>>> > > > >>>> > > > Yup. >>>> > > >>>> > > All right, baby-steps. >>>> > > >>>> > > The attached test_selinux.diff is not to be applied, but something >>>> > > like it is needed. Should we have the ltp 'make install' fill in >>>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >>>> > > that is the issue I was saying is shared between test_selinux.sh >>>> > > and some others including test_robind.sh. That's why I'm not just >>>> > > sending a patch to make it work, bc i think we need more general >>>> > > guidance. >>>> > > >>>> > > The second match makes the 'make load' part of test_selinux.sh >>>> > > succeed on rhel5.4. Stephen, how does it do on fedora? >>>> > > >>>> > > After loading policy it fails to execute ltp-pan, but I figure let's >>>> > > get policy loading working first. >>>> >>>> All right well just doing >>>> >>>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 >>>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 >>>> @@ -115,7 +117,7 @@ >>>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` >>>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin >>>> >>>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >>>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >>>> >>>> # cleanup before exiting >>>> >>>> ================================================================ >>>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all >>>> up to then pass) >>>> >>>> Again this is on RHEL5.4. >>> >>> test39 isn't supposed to be run on RHEL5.4. >>> The old tests/Makefile had conditional logic to exclude certain tests on >>> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. >> >> >> Something that fell through the cracks because I didn't take the time >> to actually determine _what_ the requirements were for the tests so >> they would report configuration failure instead of failure. Please try >> this (I properly pasted it this time instead of using my xterm window >> and paste): >> >> Index: tests/Makefile >> =================================================================== >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v >> retrieving revision 1.7 >> diff -u -r1.7 Makefile >> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 >> +++ tests/Makefile 12 Jan 2010 16:53:57 -0000 >> @@ -24,11 +24,26 @@ >> >> include $(top_srcdir)/include/mk/env_pre.mk >> >> -RECURSIVE_TARGETS := install >> +ARGS = -m >> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. >> +ifneq ($(strip $(DESTDIR)),) >> +ARGS += -d $(DESTDIR) >> +endif >> >> -include $(top_srcdir)/include/mk/generic_trunk_target.mk >> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> + >> +# >> +# Certain tests should be excluded on RHEL [45].x as their kernels don't >> +# support the tests. >> +# >> +# XXX (garrcoop): actually complete the work to add proper checks to the tests >> +# to report TCONF on configuration failure. >> +# >> +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) >> +FILTER_OUT_DIRS += dyntrace dyntrans >> +endif >> +ifeq (redhat-4,$(DISTRO_VER)) >> +FILTER_OUT_DIRS += bounds >> +endif >> >> -all: >> - @set -e; for i in $(SUBDIRS); do \ >> - $(MAKE) -C $$i $@; \ >> - done >> +include $(top_srcdir)/include/mk/generic_trunk_target.mk >> > > The conditional checks didn't make sense with what Stephen mentioned > above to you Serge, so I respun the diff: > > Index: tests/Makefile > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v > retrieving revision 1.7 > diff -u -r1.7 Makefile > --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 > +++ tests/Makefile 12 Jan 2010 17:16:09 -0000 > @@ -24,11 +24,28 @@ > > include $(top_srcdir)/include/mk/env_pre.mk > > -RECURSIVE_TARGETS := install > +ARGS = -m > +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. > +ifneq ($(strip $(DESTDIR)),) > +ARGS += -d $(DESTDIR) > +endif > > -include $(top_srcdir)/include/mk/generic_trunk_target.mk > +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > + > +# > +# Certain tests should be excluded on RHEL [45].x as their kernels don't > +# support the tests. > +# > +# XXX (garrcoop): actually complete the work to add proper checks to the tests > +# to report TCONF on configuration failure. > > -all: > - @set -e; for i in $(SUBDIRS); do \ > - $(MAKE) -C $$i $@; \ > - done > +# RHEL 4.x doesn't support the dyntrace and dyntrans tests. > +ifneq ($(findstring $(DISTRO_VER),redhat-4),) > +FILTER_OUT_DIRS += dyntrace dyntrans > +endif > +# RHEL 5.x doesn't support the bounds test. > +ifeq (redhat-5,$(DISTRO_VER)) > +FILTER_OUT_DIRS += bounds > +endif Man, my brain's a bit groggy this morning. The previous conditional was correct -- the directories / versions to filter out were just flip-flopped -_-. If you do: +# RHEL 4.x and 5.x don't support the bounds test. +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) +FILTER_OUT_DIRS += bounds +endif +# RHEL 4.x doesn't support the dyntrace and dyntrans tests. +ifeq (redhat-4,$(DISTRO_VER)) +FILTER_OUT_DIRS += dyntrace dyntrans +endif That should end up with the final desired result. > +include $(top_srcdir)/include/mk/generic_trunk_target.mk > > Also, if you guys can try out this patch for refpolicy/Makefile, I'd > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy > Make logic): > > Index: refpolicy/Makefile > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > retrieving revision 1.12 > diff -u -r1.12 Makefile > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 > @@ -17,7 +17,7 @@ > # with this program; if not, write to the Free Software Foundation, Inc., > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > # > -# Garrett Cooper, August 2009 > +# Garrett Cooper, January 2010 > # > > top_srcdir ?= ../../../../.. > @@ -32,6 +32,7 @@ > > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > > +# Avoid empty strings. > ifeq ($(strip $(DISTRO_VER)),) > DISTRO_VER := generic > endif > @@ -41,10 +42,17 @@ > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule > > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy > > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > +# Do we have a special set of policies in the SCM to install? > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > +else > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > +endif > + > .PHONY: all clean cleanup install load > > CLEAN_DEPS := cleanup > @@ -55,34 +63,24 @@ > -$(SEMODULE) -r test_policy > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te > > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) > -MAKE_TARGETS := > - > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > - > -# load remains for backwards compatibility... > -load: > - $(MAKE) -C $(TEST_POLICY_DIR) > -else > - > MAKE_TARGETS := test_policy.te > > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > - > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir > $(wildcard $(TEST_POLICY_DIR)/*.te))) > - > ifneq ($(CHECKPOLICY_VERS),24) > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) > endif > > +# This is being done to preserve precedence; test_global.te must come first. > +POLICY_FILES := test_global.te \ > + $(filter-out test_global.te,$(notdir $(wildcard > $(TEST_POLICY_DIR)/*.te))) > + > load: > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ > else \ > - echo "ERROR: You must have selinux-policy-devel installed."; \ > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > false; \ > fi > ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 17:19 ` Garrett Cooper 2010-01-12 17:24 ` Garrett Cooper @ 2010-01-12 17:26 ` Garrett Cooper 2010-01-12 19:12 ` Stephen Smalley 1 sibling, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 17:26 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Tue, Jan 12, 2010 at 9:19 AM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yanegomi@gmail.com> wrote: >> On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >>> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: >>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>>> > Quoting Serge E. Hallyn (serue@us.ibm.com): >>>> > > Quoting Serge E. Hallyn (serue@us.ibm.com): >>>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): >>>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >>>> > > > > > > Fails with: >>>> > > > > > > cp: cannot stat >>>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >>>> > > > > > >>>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >>>> > > > > > >>>> > > > > > I think we are supposed to actually be running >>>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >>>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >>>> > > > > > testscript? Or should the policy sources be copied into /opt? >>>> > > > > >>>> > > > > Ok, but regardless: the refpolicy Makefile is still broken. >>>> > > > >>>> > > > Yup. >>>> > > >>>> > > All right, baby-steps. >>>> > > >>>> > > The attached test_selinux.diff is not to be applied, but something >>>> > > like it is needed. Should we have the ltp 'make install' fill in >>>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >>>> > > that is the issue I was saying is shared between test_selinux.sh >>>> > > and some others including test_robind.sh. That's why I'm not just >>>> > > sending a patch to make it work, bc i think we need more general >>>> > > guidance. >>>> > > >>>> > > The second match makes the 'make load' part of test_selinux.sh >>>> > > succeed on rhel5.4. Stephen, how does it do on fedora? >>>> > > >>>> > > After loading policy it fails to execute ltp-pan, but I figure let's >>>> > > get policy loading working first. >>>> >>>> All right well just doing >>>> >>>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400 >>>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500 >>>> @@ -115,7 +117,7 @@ >>>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` >>>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin >>>> >>>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >>>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux >>>> >>>> # cleanup before exiting >>>> >>>> ================================================================ >>>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all >>>> up to then pass) >>>> >>>> Again this is on RHEL5.4. >>> >>> test39 isn't supposed to be run on RHEL5.4. >>> The old tests/Makefile had conditional logic to exclude certain tests on >>> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. >> >> >> Something that fell through the cracks because I didn't take the time >> to actually determine _what_ the requirements were for the tests so >> they would report configuration failure instead of failure. Please try >> this (I properly pasted it this time instead of using my xterm window >> and paste): >> >> Index: tests/Makefile >> =================================================================== >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v >> retrieving revision 1.7 >> diff -u -r1.7 Makefile >> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 >> +++ tests/Makefile 12 Jan 2010 16:53:57 -0000 >> @@ -24,11 +24,26 @@ >> >> include $(top_srcdir)/include/mk/env_pre.mk >> >> -RECURSIVE_TARGETS := install >> +ARGS = -m >> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. >> +ifneq ($(strip $(DESTDIR)),) >> +ARGS += -d $(DESTDIR) >> +endif >> >> -include $(top_srcdir)/include/mk/generic_trunk_target.mk >> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> + >> +# >> +# Certain tests should be excluded on RHEL [45].x as their kernels don't >> +# support the tests. >> +# >> +# XXX (garrcoop): actually complete the work to add proper checks to the tests >> +# to report TCONF on configuration failure. >> +# >> +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) >> +FILTER_OUT_DIRS += dyntrace dyntrans >> +endif >> +ifeq (redhat-4,$(DISTRO_VER)) >> +FILTER_OUT_DIRS += bounds >> +endif >> >> -all: >> - @set -e; for i in $(SUBDIRS); do \ >> - $(MAKE) -C $$i $@; \ >> - done >> +include $(top_srcdir)/include/mk/generic_trunk_target.mk >> > > The conditional checks didn't make sense with what Stephen mentioned > above to you Serge, so I respun the diff: > > Index: tests/Makefile > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v > retrieving revision 1.7 > diff -u -r1.7 Makefile > --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7 > +++ tests/Makefile 12 Jan 2010 17:16:09 -0000 > @@ -24,11 +24,28 @@ > > include $(top_srcdir)/include/mk/env_pre.mk > > -RECURSIVE_TARGETS := install > +ARGS = -m > +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. > +ifneq ($(strip $(DESTDIR)),) > +ARGS += -d $(DESTDIR) > +endif > > -include $(top_srcdir)/include/mk/generic_trunk_target.mk > +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > + > +# > +# Certain tests should be excluded on RHEL [45].x as their kernels don't > +# support the tests. > +# > +# XXX (garrcoop): actually complete the work to add proper checks to the tests > +# to report TCONF on configuration failure. > > -all: > - @set -e; for i in $(SUBDIRS); do \ > - $(MAKE) -C $$i $@; \ > - done > +# RHEL 4.x doesn't support the dyntrace and dyntrans tests. > +ifneq ($(findstring $(DISTRO_VER),redhat-4),) > +FILTER_OUT_DIRS += dyntrace dyntrans > +endif > +# RHEL 5.x doesn't support the bounds test. > +ifeq (redhat-5,$(DISTRO_VER)) > +FILTER_OUT_DIRS += bounds > +endif > + > +include $(top_srcdir)/include/mk/generic_trunk_target.mk > > Also, if you guys can try out this patch for refpolicy/Makefile, I'd > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy > Make logic): > > Index: refpolicy/Makefile > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > retrieving revision 1.12 > diff -u -r1.12 Makefile > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 > @@ -17,7 +17,7 @@ > # with this program; if not, write to the Free Software Foundation, Inc., > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > # > -# Garrett Cooper, August 2009 > +# Garrett Cooper, January 2010 > # > > top_srcdir ?= ../../../../.. > @@ -32,6 +32,7 @@ > > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > > +# Avoid empty strings. > ifeq ($(strip $(DISTRO_VER)),) > DISTRO_VER := generic > endif > @@ -41,10 +42,17 @@ > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule > > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy > > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > +# Do we have a special set of policies in the SCM to install? > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > +else > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > +endif > + > .PHONY: all clean cleanup install load > > CLEAN_DEPS := cleanup > @@ -55,34 +63,24 @@ > -$(SEMODULE) -r test_policy > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te > > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) > -MAKE_TARGETS := > - > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > - > -# load remains for backwards compatibility... > -load: > - $(MAKE) -C $(TEST_POLICY_DIR) > -else > - > MAKE_TARGETS := test_policy.te > > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > - > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir > $(wildcard $(TEST_POLICY_DIR)/*.te))) > - > ifneq ($(CHECKPOLICY_VERS),24) > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) > endif > > +# This is being done to preserve precedence; test_global.te must come first. > +POLICY_FILES := test_global.te \ > + $(filter-out test_global.te,$(notdir $(wildcard > $(TEST_POLICY_DIR)/*.te))) > + > load: > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ > else \ > - echo "ERROR: You must have selinux-policy-devel installed."; \ > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > false; \ > fi There's a stray endif on line 90 of refpolicy/Makefile that needs to be deleted as well, FYI... Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 17:26 ` Garrett Cooper @ 2010-01-12 19:12 ` Stephen Smalley 2010-01-13 6:51 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-12 19:12 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: > > Also, if you guys can try out this patch for refpolicy/Makefile, I'd > > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy > > Make logic): > > > > Index: refpolicy/Makefile > > =================================================================== > > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > > retrieving revision 1.12 > > diff -u -r1.12 Makefile > > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 > > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 > > @@ -17,7 +17,7 @@ > > # with this program; if not, write to the Free Software Foundation, Inc., > > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > # > > -# Garrett Cooper, August 2009 > > +# Garrett Cooper, January 2010 > > # > > > > top_srcdir ?= ../../../../.. > > @@ -32,6 +32,7 @@ > > > > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > > > > +# Avoid empty strings. > > ifeq ($(strip $(DISTRO_VER)),) > > DISTRO_VER := generic > > endif > > @@ -41,10 +42,17 @@ > > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule > > > > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite > > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy > > > > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > > > +# Do we have a special set of policies in the SCM to install? > > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) > > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > > +else > > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > > +endif > > + > > .PHONY: all clean cleanup install load > > > > CLEAN_DEPS := cleanup > > @@ -55,34 +63,24 @@ > > -$(SEMODULE) -r test_policy > > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te > > > > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) > > -MAKE_TARGETS := > > - > > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > > - > > -# load remains for backwards compatibility... > > -load: > > - $(MAKE) -C $(TEST_POLICY_DIR) > > -else > > - > > MAKE_TARGETS := test_policy.te > > > > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > > - > > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir > > $(wildcard $(TEST_POLICY_DIR)/*.te))) > > - > > ifneq ($(CHECKPOLICY_VERS),24) > > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) > > endif > > > > +# This is being done to preserve precedence; test_global.te must come first. > > +POLICY_FILES := test_global.te \ > > + $(filter-out test_global.te,$(notdir $(wildcard > > $(TEST_POLICY_DIR)/*.te))) > > + > > load: > > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ > > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ > > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ > > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ > > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ > > else \ > > - echo "ERROR: You must have selinux-policy-devel installed."; \ > > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > > false; \ > > fi > > There's a stray endif on line 90 of refpolicy/Makefile that needs to > be deleted as well, FYI... Ok. test policy appears to build (on Fedora) when running make by hand from the refpolicy directory, but you still can't run the tests, either from /opt/ltp or from the source tree. # cd /opt/ltp/testscripts && ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /opt/ltp /opt/ltp allow_domain_fd_use --> off allow_domain_fd_use exists setting building and installing test_policy module... ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory make: *** No rule to make target `load'. Stop. Failed to build and load test_policy module, aborting test run. /etc/selinux /opt/ltp /opt/ltp # cd LTP_SRCDIR/testscripts && ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /home/sds/ltp /home/sds/ltp allow_domain_fd_use --> off allow_domain_fd_use exists setting building and installing test_policy module... make[1]: Entering directory `/usr/share/selinux/devel' rm -fR tmp rm -f *.pp make[1]: Leaving directory `/usr/share/selinux/devel' make[1]: Entering directory `/usr/share/selinux/devel' Compiling targeted test_policy module /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod Creating targeted test_policy.pp policy package rm tmp/test_policy.mod tmp/test_policy.mod.fc make[1]: Leaving directory `/usr/share/selinux/devel' Successfully built and loaded test_policy module. /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy Running the SELinux testsuite... ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory /usr/bin/chcon: missing operand Try `/usr/bin/chcon --help' for more information. Removing test_policy module... /usr/sbin/semodule -r test_policy rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te allow_domain_fd_use --> off allow_domain_fd_use exists setting Done. Both test_selinux.sh and tests/runtest.sh need to be updated. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 19:12 ` Stephen Smalley @ 2010-01-13 6:51 ` Garrett Cooper 2010-01-13 6:54 ` Garrett Cooper 2010-01-13 13:43 ` Stephen Smalley 0 siblings, 2 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-13 6:51 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy >> > Make logic): >> > >> > Index: refpolicy/Makefile >> > =================================================================== >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> > retrieving revision 1.12 >> > diff -u -r1.12 Makefile >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 >> > @@ -17,7 +17,7 @@ >> > # with this program; if not, write to the Free Software Foundation, Inc., >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. >> > # >> > -# Garrett Cooper, August 2009 >> > +# Garrett Cooper, January 2010 >> > # >> > >> > top_srcdir ?= ../../../../.. >> > @@ -32,6 +32,7 @@ >> > >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> > >> > +# Avoid empty strings. >> > ifeq ($(strip $(DISTRO_VER)),) >> > DISTRO_VER := generic >> > endif >> > @@ -41,10 +42,17 @@ >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule >> > >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy >> > >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> > >> > +# Do we have a special set of policies in the SCM to install? >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> > +else >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> > +endif >> > + >> > .PHONY: all clean cleanup install load >> > >> > CLEAN_DEPS := cleanup >> > @@ -55,34 +63,24 @@ >> > -$(SEMODULE) -r test_policy >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te >> > >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) >> > -MAKE_TARGETS := >> > - >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> > - >> > -# load remains for backwards compatibility... >> > -load: >> > - $(MAKE) -C $(TEST_POLICY_DIR) >> > -else >> > - >> > MAKE_TARGETS := test_policy.te >> > >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> > - >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) >> > - >> > ifneq ($(CHECKPOLICY_VERS),24) >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) >> > endif >> > >> > +# This is being done to preserve precedence; test_global.te must come first. >> > +POLICY_FILES := test_global.te \ >> > + $(filter-out test_global.te,$(notdir $(wildcard >> > $(TEST_POLICY_DIR)/*.te))) >> > + >> > load: >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ >> > else \ >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> > false; \ >> > fi >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to >> be deleted as well, FYI... > > Ok. test policy appears to build (on Fedora) when running make by hand > from the refpolicy directory, but you still can't run the tests, either > from /opt/ltp or from the source tree. > > # cd /opt/ltp/testscripts && ./test_selinux.sh > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > /etc/selinux /opt/ltp > /opt/ltp > allow_domain_fd_use --> off > allow_domain_fd_use exists setting > building and installing test_policy module... > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory > make: *** No rule to make target `load'. Stop. > Failed to build and load test_policy module, aborting test run. > /etc/selinux /opt/ltp > /opt/ltp > > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > /etc/selinux /home/sds/ltp > /home/sds/ltp > allow_domain_fd_use --> off > allow_domain_fd_use exists setting > building and installing test_policy module... > make[1]: Entering directory `/usr/share/selinux/devel' > rm -fR tmp > rm -f *.pp > make[1]: Leaving directory `/usr/share/selinux/devel' > make[1]: Entering directory `/usr/share/selinux/devel' > Compiling targeted test_policy module > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp > /usr/bin/checkmodule: policy configuration loaded > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod > Creating targeted test_policy.pp policy package > rm tmp/test_policy.mod tmp/test_policy.mod.fc > make[1]: Leaving directory `/usr/share/selinux/devel' > Successfully built and loaded test_policy module. > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > Running the SELinux testsuite... > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory > /usr/bin/chcon: missing operand > Try `/usr/bin/chcon --help' for more information. > Removing test_policy module... > /usr/sbin/semodule -r test_policy > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te > allow_domain_fd_use --> off > allow_domain_fd_use exists setting > Done. > > Both test_selinux.sh and tests/runtest.sh need to be updated. > > -- > Stephen Smalley > National Security Agency Ok, next patch then... Let me know how this goes (I took a quick look and I didn't see anything suspicious in the test scripts themselves..). Thanks, -Garrett Index: tests/runtest.sh =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/runtest.sh,v retrieving revision 1.2 diff -u -r1.2 runtest.sh --- tests/runtest.sh 6 Apr 2008 10:27:36 -0000 1.2 +++ tests/runtest.sh 13 Jan 2010 06:49:48 -0000 @@ -12,7 +12,7 @@ global_setup() { # Must be root to run the selinux testsuite - if [ $UID != 0 ] + if [ $(id -ru) -ne 0 ] then echo "FAILED: Must be root to execute this script" exit 1 @@ -38,14 +38,14 @@ exit fi - # Save and later restore /tmp's type. + # Save and later restore $TMP's type. # We need to change it's type to work within test domain - SAVETMPTYPE=`ls -Zd /tmp | awk '{ print $4 }' | awk -F: '{ print $3 }'` - chcon -t test_file_t /tmp + SAVETMPTYPE=`ls -Zd $TMP | awk '{ print $4 }' | awk -F: '{ print $3 }'` + chcon -t test_file_t $TMP - mkdir /tmp/selinux > /dev/null 2>&1 - chcon -t test_file_t /tmp/selinux - export SELINUXTMPDIR=/tmp/selinux + mkdir $TMP/selinux > /dev/null 2>&1 + chcon -t test_file_t $TMP/selinux + export SELINUXTMPDIR=$TMP/selinux # It seems LTP wants executables to reside in the # $LTPROOT/testcases/bin directory. However, this directory @@ -61,9 +61,9 @@ global_cleanup() { - # Restore original type of /tmp - chcon -t $SAVETMPTYPE /tmp - rm -rf /tmp/selinux + # Restore original type of $TMP + chcon -t $SAVETMPTYPE $TMP + rm -rf $TMP/selinux # Restore original type of .../testcases/bin directory chcon -t $SAVEBINTYPE $LTPBIN @@ -71,6 +71,7 @@ exit 0 } +export TMP=${TMP:-/tmp} global_setup -./$1/selinux_$1.sh +selinux_$1.sh global_cleanup Index: ../../../../testscripts/test_selinux.sh =================================================================== RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v retrieving revision 1.14 diff -u -r1.14 test_selinux.sh --- ../../../../testscripts/test_selinux.sh 12 Jan 2010 08:35:59 -0000 1.14 +++ ../../../../testscripts/test_selinux.sh 13 Jan 2010 06:49:48 -0000 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) International Business Machines Corp., 2005 # @@ -23,32 +23,33 @@ } config_allow_domain_fd_use () { - setval=$1 - /usr/sbin/getsebool allow_domain_fd_use - getseRC=$? - if [ "$getseRC" -eq "0" ]; then - echo "allow_domain_fd_use exists setting" - /usr/sbin/setsebool allow_domain_fd_use=$setval - fi + setval=$1 + if /usr/sbin/getsebool allow_domain_fd_use; then + echo "allow_domain_fd_use exists setting" + /usr/sbin/setsebool allow_domain_fd_use=$setval + fi } # Must be root to run the selinux testsuite -if [ $UID != 0 ] +if [ $(id -ru) -ne 0 ] then echo "FAILED: Must be root to execute this script" exit 1 fi # set the LTPROOT directory -cd `dirname $0` -LTPROOT=${PWD} -TMP=${TMP:-/tmp} -echo $LTPROOT | grep testscripts > /dev/null 2>&1 -if [ $? -eq 0 ] +LTPROOT=${LTPROOT:=${0%/*}} +cd "$LTPROOT" +export TMP=${TMP:-/tmp} +# If we're in the testscripts directory, go down a dir.. +LTPROOT_TMP=${LTPROOT%/testscripts} +if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] then cd .. - LTPROOT=${PWD} + LTPROOT=$LTPROOT_TMP fi +export LTPROOT +unset LTPROOT_TMP # set the PATH to include testcase/bin @@ -57,11 +58,8 @@ # We will store the logfiles in $LTPROOT/results, so make sure # it exists. -if [ ! -d $LTPROOT/results ] -then - /bin/mkdir $LTPROOT/results -fi - +test -d $LTPROOT/results || /bin/mkdir $LTPROOT/results + # Check the role and mode testsuite is being executed under. SELINUX_CONTEXT=`/usr/bin/id | sed 's/.* //'` @@ -78,10 +76,12 @@ SEMODULE="/usr/sbin/semodule" -if [ -f $SEMODULE ]; then - POLICYDIR="$LTPROOT/testcases/selinux-testsuite/refpolicy" +POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite" + +if [ -x $SEMODULE ]; then + POLICYDIR="$POLICYDIR/refpolicy" else - POLICYDIR="$LTPROOT/testcases/selinux-testsuite/policy" + POLICYDIR="$POLICYDIR/policy" fi config_set_expandcheck @@ -137,4 +137,3 @@ cd $LTPROOT echo "Done." -exit 0 ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 6:51 ` Garrett Cooper @ 2010-01-13 6:54 ` Garrett Cooper 2010-01-13 13:43 ` Stephen Smalley 1 sibling, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-13 6:54 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Tue, Jan 12, 2010 at 10:51 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: >>> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd >>> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy >>> > Make logic): >>> > >>> > Index: refpolicy/Makefile >>> > =================================================================== >>> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >>> > retrieving revision 1.12 >>> > diff -u -r1.12 Makefile >>> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 >>> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 >>> > @@ -17,7 +17,7 @@ >>> > # with this program; if not, write to the Free Software Foundation, Inc., >>> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. >>> > # >>> > -# Garrett Cooper, August 2009 >>> > +# Garrett Cooper, January 2010 >>> > # >>> > >>> > top_srcdir ?= ../../../../.. >>> > @@ -32,6 +32,7 @@ >>> > >>> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >>> > >>> > +# Avoid empty strings. >>> > ifeq ($(strip $(DISTRO_VER)),) >>> > DISTRO_VER := generic >>> > endif >>> > @@ -41,10 +42,17 @@ >>> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >>> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule >>> > >>> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite >>> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy >>> > >>> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files >>> > >>> > +# Do we have a special set of policies in the SCM to install? >>> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) >>> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >>> > +else >>> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >>> > +endif >>> > + >>> > .PHONY: all clean cleanup install load >>> > >>> > CLEAN_DEPS := cleanup >>> > @@ -55,34 +63,24 @@ >>> > -$(SEMODULE) -r test_policy >>> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te >>> > >>> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) >>> > -MAKE_TARGETS := >>> > - >>> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >>> > - >>> > -# load remains for backwards compatibility... >>> > -load: >>> > - $(MAKE) -C $(TEST_POLICY_DIR) >>> > -else >>> > - >>> > MAKE_TARGETS := test_policy.te >>> > >>> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >>> > - >>> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir >>> > $(wildcard $(TEST_POLICY_DIR)/*.te))) >>> > - >>> > ifneq ($(CHECKPOLICY_VERS),24) >>> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) >>> > endif >>> > >>> > +# This is being done to preserve precedence; test_global.te must come first. >>> > +POLICY_FILES := test_global.te \ >>> > + $(filter-out test_global.te,$(notdir $(wildcard >>> > $(TEST_POLICY_DIR)/*.te))) >>> > + >>> > load: >>> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >>> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ >>> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >>> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ >>> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ >>> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ >>> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ >>> > else \ >>> > - echo "ERROR: You must have selinux-policy-devel installed."; \ >>> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >>> > false; \ >>> > fi >>> >>> There's a stray endif on line 90 of refpolicy/Makefile that needs to >>> be deleted as well, FYI... >> >> Ok. test policy appears to build (on Fedora) when running make by hand >> from the refpolicy directory, but you still can't run the tests, either >> from /opt/ltp or from the source tree. >> >> # cd /opt/ltp/testscripts && ./test_selinux.sh >> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> /etc/selinux /opt/ltp >> /opt/ltp >> allow_domain_fd_use --> off >> allow_domain_fd_use exists setting >> building and installing test_policy module... >> ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory >> make: *** No rule to make target `load'. Stop. >> Failed to build and load test_policy module, aborting test run. >> /etc/selinux /opt/ltp >> /opt/ltp >> >> # cd LTP_SRCDIR/testscripts && ./test_selinux.sh >> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> /etc/selinux /home/sds/ltp >> /home/sds/ltp >> allow_domain_fd_use --> off >> allow_domain_fd_use exists setting >> building and installing test_policy module... >> make[1]: Entering directory `/usr/share/selinux/devel' >> rm -fR tmp >> rm -f *.pp >> make[1]: Leaving directory `/usr/share/selinux/devel' >> make[1]: Entering directory `/usr/share/selinux/devel' >> Compiling targeted test_policy module >> /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp >> /usr/bin/checkmodule: policy configuration loaded >> /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod >> Creating targeted test_policy.pp policy package >> rm tmp/test_policy.mod tmp/test_policy.mod.fc >> make[1]: Leaving directory `/usr/share/selinux/devel' >> Successfully built and loaded test_policy module. >> /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> Running the SELinux testsuite... >> ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory >> /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory >> ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory >> /usr/bin/chcon: missing operand >> Try `/usr/bin/chcon --help' for more information. >> Removing test_policy module... >> /usr/sbin/semodule -r test_policy >> rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te >> allow_domain_fd_use --> off >> allow_domain_fd_use exists setting >> Done. >> >> Both test_selinux.sh and tests/runtest.sh need to be updated. >> >> -- >> Stephen Smalley >> National Security Agency > > Ok, next patch then... Let me know how this goes (I took a quick > look and I didn't see anything suspicious in the test scripts > themselves..). > Thanks, > -Garrett > > Index: tests/runtest.sh > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/runtest.sh,v > retrieving revision 1.2 > diff -u -r1.2 runtest.sh > --- tests/runtest.sh 6 Apr 2008 10:27:36 -0000 1.2 > +++ tests/runtest.sh 13 Jan 2010 06:49:48 -0000 > @@ -12,7 +12,7 @@ > global_setup() > { > # Must be root to run the selinux testsuite > - if [ $UID != 0 ] > + if [ $(id -ru) -ne 0 ] > then > echo "FAILED: Must be root to execute this script" > exit 1 > @@ -38,14 +38,14 @@ > exit > fi > > - # Save and later restore /tmp's type. > + # Save and later restore $TMP's type. > # We need to change it's type to work within test domain > - SAVETMPTYPE=`ls -Zd /tmp | awk '{ print $4 }' | awk -F: '{ print $3 }'` > - chcon -t test_file_t /tmp > + SAVETMPTYPE=`ls -Zd $TMP | awk '{ print $4 }' | awk -F: '{ print $3 }'` > + chcon -t test_file_t $TMP > > - mkdir /tmp/selinux > /dev/null 2>&1 > - chcon -t test_file_t /tmp/selinux > - export SELINUXTMPDIR=/tmp/selinux > + mkdir $TMP/selinux > /dev/null 2>&1 > + chcon -t test_file_t $TMP/selinux > + export SELINUXTMPDIR=$TMP/selinux > > # It seems LTP wants executables to reside in the > # $LTPROOT/testcases/bin directory. However, this directory > @@ -61,9 +61,9 @@ > global_cleanup() > { > > - # Restore original type of /tmp > - chcon -t $SAVETMPTYPE /tmp > - rm -rf /tmp/selinux > + # Restore original type of $TMP > + chcon -t $SAVETMPTYPE $TMP > + rm -rf $TMP/selinux > > # Restore original type of .../testcases/bin directory > chcon -t $SAVEBINTYPE $LTPBIN > @@ -71,6 +71,7 @@ > exit 0 > } > > +export TMP=${TMP:-/tmp} > global_setup > -./$1/selinux_$1.sh > +selinux_$1.sh > global_cleanup > Index: ../../../../testscripts/test_selinux.sh > =================================================================== > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > retrieving revision 1.14 > diff -u -r1.14 test_selinux.sh > --- ../../../../testscripts/test_selinux.sh 12 Jan 2010 08:35:59 -0000 1.14 > +++ ../../../../testscripts/test_selinux.sh 13 Jan 2010 06:49:48 -0000 > @@ -1,4 +1,4 @@ > -#!/bin/bash > +#!/bin/sh > # > # Copyright (c) International Business Machines Corp., 2005 > # > @@ -23,32 +23,33 @@ > } > > config_allow_domain_fd_use () { > - setval=$1 > - /usr/sbin/getsebool allow_domain_fd_use > - getseRC=$? > - if [ "$getseRC" -eq "0" ]; then > - echo "allow_domain_fd_use exists setting" > - /usr/sbin/setsebool allow_domain_fd_use=$setval > - fi > + setval=$1 > + if /usr/sbin/getsebool allow_domain_fd_use; then > + echo "allow_domain_fd_use exists setting" > + /usr/sbin/setsebool allow_domain_fd_use=$setval > + fi > } > > # Must be root to run the selinux testsuite > -if [ $UID != 0 ] > +if [ $(id -ru) -ne 0 ] > then > echo "FAILED: Must be root to execute this script" > exit 1 > fi > > # set the LTPROOT directory > -cd `dirname $0` > -LTPROOT=${PWD} > -TMP=${TMP:-/tmp} > -echo $LTPROOT | grep testscripts > /dev/null 2>&1 > -if [ $? -eq 0 ] > +LTPROOT=${LTPROOT:=${0%/*}} > +cd "$LTPROOT" > +export TMP=${TMP:-/tmp} > +# If we're in the testscripts directory, go down a dir.. > +LTPROOT_TMP=${LTPROOT%/testscripts} > +if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] > then > cd .. > - LTPROOT=${PWD} > + LTPROOT=$LTPROOT_TMP > fi > +export LTPROOT > +unset LTPROOT_TMP > > # set the PATH to include testcase/bin > > @@ -57,11 +58,8 @@ > > # We will store the logfiles in $LTPROOT/results, so make sure > # it exists. > -if [ ! -d $LTPROOT/results ] > -then > - /bin/mkdir $LTPROOT/results > -fi > - > +test -d $LTPROOT/results || /bin/mkdir $LTPROOT/results > + > # Check the role and mode testsuite is being executed under. > > SELINUX_CONTEXT=`/usr/bin/id | sed 's/.* //'` > @@ -78,10 +76,12 @@ > > SEMODULE="/usr/sbin/semodule" > > -if [ -f $SEMODULE ]; then > - POLICYDIR="$LTPROOT/testcases/selinux-testsuite/refpolicy" > +POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite" > + > +if [ -x $SEMODULE ]; then > + POLICYDIR="$POLICYDIR/refpolicy" > else > - POLICYDIR="$LTPROOT/testcases/selinux-testsuite/policy" > + POLICYDIR="$POLICYDIR/policy" > fi > > config_set_expandcheck > @@ -137,4 +137,3 @@ > > cd $LTPROOT > echo "Done." > -exit 0 One other thing before I go off for a while ... I think it's a bad idea to be invoking make as part of the test itself. Do you oppose the idea of moving load and cleanup into proper bourne shell scripts, and then have them run as setup and teardown for the tests? That way: a) folks can build and install everything into an LTP install tree without being root, b) folks that have selinux support, but not make tools can actually run the tests. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 6:51 ` Garrett Cooper 2010-01-13 6:54 ` Garrett Cooper @ 2010-01-13 13:43 ` Stephen Smalley 2010-01-13 18:52 ` Garrett Cooper 1 sibling, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-13 13:43 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: > On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: > >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd > >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy > >> > Make logic): > >> > > >> > Index: refpolicy/Makefile > >> > =================================================================== > >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > >> > retrieving revision 1.12 > >> > diff -u -r1.12 Makefile > >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 > >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 > >> > @@ -17,7 +17,7 @@ > >> > # with this program; if not, write to the Free Software Foundation, Inc., > >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > >> > # > >> > -# Garrett Cooper, August 2009 > >> > +# Garrett Cooper, January 2010 > >> > # > >> > > >> > top_srcdir ?= ../../../../.. > >> > @@ -32,6 +32,7 @@ > >> > > >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > >> > > >> > +# Avoid empty strings. > >> > ifeq ($(strip $(DISTRO_VER)),) > >> > DISTRO_VER := generic > >> > endif > >> > @@ -41,10 +42,17 @@ > >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule > >> > > >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite > >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy > >> > > >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > >> > > >> > +# Do we have a special set of policies in the SCM to install? > >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) > >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > >> > +else > >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > >> > +endif > >> > + > >> > .PHONY: all clean cleanup install load > >> > > >> > CLEAN_DEPS := cleanup > >> > @@ -55,34 +63,24 @@ > >> > -$(SEMODULE) -r test_policy > >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te > >> > > >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) > >> > -MAKE_TARGETS := > >> > - > >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > >> > - > >> > -# load remains for backwards compatibility... > >> > -load: > >> > - $(MAKE) -C $(TEST_POLICY_DIR) > >> > -else > >> > - > >> > MAKE_TARGETS := test_policy.te > >> > > >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > >> > - > >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir > >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) > >> > - > >> > ifneq ($(CHECKPOLICY_VERS),24) > >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) > >> > endif > >> > > >> > +# This is being done to preserve precedence; test_global.te must come first. > >> > +POLICY_FILES := test_global.te \ > >> > + $(filter-out test_global.te,$(notdir $(wildcard > >> > $(TEST_POLICY_DIR)/*.te))) > >> > + > >> > load: > >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ > >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ > >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ > >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ > >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ > >> > else \ > >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ > >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > >> > false; \ > >> > fi > >> > >> There's a stray endif on line 90 of refpolicy/Makefile that needs to > >> be deleted as well, FYI... > > > > Ok. test policy appears to build (on Fedora) when running make by hand > > from the refpolicy directory, but you still can't run the tests, either > > from /opt/ltp or from the source tree. > > > > # cd /opt/ltp/testscripts && ./test_selinux.sh > > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > /etc/selinux /opt/ltp > > /opt/ltp > > allow_domain_fd_use --> off > > allow_domain_fd_use exists setting > > building and installing test_policy module... > > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory > > make: *** No rule to make target `load'. Stop. > > Failed to build and load test_policy module, aborting test run. > > /etc/selinux /opt/ltp > > /opt/ltp > > > > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh > > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > /etc/selinux /home/sds/ltp > > /home/sds/ltp > > allow_domain_fd_use --> off > > allow_domain_fd_use exists setting > > building and installing test_policy module... > > make[1]: Entering directory `/usr/share/selinux/devel' > > rm -fR tmp > > rm -f *.pp > > make[1]: Leaving directory `/usr/share/selinux/devel' > > make[1]: Entering directory `/usr/share/selinux/devel' > > Compiling targeted test_policy module > > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp > > /usr/bin/checkmodule: policy configuration loaded > > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod > > Creating targeted test_policy.pp policy package > > rm tmp/test_policy.mod tmp/test_policy.mod.fc > > make[1]: Leaving directory `/usr/share/selinux/devel' > > Successfully built and loaded test_policy module. > > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > Running the SELinux testsuite... > > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory > > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory > > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory > > /usr/bin/chcon: missing operand > > Try `/usr/bin/chcon --help' for more information. > > Removing test_policy module... > > /usr/sbin/semodule -r test_policy > > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te > > allow_domain_fd_use --> off > > allow_domain_fd_use exists setting > > Done. > > > > Both test_selinux.sh and tests/runtest.sh need to be updated. > > > > -- > > Stephen Smalley > > National Security Agency > > Ok, next patch then... Let me know how this goes (I took a quick > look and I didn't see anything suspicious in the test scripts > themselves..). > Thanks, > -Garrett patching file ../../../../testscripts/test_selinux.sh Hunk #2 FAILED at 23. Hunk #3 FAILED at 57. 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej I think it would work better if you just committed all of the patches thus far and I can just re-test cvs head. If you do post any further patches, please make them relative to the top of the tree. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 13:43 ` Stephen Smalley @ 2010-01-13 18:52 ` Garrett Cooper 2010-01-13 19:18 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-13 18:52 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy >> >> > Make logic): >> >> > >> >> > Index: refpolicy/Makefile >> >> > =================================================================== >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> >> > retrieving revision 1.12 >> >> > diff -u -r1.12 Makefile >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 >> >> > @@ -17,7 +17,7 @@ >> >> > # with this program; if not, write to the Free Software Foundation, Inc., >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. >> >> > # >> >> > -# Garrett Cooper, August 2009 >> >> > +# Garrett Cooper, January 2010 >> >> > # >> >> > >> >> > top_srcdir ?= ../../../../.. >> >> > @@ -32,6 +32,7 @@ >> >> > >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> >> > >> >> > +# Avoid empty strings. >> >> > ifeq ($(strip $(DISTRO_VER)),) >> >> > DISTRO_VER := generic >> >> > endif >> >> > @@ -41,10 +42,17 @@ >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule >> >> > >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy >> >> > >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> > >> >> > +# Do we have a special set of policies in the SCM to install? >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> > +else >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> > +endif >> >> > + >> >> > .PHONY: all clean cleanup install load >> >> > >> >> > CLEAN_DEPS := cleanup >> >> > @@ -55,34 +63,24 @@ >> >> > -$(SEMODULE) -r test_policy >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te >> >> > >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) >> >> > -MAKE_TARGETS := >> >> > - >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> > - >> >> > -# load remains for backwards compatibility... >> >> > -load: >> >> > - $(MAKE) -C $(TEST_POLICY_DIR) >> >> > -else >> >> > - >> >> > MAKE_TARGETS := test_policy.te >> >> > >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> > - >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> > - >> >> > ifneq ($(CHECKPOLICY_VERS),24) >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) >> >> > endif >> >> > >> >> > +# This is being done to preserve precedence; test_global.te must come first. >> >> > +POLICY_FILES := test_global.te \ >> >> > + $(filter-out test_global.te,$(notdir $(wildcard >> >> > $(TEST_POLICY_DIR)/*.te))) >> >> > + >> >> > load: >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ >> >> > else \ >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> >> > false; \ >> >> > fi >> >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to >> >> be deleted as well, FYI... >> > >> > Ok. test policy appears to build (on Fedora) when running make by hand >> > from the refpolicy directory, but you still can't run the tests, either >> > from /opt/ltp or from the source tree. >> > >> > # cd /opt/ltp/testscripts && ./test_selinux.sh >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> > /etc/selinux /opt/ltp >> > /opt/ltp >> > allow_domain_fd_use --> off >> > allow_domain_fd_use exists setting >> > building and installing test_policy module... >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory >> > make: *** No rule to make target `load'. Stop. >> > Failed to build and load test_policy module, aborting test run. >> > /etc/selinux /opt/ltp >> > /opt/ltp >> > >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> > /etc/selinux /home/sds/ltp >> > /home/sds/ltp >> > allow_domain_fd_use --> off >> > allow_domain_fd_use exists setting >> > building and installing test_policy module... >> > make[1]: Entering directory `/usr/share/selinux/devel' >> > rm -fR tmp >> > rm -f *.pp >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> > make[1]: Entering directory `/usr/share/selinux/devel' >> > Compiling targeted test_policy module >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp >> > /usr/bin/checkmodule: policy configuration loaded >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod >> > Creating targeted test_policy.pp policy package >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> > Successfully built and loaded test_policy module. >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> > Running the SELinux testsuite... >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory >> > /usr/bin/chcon: missing operand >> > Try `/usr/bin/chcon --help' for more information. >> > Removing test_policy module... >> > /usr/sbin/semodule -r test_policy >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te >> > allow_domain_fd_use --> off >> > allow_domain_fd_use exists setting >> > Done. >> > >> > Both test_selinux.sh and tests/runtest.sh need to be updated. >> > >> > -- >> > Stephen Smalley >> > National Security Agency >> >> Ok, next patch then... Let me know how this goes (I took a quick >> look and I didn't see anything suspicious in the test scripts >> themselves..). >> Thanks, >> -Garrett > > patching file ../../../../testscripts/test_selinux.sh > Hunk #2 FAILED at 23. > Hunk #3 FAILED at 57. > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej > > I think it would work better if you just committed all of the patches > thus far and I can just re-test cvs head. > > If you do post any further patches, please make them relative to the top > of the tree. Ugh, I hate CVS diffs too (so I understand)... I was trying to avoid committing intermediate work, but as long as this gets fixed before the next snapshot, I guess that's fine. Committed the next step to CVS. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 18:52 ` Garrett Cooper @ 2010-01-13 19:18 ` Stephen Smalley 2010-01-13 19:37 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-13 19:18 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote: > On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: > >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: > >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd > >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy > >> >> > Make logic): > >> >> > > >> >> > Index: refpolicy/Makefile > >> >> > =================================================================== > >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > >> >> > retrieving revision 1.12 > >> >> > diff -u -r1.12 Makefile > >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 > >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 > >> >> > @@ -17,7 +17,7 @@ > >> >> > # with this program; if not, write to the Free Software Foundation, Inc., > >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > >> >> > # > >> >> > -# Garrett Cooper, August 2009 > >> >> > +# Garrett Cooper, January 2010 > >> >> > # > >> >> > > >> >> > top_srcdir ?= ../../../../.. > >> >> > @@ -32,6 +32,7 @@ > >> >> > > >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > >> >> > > >> >> > +# Avoid empty strings. > >> >> > ifeq ($(strip $(DISTRO_VER)),) > >> >> > DISTRO_VER := generic > >> >> > endif > >> >> > @@ -41,10 +42,17 @@ > >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule > >> >> > > >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite > >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy > >> >> > > >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > >> >> > > >> >> > +# Do we have a special set of policies in the SCM to install? > >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) > >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > >> >> > +else > >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > >> >> > +endif > >> >> > + > >> >> > .PHONY: all clean cleanup install load > >> >> > > >> >> > CLEAN_DEPS := cleanup > >> >> > @@ -55,34 +63,24 @@ > >> >> > -$(SEMODULE) -r test_policy > >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te > >> >> > > >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) > >> >> > -MAKE_TARGETS := > >> >> > - > >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > >> >> > - > >> >> > -# load remains for backwards compatibility... > >> >> > -load: > >> >> > - $(MAKE) -C $(TEST_POLICY_DIR) > >> >> > -else > >> >> > - > >> >> > MAKE_TARGETS := test_policy.te > >> >> > > >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > >> >> > - > >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir > >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) > >> >> > - > >> >> > ifneq ($(CHECKPOLICY_VERS),24) > >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) > >> >> > endif > >> >> > > >> >> > +# This is being done to preserve precedence; test_global.te must come first. > >> >> > +POLICY_FILES := test_global.te \ > >> >> > + $(filter-out test_global.te,$(notdir $(wildcard > >> >> > $(TEST_POLICY_DIR)/*.te))) > >> >> > + > >> >> > load: > >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ > >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ > >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ > >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ > >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ > >> >> > else \ > >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ > >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > >> >> > false; \ > >> >> > fi > >> >> > >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to > >> >> be deleted as well, FYI... > >> > > >> > Ok. test policy appears to build (on Fedora) when running make by hand > >> > from the refpolicy directory, but you still can't run the tests, either > >> > from /opt/ltp or from the source tree. > >> > > >> > # cd /opt/ltp/testscripts && ./test_selinux.sh > >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > >> > /etc/selinux /opt/ltp > >> > /opt/ltp > >> > allow_domain_fd_use --> off > >> > allow_domain_fd_use exists setting > >> > building and installing test_policy module... > >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory > >> > make: *** No rule to make target `load'. Stop. > >> > Failed to build and load test_policy module, aborting test run. > >> > /etc/selinux /opt/ltp > >> > /opt/ltp > >> > > >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh > >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > >> > /etc/selinux /home/sds/ltp > >> > /home/sds/ltp > >> > allow_domain_fd_use --> off > >> > allow_domain_fd_use exists setting > >> > building and installing test_policy module... > >> > make[1]: Entering directory `/usr/share/selinux/devel' > >> > rm -fR tmp > >> > rm -f *.pp > >> > make[1]: Leaving directory `/usr/share/selinux/devel' > >> > make[1]: Entering directory `/usr/share/selinux/devel' > >> > Compiling targeted test_policy module > >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp > >> > /usr/bin/checkmodule: policy configuration loaded > >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod > >> > Creating targeted test_policy.pp policy package > >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc > >> > make[1]: Leaving directory `/usr/share/selinux/devel' > >> > Successfully built and loaded test_policy module. > >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > >> > Running the SELinux testsuite... > >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory > >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory > >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory > >> > /usr/bin/chcon: missing operand > >> > Try `/usr/bin/chcon --help' for more information. > >> > Removing test_policy module... > >> > /usr/sbin/semodule -r test_policy > >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te > >> > allow_domain_fd_use --> off > >> > allow_domain_fd_use exists setting > >> > Done. > >> > > >> > Both test_selinux.sh and tests/runtest.sh need to be updated. > >> > > >> > -- > >> > Stephen Smalley > >> > National Security Agency > >> > >> Ok, next patch then... Let me know how this goes (I took a quick > >> look and I didn't see anything suspicious in the test scripts > >> themselves..). > >> Thanks, > >> -Garrett > > > > patching file ../../../../testscripts/test_selinux.sh > > Hunk #2 FAILED at 23. > > Hunk #3 FAILED at 57. > > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej > > > > I think it would work better if you just committed all of the patches > > thus far and I can just re-test cvs head. > > > > If you do post any further patches, please make them relative to the top > > of the tree. > > Ugh, I hate CVS diffs too (so I understand)... I was trying to > avoid committing intermediate work, but as long as this gets fixed > before the next snapshot, I guess that's fine. Committed the next step > to CVS. # cd /opt/ltp # ./testscripts/test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /opt/ltp /opt/ltp allow_domain_fd_use --> off allow_domain_fd_use exists setting building and installing test_policy module... make: *** No rule to make target `load'. Stop. Failed to build and load test_policy module, aborting test run. /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy There is no Makefile under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy, only in the source tree. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 19:18 ` Stephen Smalley @ 2010-01-13 19:37 ` Garrett Cooper 2010-01-13 19:49 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-13 19:37 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote: >> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: >> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: >> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd >> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy >> >> >> > Make logic): >> >> >> > >> >> >> > Index: refpolicy/Makefile >> >> >> > =================================================================== >> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> >> >> > retrieving revision 1.12 >> >> >> > diff -u -r1.12 Makefile >> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 >> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 >> >> >> > @@ -17,7 +17,7 @@ >> >> >> > # with this program; if not, write to the Free Software Foundation, Inc., >> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. >> >> >> > # >> >> >> > -# Garrett Cooper, August 2009 >> >> >> > +# Garrett Cooper, January 2010 >> >> >> > # >> >> >> > >> >> >> > top_srcdir ?= ../../../../.. >> >> >> > @@ -32,6 +32,7 @@ >> >> >> > >> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> >> >> > >> >> >> > +# Avoid empty strings. >> >> >> > ifeq ($(strip $(DISTRO_VER)),) >> >> >> > DISTRO_VER := generic >> >> >> > endif >> >> >> > @@ -41,10 +42,17 @@ >> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule >> >> >> > >> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite >> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy >> >> >> > >> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> >> > >> >> >> > +# Do we have a special set of policies in the SCM to install? >> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> >> > +else >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> >> > +endif >> >> >> > + >> >> >> > .PHONY: all clean cleanup install load >> >> >> > >> >> >> > CLEAN_DEPS := cleanup >> >> >> > @@ -55,34 +63,24 @@ >> >> >> > -$(SEMODULE) -r test_policy >> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te >> >> >> > >> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) >> >> >> > -MAKE_TARGETS := >> >> >> > - >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> >> > - >> >> >> > -# load remains for backwards compatibility... >> >> >> > -load: >> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR) >> >> >> > -else >> >> >> > - >> >> >> > MAKE_TARGETS := test_policy.te >> >> >> > >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> >> > - >> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir >> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> >> > - >> >> >> > ifneq ($(CHECKPOLICY_VERS),24) >> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) >> >> >> > endif >> >> >> > >> >> >> > +# This is being done to preserve precedence; test_global.te must come first. >> >> >> > +POLICY_FILES := test_global.te \ >> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard >> >> >> > $(TEST_POLICY_DIR)/*.te))) >> >> >> > + >> >> >> > load: >> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ >> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ >> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ >> >> >> > else \ >> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ >> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> >> >> > false; \ >> >> >> > fi >> >> >> >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to >> >> >> be deleted as well, FYI... >> >> > >> >> > Ok. test policy appears to build (on Fedora) when running make by hand >> >> > from the refpolicy directory, but you still can't run the tests, either >> >> > from /opt/ltp or from the source tree. >> >> > >> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> > /etc/selinux /opt/ltp >> >> > /opt/ltp >> >> > allow_domain_fd_use --> off >> >> > allow_domain_fd_use exists setting >> >> > building and installing test_policy module... >> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory >> >> > make: *** No rule to make target `load'. Stop. >> >> > Failed to build and load test_policy module, aborting test run. >> >> > /etc/selinux /opt/ltp >> >> > /opt/ltp >> >> > >> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> > /etc/selinux /home/sds/ltp >> >> > /home/sds/ltp >> >> > allow_domain_fd_use --> off >> >> > allow_domain_fd_use exists setting >> >> > building and installing test_policy module... >> >> > make[1]: Entering directory `/usr/share/selinux/devel' >> >> > rm -fR tmp >> >> > rm -f *.pp >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> >> > make[1]: Entering directory `/usr/share/selinux/devel' >> >> > Compiling targeted test_policy module >> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp >> >> > /usr/bin/checkmodule: policy configuration loaded >> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod >> >> > Creating targeted test_policy.pp policy package >> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> >> > Successfully built and loaded test_policy module. >> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> >> > Running the SELinux testsuite... >> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory >> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory >> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory >> >> > /usr/bin/chcon: missing operand >> >> > Try `/usr/bin/chcon --help' for more information. >> >> > Removing test_policy module... >> >> > /usr/sbin/semodule -r test_policy >> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te >> >> > allow_domain_fd_use --> off >> >> > allow_domain_fd_use exists setting >> >> > Done. >> >> > >> >> > Both test_selinux.sh and tests/runtest.sh need to be updated. >> >> > >> >> > -- >> >> > Stephen Smalley >> >> > National Security Agency >> >> >> >> Ok, next patch then... Let me know how this goes (I took a quick >> >> look and I didn't see anything suspicious in the test scripts >> >> themselves..). >> >> Thanks, >> >> -Garrett >> > >> > patching file ../../../../testscripts/test_selinux.sh >> > Hunk #2 FAILED at 23. >> > Hunk #3 FAILED at 57. >> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej >> > >> > I think it would work better if you just committed all of the patches >> > thus far and I can just re-test cvs head. >> > >> > If you do post any further patches, please make them relative to the top >> > of the tree. >> >> Ugh, I hate CVS diffs too (so I understand)... I was trying to >> avoid committing intermediate work, but as long as this gets fixed >> before the next snapshot, I guess that's fine. Committed the next step >> to CVS. > > # cd /opt/ltp > # ./testscripts/test_selinux.sh > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > /etc/selinux /opt/ltp > /opt/ltp > allow_domain_fd_use --> off > allow_domain_fd_use exists setting > building and installing test_policy module... > make: *** No rule to make target `load'. Stop. > Failed to build and load test_policy module, aborting test run. > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > There is no Makefile > under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy, > only in the source tree. Yeah, you're right. I was trying to beat around this bush by not copying these over, but it's better to have the test running and be improperly designed than it is for regressions to leak by today, until the day comes where these items are fixed. 1. So, Makefile is now copied over by default. 2. load is no longer done as part of all / install (test_selinux.sh was performing that function). So once the tests have been written to make and install independent of selinux-devel, etc... we'll be in good shape and I will switch these back to all / install dependent targets. I was trying to do it that way to avoid requiring make on the target under test, but I need to better understand the subject matter under test before we get to that point. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 19:37 ` Garrett Cooper @ 2010-01-13 19:49 ` Stephen Smalley 2010-01-13 21:58 ` Garrett Cooper 2010-01-13 22:00 ` Serge E. Hallyn 0 siblings, 2 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-13 19:49 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote: > On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote: > >> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: > >> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: > >> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd > >> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy > >> >> >> > Make logic): > >> >> >> > > >> >> >> > Index: refpolicy/Makefile > >> >> >> > =================================================================== > >> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > >> >> >> > retrieving revision 1.12 > >> >> >> > diff -u -r1.12 Makefile > >> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 > >> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 > >> >> >> > @@ -17,7 +17,7 @@ > >> >> >> > # with this program; if not, write to the Free Software Foundation, Inc., > >> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > >> >> >> > # > >> >> >> > -# Garrett Cooper, August 2009 > >> >> >> > +# Garrett Cooper, January 2010 > >> >> >> > # > >> >> >> > > >> >> >> > top_srcdir ?= ../../../../.. > >> >> >> > @@ -32,6 +32,7 @@ > >> >> >> > > >> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) > >> >> >> > > >> >> >> > +# Avoid empty strings. > >> >> >> > ifeq ($(strip $(DISTRO_VER)),) > >> >> >> > DISTRO_VER := generic > >> >> >> > endif > >> >> >> > @@ -41,10 +42,17 @@ > >> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > >> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule > >> >> >> > > >> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite > >> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy > >> >> >> > > >> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > >> >> >> > > >> >> >> > +# Do we have a special set of policies in the SCM to install? > >> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) > >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > >> >> >> > +else > >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > >> >> >> > +endif > >> >> >> > + > >> >> >> > .PHONY: all clean cleanup install load > >> >> >> > > >> >> >> > CLEAN_DEPS := cleanup > >> >> >> > @@ -55,34 +63,24 @@ > >> >> >> > -$(SEMODULE) -r test_policy > >> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te > >> >> >> > > >> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) > >> >> >> > -MAKE_TARGETS := > >> >> >> > - > >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) > >> >> >> > - > >> >> >> > -# load remains for backwards compatibility... > >> >> >> > -load: > >> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR) > >> >> >> > -else > >> >> >> > - > >> >> >> > MAKE_TARGETS := test_policy.te > >> >> >> > > >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic > >> >> >> > - > >> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir > >> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) > >> >> >> > - > >> >> >> > ifneq ($(CHECKPOLICY_VERS),24) > >> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) > >> >> >> > endif > >> >> >> > > >> >> >> > +# This is being done to preserve precedence; test_global.te must come first. > >> >> >> > +POLICY_FILES := test_global.te \ > >> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard > >> >> >> > $(TEST_POLICY_DIR)/*.te))) > >> >> >> > + > >> >> >> > load: > >> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ > >> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ > >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ > >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ > >> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ > >> >> >> > else \ > >> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ > >> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > >> >> >> > false; \ > >> >> >> > fi > >> >> >> > >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to > >> >> >> be deleted as well, FYI... > >> >> > > >> >> > Ok. test policy appears to build (on Fedora) when running make by hand > >> >> > from the refpolicy directory, but you still can't run the tests, either > >> >> > from /opt/ltp or from the source tree. > >> >> > > >> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh > >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > >> >> > /etc/selinux /opt/ltp > >> >> > /opt/ltp > >> >> > allow_domain_fd_use --> off > >> >> > allow_domain_fd_use exists setting > >> >> > building and installing test_policy module... > >> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory > >> >> > make: *** No rule to make target `load'. Stop. > >> >> > Failed to build and load test_policy module, aborting test run. > >> >> > /etc/selinux /opt/ltp > >> >> > /opt/ltp > >> >> > > >> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh > >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > >> >> > /etc/selinux /home/sds/ltp > >> >> > /home/sds/ltp > >> >> > allow_domain_fd_use --> off > >> >> > allow_domain_fd_use exists setting > >> >> > building and installing test_policy module... > >> >> > make[1]: Entering directory `/usr/share/selinux/devel' > >> >> > rm -fR tmp > >> >> > rm -f *.pp > >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' > >> >> > make[1]: Entering directory `/usr/share/selinux/devel' > >> >> > Compiling targeted test_policy module > >> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp > >> >> > /usr/bin/checkmodule: policy configuration loaded > >> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod > >> >> > Creating targeted test_policy.pp policy package > >> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc > >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' > >> >> > Successfully built and loaded test_policy module. > >> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > >> >> > Running the SELinux testsuite... > >> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory > >> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory > >> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory > >> >> > /usr/bin/chcon: missing operand > >> >> > Try `/usr/bin/chcon --help' for more information. > >> >> > Removing test_policy module... > >> >> > /usr/sbin/semodule -r test_policy > >> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te > >> >> > allow_domain_fd_use --> off > >> >> > allow_domain_fd_use exists setting > >> >> > Done. > >> >> > > >> >> > Both test_selinux.sh and tests/runtest.sh need to be updated. > >> >> > > >> >> > -- > >> >> > Stephen Smalley > >> >> > National Security Agency > >> >> > >> >> Ok, next patch then... Let me know how this goes (I took a quick > >> >> look and I didn't see anything suspicious in the test scripts > >> >> themselves..). > >> >> Thanks, > >> >> -Garrett > >> > > >> > patching file ../../../../testscripts/test_selinux.sh > >> > Hunk #2 FAILED at 23. > >> > Hunk #3 FAILED at 57. > >> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej > >> > > >> > I think it would work better if you just committed all of the patches > >> > thus far and I can just re-test cvs head. > >> > > >> > If you do post any further patches, please make them relative to the top > >> > of the tree. > >> > >> Ugh, I hate CVS diffs too (so I understand)... I was trying to > >> avoid committing intermediate work, but as long as this gets fixed > >> before the next snapshot, I guess that's fine. Committed the next step > >> to CVS. > > > > # cd /opt/ltp > > # ./testscripts/test_selinux.sh > > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > /etc/selinux /opt/ltp > > /opt/ltp > > allow_domain_fd_use --> off > > allow_domain_fd_use exists setting > > building and installing test_policy module... > > make: *** No rule to make target `load'. Stop. > > Failed to build and load test_policy module, aborting test run. > > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > > > There is no Makefile > > under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy, > > only in the source tree. > > Yeah, you're right. I was trying to beat around this bush by not > copying these over, but it's better to have the test running and be > improperly designed than it is for regressions to leak by today, until > the day comes where these items are fixed. > > 1. So, Makefile is now copied over by default. > 2. load is no longer done as part of all / install (test_selinux.sh > was performing that function). > > So once the tests have been written to make and install independent of > selinux-devel, etc... we'll be in good shape and I will switch these > back to all / install dependent targets. I was trying to do it that > way to avoid requiring make on the target under test, but I need to > better understand the subject matter under test before we get to that > point. Unfortunately, as the Makefile now includes other .mk files and those are not copied over, it still doesn't work. Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory make: ../../../../../scripts/detect_distro.sh: Command not found Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop. Failed to build and load test_policy module, aborting test run. /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy I suppose you could perform the make load as part of all/install (preferably install as we really shouldn't need to be root to run make all - although that no longer seems to be the case for the main ltp either), and drop it from test_selinux.sh. But then they will need to know/remember to remove the test policy when finished testing. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 19:49 ` Stephen Smalley @ 2010-01-13 21:58 ` Garrett Cooper 2010-01-13 22:00 ` Serge E. Hallyn 1 sibling, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-13 21:58 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Wed, Jan 13, 2010 at 11:49 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote: >> On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> > On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote: >> >> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: >> >> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: >> >> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd >> >> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy >> >> >> >> > Make logic): >> >> >> >> > >> >> >> >> > Index: refpolicy/Makefile >> >> >> >> > =================================================================== >> >> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> >> >> >> > retrieving revision 1.12 >> >> >> >> > diff -u -r1.12 Makefile >> >> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 >> >> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 >> >> >> >> > @@ -17,7 +17,7 @@ >> >> >> >> > # with this program; if not, write to the Free Software Foundation, Inc., >> >> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. >> >> >> >> > # >> >> >> >> > -# Garrett Cooper, August 2009 >> >> >> >> > +# Garrett Cooper, January 2010 >> >> >> >> > # >> >> >> >> > >> >> >> >> > top_srcdir ?= ../../../../.. >> >> >> >> > @@ -32,6 +32,7 @@ >> >> >> >> > >> >> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> >> >> >> > >> >> >> >> > +# Avoid empty strings. >> >> >> >> > ifeq ($(strip $(DISTRO_VER)),) >> >> >> >> > DISTRO_VER := generic >> >> >> >> > endif >> >> >> >> > @@ -41,10 +42,17 @@ >> >> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule >> >> >> >> > >> >> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite >> >> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy >> >> >> >> > >> >> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> >> >> > >> >> >> >> > +# Do we have a special set of policies in the SCM to install? >> >> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) >> >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> >> >> > +else >> >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> >> >> > +endif >> >> >> >> > + >> >> >> >> > .PHONY: all clean cleanup install load >> >> >> >> > >> >> >> >> > CLEAN_DEPS := cleanup >> >> >> >> > @@ -55,34 +63,24 @@ >> >> >> >> > -$(SEMODULE) -r test_policy >> >> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te >> >> >> >> > >> >> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) >> >> >> >> > -MAKE_TARGETS := >> >> >> >> > - >> >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> >> >> > - >> >> >> >> > -# load remains for backwards compatibility... >> >> >> >> > -load: >> >> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR) >> >> >> >> > -else >> >> >> >> > - >> >> >> >> > MAKE_TARGETS := test_policy.te >> >> >> >> > >> >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> >> >> > - >> >> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir >> >> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> >> >> > - >> >> >> >> > ifneq ($(CHECKPOLICY_VERS),24) >> >> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) >> >> >> >> > endif >> >> >> >> > >> >> >> >> > +# This is being done to preserve precedence; test_global.te must come first. >> >> >> >> > +POLICY_FILES := test_global.te \ >> >> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard >> >> >> >> > $(TEST_POLICY_DIR)/*.te))) >> >> >> >> > + >> >> >> >> > load: >> >> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ >> >> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ >> >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ >> >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ >> >> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ >> >> >> >> > else \ >> >> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \ >> >> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> >> >> >> > false; \ >> >> >> >> > fi >> >> >> >> >> >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to >> >> >> >> be deleted as well, FYI... >> >> >> > >> >> >> > Ok. test policy appears to build (on Fedora) when running make by hand >> >> >> > from the refpolicy directory, but you still can't run the tests, either >> >> >> > from /opt/ltp or from the source tree. >> >> >> > >> >> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh >> >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> >> > /etc/selinux /opt/ltp >> >> >> > /opt/ltp >> >> >> > allow_domain_fd_use --> off >> >> >> > allow_domain_fd_use exists setting >> >> >> > building and installing test_policy module... >> >> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory >> >> >> > make: *** No rule to make target `load'. Stop. >> >> >> > Failed to build and load test_policy module, aborting test run. >> >> >> > /etc/selinux /opt/ltp >> >> >> > /opt/ltp >> >> >> > >> >> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh >> >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> >> > /etc/selinux /home/sds/ltp >> >> >> > /home/sds/ltp >> >> >> > allow_domain_fd_use --> off >> >> >> > allow_domain_fd_use exists setting >> >> >> > building and installing test_policy module... >> >> >> > make[1]: Entering directory `/usr/share/selinux/devel' >> >> >> > rm -fR tmp >> >> >> > rm -f *.pp >> >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> >> >> > make[1]: Entering directory `/usr/share/selinux/devel' >> >> >> > Compiling targeted test_policy module >> >> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp >> >> >> > /usr/bin/checkmodule: policy configuration loaded >> >> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod >> >> >> > Creating targeted test_policy.pp policy package >> >> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc >> >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> >> >> > Successfully built and loaded test_policy module. >> >> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> >> >> > Running the SELinux testsuite... >> >> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory >> >> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory >> >> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory >> >> >> > /usr/bin/chcon: missing operand >> >> >> > Try `/usr/bin/chcon --help' for more information. >> >> >> > Removing test_policy module... >> >> >> > /usr/sbin/semodule -r test_policy >> >> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te >> >> >> > allow_domain_fd_use --> off >> >> >> > allow_domain_fd_use exists setting >> >> >> > Done. >> >> >> > >> >> >> > Both test_selinux.sh and tests/runtest.sh need to be updated. >> >> >> > >> >> >> > -- >> >> >> > Stephen Smalley >> >> >> > National Security Agency >> >> >> >> >> >> Ok, next patch then... Let me know how this goes (I took a quick >> >> >> look and I didn't see anything suspicious in the test scripts >> >> >> themselves..). >> >> >> Thanks, >> >> >> -Garrett >> >> > >> >> > patching file ../../../../testscripts/test_selinux.sh >> >> > Hunk #2 FAILED at 23. >> >> > Hunk #3 FAILED at 57. >> >> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej >> >> > >> >> > I think it would work better if you just committed all of the patches >> >> > thus far and I can just re-test cvs head. >> >> > >> >> > If you do post any further patches, please make them relative to the top >> >> > of the tree. >> >> >> >> Ugh, I hate CVS diffs too (so I understand)... I was trying to >> >> avoid committing intermediate work, but as long as this gets fixed >> >> before the next snapshot, I guess that's fine. Committed the next step >> >> to CVS. >> > >> > # cd /opt/ltp >> > # ./testscripts/test_selinux.sh >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> > /etc/selinux /opt/ltp >> > /opt/ltp >> > allow_domain_fd_use --> off >> > allow_domain_fd_use exists setting >> > building and installing test_policy module... >> > make: *** No rule to make target `load'. Stop. >> > Failed to build and load test_policy module, aborting test run. >> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> > >> > There is no Makefile >> > under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy, >> > only in the source tree. >> >> Yeah, you're right. I was trying to beat around this bush by not >> copying these over, but it's better to have the test running and be >> improperly designed than it is for regressions to leak by today, until >> the day comes where these items are fixed. >> >> 1. So, Makefile is now copied over by default. >> 2. load is no longer done as part of all / install (test_selinux.sh >> was performing that function). >> >> So once the tests have been written to make and install independent of >> selinux-devel, etc... we'll be in good shape and I will switch these >> back to all / install dependent targets. I was trying to do it that >> way to avoid requiring make on the target under test, but I need to >> better understand the subject matter under test before we get to that >> point. > > Unfortunately, as the Makefile now includes other .mk files and those > are not copied over, it still doesn't work. > > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory > make: ../../../../../scripts/detect_distro.sh: Command not found > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop. > Failed to build and load test_policy module, aborting test run. > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > I suppose you could perform the make load as part of all/install > (preferably install as we really shouldn't need to be root to run make > all - although that no longer seems to be the case for the main ltp > either), and drop it from test_selinux.sh. But then they will need to > know/remember to remove the test policy when finished testing. Actually, there's a way to work around this... move the logic required for load into a separate Makefile, include that Makefile from the current one, and then install that copy / modify the script so that it can call load on the machine. This is still going to need to be cleaned up so load's entire operation is done as part of test_selinux.sh, but that's something that's going to be more time consuming to complete. I'll do this when I get back home which means you'll see a new version sometime tomorrow morning for test. Thanks! -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 19:49 ` Stephen Smalley 2010-01-13 21:58 ` Garrett Cooper @ 2010-01-13 22:00 ` Serge E. Hallyn 2010-01-13 22:03 ` Stephen Smalley 1 sibling, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-13 22:00 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Stephen Smalley (sds@tycho.nsa.gov): > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote: > > Yeah, you're right. I was trying to beat around this bush by not > > copying these over, but it's better to have the test running and be > > improperly designed than it is for regressions to leak by today, until > > the day comes where these items are fixed. > > > > 1. So, Makefile is now copied over by default. > > 2. load is no longer done as part of all / install (test_selinux.sh > > was performing that function). > > > > So once the tests have been written to make and install independent of > > selinux-devel, etc... we'll be in good shape and I will switch these > > back to all / install dependent targets. I was trying to do it that > > way to avoid requiring make on the target under test, but I need to > > better understand the subject matter under test before we get to that > > point. > > Unfortunately, as the Makefile now includes other .mk files and those > are not copied over, it still doesn't work. > > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory > make: ../../../../../scripts/detect_distro.sh: Command not found > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop. > Failed to build and load test_policy module, aborting test run. > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > I suppose you could perform the make load as part of all/install > (preferably install as we really shouldn't need to be root to run make > all - although that no longer seems to be the case for the main ltp > either), and drop it from test_selinux.sh. But then they will need to > know/remember to remove the test policy when finished testing. But really the compile stage should just create test_policy.pp, which the testsuite can load and unload, right? -serge ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 22:00 ` Serge E. Hallyn @ 2010-01-13 22:03 ` Stephen Smalley 2010-01-13 22:49 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-13 22:03 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris On Wed, 2010-01-13 at 16:00 -0600, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote: > > > Yeah, you're right. I was trying to beat around this bush by not > > > copying these over, but it's better to have the test running and be > > > improperly designed than it is for regressions to leak by today, until > > > the day comes where these items are fixed. > > > > > > 1. So, Makefile is now copied over by default. > > > 2. load is no longer done as part of all / install (test_selinux.sh > > > was performing that function). > > > > > > So once the tests have been written to make and install independent of > > > selinux-devel, etc... we'll be in good shape and I will switch these > > > back to all / install dependent targets. I was trying to do it that > > > way to avoid requiring make on the target under test, but I need to > > > better understand the subject matter under test before we get to that > > > point. > > > > Unfortunately, as the Makefile now includes other .mk files and those > > are not copied over, it still doesn't work. > > > > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory > > make: ../../../../../scripts/detect_distro.sh: Command not found > > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory > > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop. > > Failed to build and load test_policy module, aborting test run. > > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > > > I suppose you could perform the make load as part of all/install > > (preferably install as we really shouldn't need to be root to run make > > all - although that no longer seems to be the case for the main ltp > > either), and drop it from test_selinux.sh. But then they will need to > > know/remember to remove the test policy when finished testing. > > But really the compile stage should just create test_policy.pp, > which the testsuite can load and unload, right? Yes, that should work. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 22:03 ` Stephen Smalley @ 2010-01-13 22:49 ` Garrett Cooper 2010-01-14 14:07 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-13 22:49 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Wed, Jan 13, 2010 at 2:03 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Wed, 2010-01-13 at 16:00 -0600, Serge E. Hallyn wrote: >> Quoting Stephen Smalley (sds@tycho.nsa.gov): >> > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote: >> > > Yeah, you're right. I was trying to beat around this bush by not >> > > copying these over, but it's better to have the test running and be >> > > improperly designed than it is for regressions to leak by today, until >> > > the day comes where these items are fixed. >> > > >> > > 1. So, Makefile is now copied over by default. >> > > 2. load is no longer done as part of all / install (test_selinux.sh >> > > was performing that function). >> > > >> > > So once the tests have been written to make and install independent of >> > > selinux-devel, etc... we'll be in good shape and I will switch these >> > > back to all / install dependent targets. I was trying to do it that >> > > way to avoid requiring make on the target under test, but I need to >> > > better understand the subject matter under test before we get to that >> > > point. >> > >> > Unfortunately, as the Makefile now includes other .mk files and those >> > are not copied over, it still doesn't work. >> > >> > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory >> > make: ../../../../../scripts/detect_distro.sh: Command not found >> > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory >> > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop. >> > Failed to build and load test_policy module, aborting test run. >> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> > >> > I suppose you could perform the make load as part of all/install >> > (preferably install as we really shouldn't need to be root to run make >> > all - although that no longer seems to be the case for the main ltp >> > either), and drop it from test_selinux.sh. But then they will need to >> > know/remember to remove the test policy when finished testing. >> >> But really the compile stage should just create test_policy.pp, >> which the testsuite can load and unload, right? > > Yes, that should work. Which is what it's doing now, but the original author of the test wrote the load logic and unload logic so that it used make instead of using a bourne shell script, etc. The other thing that's kind of amusing is that its setup / teardown isn't very robust -- I could send a signal, or the process could get terminated leaving the test policy files hanging around the system under test. That's a side issue but it's also another good reason to migrate away from this make paradigm for setup / teardown -_-... Thanks, -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-13 22:49 ` Garrett Cooper @ 2010-01-14 14:07 ` Stephen Smalley 2010-01-14 20:10 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-14 14:07 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Wed, 2010-01-13 at 14:49 -0800, Garrett Cooper wrote: > On Wed, Jan 13, 2010 at 2:03 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Wed, 2010-01-13 at 16:00 -0600, Serge E. Hallyn wrote: > >> Quoting Stephen Smalley (sds@tycho.nsa.gov): > >> > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote: > >> > > Yeah, you're right. I was trying to beat around this bush by not > >> > > copying these over, but it's better to have the test running and be > >> > > improperly designed than it is for regressions to leak by today, until > >> > > the day comes where these items are fixed. > >> > > > >> > > 1. So, Makefile is now copied over by default. > >> > > 2. load is no longer done as part of all / install (test_selinux.sh > >> > > was performing that function). > >> > > > >> > > So once the tests have been written to make and install independent of > >> > > selinux-devel, etc... we'll be in good shape and I will switch these > >> > > back to all / install dependent targets. I was trying to do it that > >> > > way to avoid requiring make on the target under test, but I need to > >> > > better understand the subject matter under test before we get to that > >> > > point. > >> > > >> > Unfortunately, as the Makefile now includes other .mk files and those > >> > are not copied over, it still doesn't work. > >> > > >> > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory > >> > make: ../../../../../scripts/detect_distro.sh: Command not found > >> > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory > >> > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop. > >> > Failed to build and load test_policy module, aborting test run. > >> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > >> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > >> > > >> > I suppose you could perform the make load as part of all/install > >> > (preferably install as we really shouldn't need to be root to run make > >> > all - although that no longer seems to be the case for the main ltp > >> > either), and drop it from test_selinux.sh. But then they will need to > >> > know/remember to remove the test policy when finished testing. > >> > >> But really the compile stage should just create test_policy.pp, > >> which the testsuite can load and unload, right? > > > > Yes, that should work. > > Which is what it's doing now, but the original author of the test > wrote the load logic and unload logic so that it used make instead of > using a bourne shell script, etc. To clarify, there are two things happening under that load target presently, one of which is properly handled at build time and one of which is properly handled at test execution time. The first part is building test_policy.pp. The latter is running semodule -i test_policy.pp. So we could split up the Makefile so that the first part is done by the make all/install, and test_selinux.sh merely runs semodule -i test_policy.pp before the test and semodule -r test_policy after the test. One other item I notice is that the current logic copies test_policy* to $POLICY_DEVEL_DIR and runs make there, which isn't necessary - you could just leave them in the refpolicy directory and run make -f $POLICY_DEVEL_DIR/Makefile test_policy.pp. > The other thing that's kind of amusing is that its setup / teardown > isn't very robust -- I could send a signal, or the process could get > terminated leaving the test policy files hanging around the system > under test. That's a side issue but it's also another good reason to > migrate away from this make paradigm for setup / teardown -_-... -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 14:07 ` Stephen Smalley @ 2010-01-14 20:10 ` Garrett Cooper 2010-01-14 20:35 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-14 20:10 UTC (permalink / raw) To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list On Thu, Jan 14, 2010 at 6:07 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Wed, 2010-01-13 at 14:49 -0800, Garrett Cooper wrote: >> Which is what it's doing now, but the original author of the test >> wrote the load logic and unload logic so that it used make instead of >> using a bourne shell script, etc. > > To clarify, there are two things happening under that load target > presently, one of which is properly handled at build time and one of > which is properly handled at test execution time. The first part is > building test_policy.pp. The latter is running semodule -i > test_policy.pp. So we could split up the Makefile so that the first > part is done by the make all/install, and test_selinux.sh merely runs > semodule -i test_policy.pp before the test and semodule -r test_policy > after the test. One other item I notice is that the current logic > copies test_policy* to $POLICY_DEVEL_DIR and runs make there, which > isn't necessary - you could just leave them in the refpolicy directory > and run make -f $POLICY_DEVEL_DIR/Makefile test_policy.pp. Ok, this is interesting. So -- is there any particular reason why clean (which in this case just called cleanup) should be called before load? So at the end of the day, all of the junk done as part of `load' could in fact be done in test_selinux.sh // runtests.sh (I assume the only step that couldn't be done is semodule -i? I don't have any hard feelings for not putting that logic in those scripts... >> The other thing that's kind of amusing is that its setup / teardown >> isn't very robust -- I could send a signal, or the process could get >> terminated leaving the test policy files hanging around the system >> under test. That's a side issue but it's also another good reason to >> migrate away from this make paradigm for setup / teardown -_-... Thanks! -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 20:10 ` Garrett Cooper @ 2010-01-14 20:35 ` Stephen Smalley 2010-01-14 20:44 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-14 20:35 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Thu, 2010-01-14 at 12:10 -0800, Garrett Cooper wrote: > On Thu, Jan 14, 2010 at 6:07 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Wed, 2010-01-13 at 14:49 -0800, Garrett Cooper wrote: > >> Which is what it's doing now, but the original author of the test > >> wrote the load logic and unload logic so that it used make instead of > >> using a bourne shell script, etc. > > > > To clarify, there are two things happening under that load target > > presently, one of which is properly handled at build time and one of > > which is properly handled at test execution time. The first part is > > building test_policy.pp. The latter is running semodule -i > > test_policy.pp. So we could split up the Makefile so that the first > > part is done by the make all/install, and test_selinux.sh merely runs > > semodule -i test_policy.pp before the test and semodule -r test_policy > > after the test. One other item I notice is that the current logic > > copies test_policy* to $POLICY_DEVEL_DIR and runs make there, which > > isn't necessary - you could just leave them in the refpolicy directory > > and run make -f $POLICY_DEVEL_DIR/Makefile test_policy.pp. > > Ok, this is interesting. So -- is there any particular reason why > clean (which in this case just called cleanup) should be called before > load? > > So at the end of the day, all of the junk done as part of `load' could > in fact be done in test_selinux.sh // runtests.sh (I assume the only > step that couldn't be done is semodule -i? I don't have any hard > feelings for not putting that logic in those scripts... I guess I'm not being clear. Most of the work presently done by 'load' can be done during make all/install. In particular, everything except for running semodule -i can be done during make all, and then make install should just copy test_policy.pp (the output of make all) to the /opt/ltp tree. Then test_selinux.sh only needs to run semodule -i /path/to/test_policy.pp before the tests and semodule -r test_policy afterward. We can also avoid copying test_policy.te to the system policy devel directory altogether. Something like this patch (and Makefile.selinux can then be removed altogether): Index: testscripts/test_selinux.sh =================================================================== RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v retrieving revision 1.15 diff -u -r1.15 test_selinux.sh --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 +++ testscripts/test_selinux.sh 14 Jan 2010 20:32:35 -0000 @@ -89,11 +89,10 @@ config_allow_domain_fd_use 0 # build and install the test policy... -echo "building and installing test_policy module..." -cd $POLICYDIR -make load +echo "installing test_policy module..." +$(SEMODULE) -i $POLICYDIR/test_policy.pp if [ $? != 0 ]; then - echo "Failed to build and load test_policy module, aborting test run." + echo "Failed to install load test_policy module, aborting test run." config_unset_expandcheck exit 1 else @@ -126,8 +125,7 @@ /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin echo "Removing test_policy module..." -cd $POLICYDIR -make cleanup 2>&1 +$(SEMODULE) -r test_policy if [ $? != 0 ]; then echo "Failed to remove test_policy module." exit 1 Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:32:35 -0000 @@ -39,10 +39,11 @@ CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy -INSTALL_TARGETS := Makefile.selinux +INSTALL_TARGETS := test_policy.pp TEST_POLICY_DIR := $(abs_srcdir)/policy_files @@ -63,8 +64,17 @@ POLICY_FILES := test_global.te \ $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) +all: test_policy.pp + +test_policy.pp: test_policy.te + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ + else \ + echo "ERROR: You must have selinux-policy?-devel? installed."; \ + false; \ + fi + test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ include $(top_srcdir)/include/mk/generic_leaf_target.mk -include $(abs_srcdir)/Makefile.selinux -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 20:35 ` Stephen Smalley @ 2010-01-14 20:44 ` Stephen Smalley 2010-01-14 21:29 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-14 20:44 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: > I guess I'm not being clear. Most of the work presently done by 'load' > can be done during make all/install. In particular, everything except > for running semodule -i can be done during make all, and then make > install should just copy test_policy.pp (the output of make all) to > the /opt/ltp tree. Then test_selinux.sh only needs to run semodule > -i /path/to/test_policy.pp before the tests and semodule -r test_policy > afterward. We can also avoid copying test_policy.te to the system > policy devel directory altogether. Something like this patch (and > Makefile.selinux can then be removed altogether): Oops, wrong variable expansion syntax in test_selinux.sh. Corrected patch is below. This one actually runs ;) Index: testscripts/test_selinux.sh =================================================================== RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v retrieving revision 1.15 diff -u -r1.15 test_selinux.sh --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 @@ -89,11 +89,10 @@ config_allow_domain_fd_use 0 # build and install the test policy... -echo "building and installing test_policy module..." -cd $POLICYDIR -make load +echo "installing test_policy module..." +$SEMODULE -i $POLICYDIR/test_policy.pp if [ $? != 0 ]; then - echo "Failed to build and load test_policy module, aborting test run." + echo "Failed to install load test_policy module, aborting test run." config_unset_expandcheck exit 1 else @@ -126,8 +125,7 @@ /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin echo "Removing test_policy module..." -cd $POLICYDIR -make cleanup 2>&1 +$SEMODULE -r test_policy if [ $? != 0 ]; then echo "Failed to remove test_policy module." exit 1 Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 @@ -39,10 +39,11 @@ CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy -INSTALL_TARGETS := Makefile.selinux +INSTALL_TARGETS := test_policy.pp TEST_POLICY_DIR := $(abs_srcdir)/policy_files @@ -63,8 +64,17 @@ POLICY_FILES := test_global.te \ $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) +all: test_policy.pp + +test_policy.pp: test_policy.te + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ + else \ + echo "ERROR: You must have selinux-policy?-devel? installed."; \ + false; \ + fi + test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ include $(top_srcdir)/include/mk/generic_leaf_target.mk -include $(abs_srcdir)/Makefile.selinux -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 20:44 ` Stephen Smalley @ 2010-01-14 21:29 ` Garrett Cooper 2010-01-14 21:32 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-14 21:29 UTC (permalink / raw) To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: >> I guess I'm not being clear. Most of the work presently done by 'load' >> can be done during make all/install. In particular, everything except >> for running semodule -i can be done during make all, and then make >> install should just copy test_policy.pp (the output of make all) to >> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule >> -i /path/to/test_policy.pp before the tests and semodule -r test_policy >> afterward. We can also avoid copying test_policy.te to the system >> policy devel directory altogether. Something like this patch (and >> Makefile.selinux can then be removed altogether): > > Oops, wrong variable expansion syntax in test_selinux.sh. Corrected > patch is below. This one actually runs ;) > > Index: testscripts/test_selinux.sh > =================================================================== > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > retrieving revision 1.15 > diff -u -r1.15 test_selinux.sh > --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 > +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > @@ -89,11 +89,10 @@ > config_allow_domain_fd_use 0 > > # build and install the test policy... > -echo "building and installing test_policy module..." > -cd $POLICYDIR > -make load > +echo "installing test_policy module..." > +$SEMODULE -i $POLICYDIR/test_policy.pp > if [ $? != 0 ]; then > - echo "Failed to build and load test_policy module, aborting test run." > + echo "Failed to install load test_policy module, aborting test run." > config_unset_expandcheck > exit 1 > else > @@ -126,8 +125,7 @@ > /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > > echo "Removing test_policy module..." > -cd $POLICYDIR > -make cleanup 2>&1 > +$SEMODULE -r test_policy > if [ $? != 0 ]; then > echo "Failed to remove test_policy module." > exit 1 > Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > retrieving revision 1.17 > diff -u -r1.17 Makefile > --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 > +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 > @@ -39,10 +39,11 @@ > > CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy > CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > > INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy > > -INSTALL_TARGETS := Makefile.selinux > +INSTALL_TARGETS := test_policy.pp > > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > @@ -63,8 +64,17 @@ > POLICY_FILES := test_global.te \ > $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) > > +all: test_policy.pp > + > +test_policy.pp: test_policy.te > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ > + else \ > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > + false; \ > + fi > + > test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) > (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ > > include $(top_srcdir)/include/mk/generic_leaf_target.mk > -include $(abs_srcdir)/Makefile.selinux Cool! This is a lot easier than I originally thought it would be. Everything specified with all should be specified instead with the MAKE_TARGETS variable. This is because it adds everything in MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then handle it appropriately via clean and install. All I have to do after this is resolve the (semodule?) security bit enabling for the tests, and we'll be in good shape for all build, install, and test scenarios with selinux. Thanks! -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 21:29 ` Garrett Cooper @ 2010-01-14 21:32 ` Garrett Cooper 2010-01-14 21:59 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-14 21:32 UTC (permalink / raw) To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: >>> I guess I'm not being clear. Most of the work presently done by 'load' >>> can be done during make all/install. In particular, everything except >>> for running semodule -i can be done during make all, and then make >>> install should just copy test_policy.pp (the output of make all) to >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy >>> afterward. We can also avoid copying test_policy.te to the system >>> policy devel directory altogether. Something like this patch (and >>> Makefile.selinux can then be removed altogether): >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected >> patch is below. This one actually runs ;) >> >> Index: testscripts/test_selinux.sh >> =================================================================== >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v >> retrieving revision 1.15 >> diff -u -r1.15 test_selinux.sh >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 >> @@ -89,11 +89,10 @@ >> config_allow_domain_fd_use 0 >> >> # build and install the test policy... >> -echo "building and installing test_policy module..." >> -cd $POLICYDIR >> -make load >> +echo "installing test_policy module..." >> +$SEMODULE -i $POLICYDIR/test_policy.pp >> if [ $? != 0 ]; then >> - echo "Failed to build and load test_policy module, aborting test run." >> + echo "Failed to install load test_policy module, aborting test run." >> config_unset_expandcheck >> exit 1 >> else >> @@ -126,8 +125,7 @@ >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin >> >> echo "Removing test_policy module..." >> -cd $POLICYDIR >> -make cleanup 2>&1 >> +$SEMODULE -r test_policy >> if [ $? != 0 ]; then >> echo "Failed to remove test_policy module." >> exit 1 >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile >> =================================================================== >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> retrieving revision 1.17 >> diff -u -r1.17 Makefile >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 >> @@ -39,10 +39,11 @@ >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy >> >> -INSTALL_TARGETS := Makefile.selinux >> +INSTALL_TARGETS := test_policy.pp >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> @@ -63,8 +64,17 @@ >> POLICY_FILES := test_global.te \ >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> +all: test_policy.pp >> + >> +test_policy.pp: test_policy.te >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ >> + else \ >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> + false; \ >> + fi >> + >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk >> -include $(abs_srcdir)/Makefile.selinux > > Cool! This is a lot easier than I originally thought it would be. > > Everything specified with all should be specified instead with the s/Everything specified with all/All dependencies of all/ MAKE_TARGETS variable. This is because it adds everything in > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then > handle it appropriately via clean and install. > > All I have to do after this is resolve the (semodule?) security bit > enabling for the tests, and we'll be in good shape for all build, > install, and test scenarios with selinux. Thanks! -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 21:32 ` Garrett Cooper @ 2010-01-14 21:59 ` Stephen Smalley 2010-01-14 22:31 ` Stephen Smalley ` (2 more replies) 0 siblings, 3 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-14 21:59 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote: > On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: > >>> I guess I'm not being clear. Most of the work presently done by 'load' > >>> can be done during make all/install. In particular, everything except > >>> for running semodule -i can be done during make all, and then make > >>> install should just copy test_policy.pp (the output of make all) to > >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule > >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy > >>> afterward. We can also avoid copying test_policy.te to the system > >>> policy devel directory altogether. Something like this patch (and > >>> Makefile.selinux can then be removed altogether): > >> > >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected > >> patch is below. This one actually runs ;) > >> > >> Index: testscripts/test_selinux.sh > >> =================================================================== > >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > >> retrieving revision 1.15 > >> diff -u -r1.15 test_selinux.sh > >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 > >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > >> @@ -89,11 +89,10 @@ > >> config_allow_domain_fd_use 0 > >> > >> # build and install the test policy... > >> -echo "building and installing test_policy module..." > >> -cd $POLICYDIR > >> -make load > >> +echo "installing test_policy module..." > >> +$SEMODULE -i $POLICYDIR/test_policy.pp > >> if [ $? != 0 ]; then > >> - echo "Failed to build and load test_policy module, aborting test run." > >> + echo "Failed to install load test_policy module, aborting test run." > >> config_unset_expandcheck > >> exit 1 > >> else > >> @@ -126,8 +125,7 @@ > >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > >> > >> echo "Removing test_policy module..." > >> -cd $POLICYDIR > >> -make cleanup 2>&1 > >> +$SEMODULE -r test_policy > >> if [ $? != 0 ]; then > >> echo "Failed to remove test_policy module." > >> exit 1 > >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > >> =================================================================== > >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > >> retrieving revision 1.17 > >> diff -u -r1.17 Makefile > >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 > >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 > >> @@ -39,10 +39,11 @@ > >> > >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy > >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > >> > >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy > >> > >> -INSTALL_TARGETS := Makefile.selinux > >> +INSTALL_TARGETS := test_policy.pp > >> > >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files > >> > >> @@ -63,8 +64,17 @@ > >> POLICY_FILES := test_global.te \ > >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) > >> > >> +all: test_policy.pp > >> + > >> +test_policy.pp: test_policy.te > >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ > >> + else \ > >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > >> + false; \ > >> + fi > >> + > >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) > >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ > >> > >> include $(top_srcdir)/include/mk/generic_leaf_target.mk > >> -include $(abs_srcdir)/Makefile.selinux > > > > Cool! This is a lot easier than I originally thought it would be. > > > > Everything specified with all should be specified instead with the > > s/Everything specified with all/All dependencies of all/ > > MAKE_TARGETS variable. This is because it adds everything in > > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then > > handle it appropriately via clean and install. > > > > All I have to do after this is resolve the (semodule?) security bit > > enabling for the tests, and we'll be in good shape for all build, > > install, and test scenarios with selinux. Further diff on top of the prior one to resolve a few remaining issues in getting the tests to pass. With these two patches, all tests appear to pass on Fedora 12. Things that remain unresolved: - RHEL4 support. Is RHEL4 to be supported still by ltp, given dependencies? RHEL4 has been using the test policy under policy/ and has a different build/load process. - Running individual tests manually. As described in the selinux-testsuite README, it used to be possible to run individual tests via tests/runtest.sh in order to more easily hunt down specific failures and get more verbose output than we get from any of the results/* files. diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000 @@ -113,7 +113,7 @@ # The ../testcases/bin directory needs to have the test_file_t type. # Save and restore later. SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux @@ -122,7 +122,7 @@ rm -rf $TMP/selinux # Restore type of .../testcases/bin directory -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin echo "Removing test_policy module..." $SEMODULE -r test_policy only in patch2: unchanged: --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7 +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000 @@ -193,7 +193,7 @@ fi # return to $LTPROOT directory - cd ${PWD} + cd ${SAVEPWD} return $RC } only in patch2: unchanged: --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2 +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000 @@ -25,8 +25,6 @@ include $(top_srcdir)/include/mk/env_pre.mk include $(abs_srcdir)/../Makefile.inc -LDFLAGS += -static - LDLIBS += -lselinux include $(top_srcdir)/include/mk/generic_leaf_target.mk only in patch2: unchanged: --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4 +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000 @@ -25,6 +25,7 @@ # run tests in $LTPROOT/testcases/bin directory SAVEPWD=${PWD} + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} cd ${LTPBIN} CURRENTDIR="." } @@ -39,7 +40,7 @@ # the test_file from test_inherit_parent_t. # Should fail on fd use permission. - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1 + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1 RC=$? if [ $RC -ne 0 ] then -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 21:59 ` Stephen Smalley @ 2010-01-14 22:31 ` Stephen Smalley 2010-01-15 4:22 ` Garrett Cooper 2010-01-15 4:44 ` Garrett Cooper 2 siblings, 0 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-14 22:31 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Thu, 2010-01-14 at 16:59 -0500, Stephen Smalley wrote: > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote: > > On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: > > >>> I guess I'm not being clear. Most of the work presently done by 'load' > > >>> can be done during make all/install. In particular, everything except > > >>> for running semodule -i can be done during make all, and then make > > >>> install should just copy test_policy.pp (the output of make all) to > > >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule > > >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy > > >>> afterward. We can also avoid copying test_policy.te to the system > > >>> policy devel directory altogether. Something like this patch (and > > >>> Makefile.selinux can then be removed altogether): > > >> > > >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected > > >> patch is below. This one actually runs ;) > > >> > > >> Index: testscripts/test_selinux.sh > > >> =================================================================== > > >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > > >> retrieving revision 1.15 > > >> diff -u -r1.15 test_selinux.sh > > >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 > > >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > > >> @@ -89,11 +89,10 @@ > > >> config_allow_domain_fd_use 0 > > >> > > >> # build and install the test policy... > > >> -echo "building and installing test_policy module..." > > >> -cd $POLICYDIR > > >> -make load > > >> +echo "installing test_policy module..." > > >> +$SEMODULE -i $POLICYDIR/test_policy.pp > > >> if [ $? != 0 ]; then > > >> - echo "Failed to build and load test_policy module, aborting test run." > > >> + echo "Failed to install load test_policy module, aborting test run." > > >> config_unset_expandcheck > > >> exit 1 > > >> else > > >> @@ -126,8 +125,7 @@ > > >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > > >> > > >> echo "Removing test_policy module..." > > >> -cd $POLICYDIR > > >> -make cleanup 2>&1 > > >> +$SEMODULE -r test_policy > > >> if [ $? != 0 ]; then > > >> echo "Failed to remove test_policy module." > > >> exit 1 > > >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > > >> =================================================================== > > >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > > >> retrieving revision 1.17 > > >> diff -u -r1.17 Makefile > > >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 > > >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 > > >> @@ -39,10 +39,11 @@ > > >> > > >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy > > >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > > >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > > >> > > >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy > > >> > > >> -INSTALL_TARGETS := Makefile.selinux > > >> +INSTALL_TARGETS := test_policy.pp > > >> > > >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > >> > > >> @@ -63,8 +64,17 @@ > > >> POLICY_FILES := test_global.te \ > > >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) > > >> > > >> +all: test_policy.pp > > >> + > > >> +test_policy.pp: test_policy.te > > >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > > >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ > > >> + else \ > > >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > > >> + false; \ > > >> + fi > > >> + > > >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) > > >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ > > >> > > >> include $(top_srcdir)/include/mk/generic_leaf_target.mk > > >> -include $(abs_srcdir)/Makefile.selinux > > > > > > Cool! This is a lot easier than I originally thought it would be. > > > > > > Everything specified with all should be specified instead with the > > > > s/Everything specified with all/All dependencies of all/ > > > > MAKE_TARGETS variable. This is because it adds everything in > > > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then > > > handle it appropriately via clean and install. > > > > > > All I have to do after this is resolve the (semodule?) security bit > > > enabling for the tests, and we'll be in good shape for all build, > > > install, and test scenarios with selinux. > > Further diff on top of the prior one to resolve a few remaining issues > in getting the tests to pass. With these two patches, all tests appear > to pass on Fedora 12. > > Things that remain unresolved: > - RHEL4 support. Is RHEL4 to be supported still by ltp, given > dependencies? RHEL4 has been using the test policy under policy/ and > has a different build/load process. > - Running individual tests manually. As described in the > selinux-testsuite README, it used to be possible to run individual tests > via tests/runtest.sh in order to more easily hunt down specific failures > and get more verbose output than we get from any of the results/* files. Possibly we should just extend test_selinux.sh to handle the individual test execution case as well, since it already has the setup and cleanup logic. If the caller passes a specific test on the command line to it, it can just execute that one outside of pan. That would avoid duplication with runtest.sh. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 21:59 ` Stephen Smalley 2010-01-14 22:31 ` Stephen Smalley @ 2010-01-15 4:22 ` Garrett Cooper 2010-01-15 4:44 ` Garrett Cooper 2 siblings, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-15 4:22 UTC (permalink / raw) To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote: >> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: >> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: >> >>> I guess I'm not being clear. Most of the work presently done by 'load' >> >>> can be done during make all/install. In particular, everything except >> >>> for running semodule -i can be done during make all, and then make >> >>> install should just copy test_policy.pp (the output of make all) to >> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule >> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy >> >>> afterward. We can also avoid copying test_policy.te to the system >> >>> policy devel directory altogether. Something like this patch (and >> >>> Makefile.selinux can then be removed altogether): >> >> >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected >> >> patch is below. This one actually runs ;) >> >> >> >> Index: testscripts/test_selinux.sh >> >> =================================================================== >> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v >> >> retrieving revision 1.15 >> >> diff -u -r1.15 test_selinux.sh >> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 >> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 >> >> @@ -89,11 +89,10 @@ >> >> config_allow_domain_fd_use 0 >> >> >> >> # build and install the test policy... >> >> -echo "building and installing test_policy module..." >> >> -cd $POLICYDIR >> >> -make load >> >> +echo "installing test_policy module..." >> >> +$SEMODULE -i $POLICYDIR/test_policy.pp >> >> if [ $? != 0 ]; then >> >> - echo "Failed to build and load test_policy module, aborting test run." >> >> + echo "Failed to install load test_policy module, aborting test run." >> >> config_unset_expandcheck >> >> exit 1 >> >> else >> >> @@ -126,8 +125,7 @@ >> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin >> >> >> >> echo "Removing test_policy module..." >> >> -cd $POLICYDIR >> >> -make cleanup 2>&1 >> >> +$SEMODULE -r test_policy >> >> if [ $? != 0 ]; then >> >> echo "Failed to remove test_policy module." >> >> exit 1 >> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile >> >> =================================================================== >> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> >> retrieving revision 1.17 >> >> diff -u -r1.17 Makefile >> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 >> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 >> >> @@ -39,10 +39,11 @@ >> >> >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy >> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') >> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy >> >> >> >> -INSTALL_TARGETS := Makefile.selinux >> >> +INSTALL_TARGETS := test_policy.pp >> >> >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> >> >> @@ -63,8 +64,17 @@ >> >> POLICY_FILES := test_global.te \ >> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> >> >> +all: test_policy.pp >> >> + >> >> +test_policy.pp: test_policy.te >> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ >> >> + else \ >> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> >> + false; \ >> >> + fi >> >> + >> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) >> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ >> >> >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk >> >> -include $(abs_srcdir)/Makefile.selinux >> > >> > Cool! This is a lot easier than I originally thought it would be. >> > >> > Everything specified with all should be specified instead with the >> >> s/Everything specified with all/All dependencies of all/ >> >> MAKE_TARGETS variable. This is because it adds everything in >> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then >> > handle it appropriately via clean and install. >> > >> > All I have to do after this is resolve the (semodule?) security bit >> > enabling for the tests, and we'll be in good shape for all build, >> > install, and test scenarios with selinux. > > Further diff on top of the prior one to resolve a few remaining issues > in getting the tests to pass. With these two patches, all tests appear > to pass on Fedora 12. > > Things that remain unresolved: > - RHEL4 support. Is RHEL4 to be supported still by ltp, given > dependencies? RHEL4 has been using the test policy under policy/ and > has a different build/load process. > - Running individual tests manually. As described in the > selinux-testsuite README, it used to be possible to run individual tests > via tests/runtest.sh in order to more easily hunt down specific failures > and get more verbose output than we get from any of the results/* files. > > diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh > --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000 > @@ -113,7 +113,7 @@ > # The ../testcases/bin directory needs to have the test_file_t type. > # Save and restore later. > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > > @@ -122,7 +122,7 @@ > rm -rf $TMP/selinux > > # Restore type of .../testcases/bin directory > -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin > > echo "Removing test_policy module..." > $SEMODULE -r test_policy > only in patch2: > unchanged: > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7 > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000 > @@ -193,7 +193,7 @@ > fi > > # return to $LTPROOT directory > - cd ${PWD} > + cd ${SAVEPWD} > > return $RC > } > only in patch2: > unchanged: > --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2 > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000 > @@ -25,8 +25,6 @@ > include $(top_srcdir)/include/mk/env_pre.mk > include $(abs_srcdir)/../Makefile.inc > > -LDFLAGS += -static > - > LDLIBS += -lselinux > > include $(top_srcdir)/include/mk/generic_leaf_target.mk > only in patch2: > unchanged: > --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4 > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000 > @@ -25,6 +25,7 @@ > > # run tests in $LTPROOT/testcases/bin directory > SAVEPWD=${PWD} > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} > cd ${LTPBIN} > CURRENTDIR="." > } > @@ -39,7 +40,7 @@ > # the test_file from test_inherit_parent_t. > # Should fail on fd use permission. > > - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1 > + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1 > RC=$? > if [ $RC -ne 0 ] > then Thanks -- committed. -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-14 21:59 ` Stephen Smalley 2010-01-14 22:31 ` Stephen Smalley 2010-01-15 4:22 ` Garrett Cooper @ 2010-01-15 4:44 ` Garrett Cooper 2010-01-15 14:11 ` Stephen Smalley 2 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-15 4:44 UTC (permalink / raw) To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote: >> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: >> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: >> >>> I guess I'm not being clear. Most of the work presently done by 'load' >> >>> can be done during make all/install. In particular, everything except >> >>> for running semodule -i can be done during make all, and then make >> >>> install should just copy test_policy.pp (the output of make all) to >> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule >> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy >> >>> afterward. We can also avoid copying test_policy.te to the system >> >>> policy devel directory altogether. Something like this patch (and >> >>> Makefile.selinux can then be removed altogether): >> >> >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected >> >> patch is below. This one actually runs ;) >> >> >> >> Index: testscripts/test_selinux.sh >> >> =================================================================== >> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v >> >> retrieving revision 1.15 >> >> diff -u -r1.15 test_selinux.sh >> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 >> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 >> >> @@ -89,11 +89,10 @@ >> >> config_allow_domain_fd_use 0 >> >> >> >> # build and install the test policy... >> >> -echo "building and installing test_policy module..." >> >> -cd $POLICYDIR >> >> -make load >> >> +echo "installing test_policy module..." >> >> +$SEMODULE -i $POLICYDIR/test_policy.pp >> >> if [ $? != 0 ]; then >> >> - echo "Failed to build and load test_policy module, aborting test run." >> >> + echo "Failed to install load test_policy module, aborting test run." >> >> config_unset_expandcheck >> >> exit 1 >> >> else >> >> @@ -126,8 +125,7 @@ >> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin >> >> >> >> echo "Removing test_policy module..." >> >> -cd $POLICYDIR >> >> -make cleanup 2>&1 >> >> +$SEMODULE -r test_policy >> >> if [ $? != 0 ]; then >> >> echo "Failed to remove test_policy module." >> >> exit 1 >> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile >> >> =================================================================== >> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> >> retrieving revision 1.17 >> >> diff -u -r1.17 Makefile >> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 >> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 >> >> @@ -39,10 +39,11 @@ >> >> >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy >> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') >> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy >> >> >> >> -INSTALL_TARGETS := Makefile.selinux >> >> +INSTALL_TARGETS := test_policy.pp >> >> >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> >> >> @@ -63,8 +64,17 @@ >> >> POLICY_FILES := test_global.te \ >> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> >> >> +all: test_policy.pp >> >> + >> >> +test_policy.pp: test_policy.te >> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ >> >> + else \ >> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ >> >> + false; \ >> >> + fi >> >> + >> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) >> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ >> >> >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk >> >> -include $(abs_srcdir)/Makefile.selinux >> > >> > Cool! This is a lot easier than I originally thought it would be. >> > >> > Everything specified with all should be specified instead with the >> >> s/Everything specified with all/All dependencies of all/ >> >> MAKE_TARGETS variable. This is because it adds everything in >> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then >> > handle it appropriately via clean and install. >> > >> > All I have to do after this is resolve the (semodule?) security bit >> > enabling for the tests, and we'll be in good shape for all build, >> > install, and test scenarios with selinux. > > Further diff on top of the prior one to resolve a few remaining issues > in getting the tests to pass. With these two patches, all tests appear > to pass on Fedora 12. > > Things that remain unresolved: > - RHEL4 support. Is RHEL4 to be supported still by ltp, given > dependencies? RHEL4 has been using the test policy under policy/ and > has a different build/load process. > - Running individual tests manually. As described in the > selinux-testsuite README, it used to be possible to run individual tests > via tests/runtest.sh in order to more easily hunt down specific failures > and get more verbose output than we get from any of the results/* files. > > diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh > --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000 > @@ -113,7 +113,7 @@ > # The ../testcases/bin directory needs to have the test_file_t type. > # Save and restore later. > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > > @@ -122,7 +122,7 @@ > rm -rf $TMP/selinux > > # Restore type of .../testcases/bin directory > -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin > > echo "Removing test_policy module..." > $SEMODULE -r test_policy > only in patch2: > unchanged: > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7 > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000 > @@ -193,7 +193,7 @@ > fi > > # return to $LTPROOT directory > - cd ${PWD} > + cd ${SAVEPWD} > > return $RC > } > only in patch2: > unchanged: > --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2 > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000 > @@ -25,8 +25,6 @@ > include $(top_srcdir)/include/mk/env_pre.mk > include $(abs_srcdir)/../Makefile.inc > > -LDFLAGS += -static > - > LDLIBS += -lselinux > > include $(top_srcdir)/include/mk/generic_leaf_target.mk > only in patch2: > unchanged: > --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4 > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000 > @@ -25,6 +25,7 @@ > > # run tests in $LTPROOT/testcases/bin directory > SAVEPWD=${PWD} > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} > cd ${LTPBIN} > CURRENTDIR="." > } > @@ -39,7 +40,7 @@ > # the test_file from test_inherit_parent_t. > # Should fail on fd use permission. > > - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1 > + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1 > RC=$? > if [ $RC -ne 0 ] > then Ok -- the rest of this has been committed -- please let me know how everything goes tomorrow! Thanks, -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-15 4:44 ` Garrett Cooper @ 2010-01-15 14:11 ` Stephen Smalley 2010-01-15 14:17 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-15 14:11 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Thu, 2010-01-14 at 20:44 -0800, Garrett Cooper wrote: > On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote: > >> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > >> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: > >> >>> I guess I'm not being clear. Most of the work presently done by 'load' > >> >>> can be done during make all/install. In particular, everything except > >> >>> for running semodule -i can be done during make all, and then make > >> >>> install should just copy test_policy.pp (the output of make all) to > >> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule > >> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy > >> >>> afterward. We can also avoid copying test_policy.te to the system > >> >>> policy devel directory altogether. Something like this patch (and > >> >>> Makefile.selinux can then be removed altogether): > >> >> > >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected > >> >> patch is below. This one actually runs ;) > >> >> > >> >> Index: testscripts/test_selinux.sh > >> >> =================================================================== > >> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > >> >> retrieving revision 1.15 > >> >> diff -u -r1.15 test_selinux.sh > >> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 > >> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > >> >> @@ -89,11 +89,10 @@ > >> >> config_allow_domain_fd_use 0 > >> >> > >> >> # build and install the test policy... > >> >> -echo "building and installing test_policy module..." > >> >> -cd $POLICYDIR > >> >> -make load > >> >> +echo "installing test_policy module..." > >> >> +$SEMODULE -i $POLICYDIR/test_policy.pp > >> >> if [ $? != 0 ]; then > >> >> - echo "Failed to build and load test_policy module, aborting test run." > >> >> + echo "Failed to install load test_policy module, aborting test run." > >> >> config_unset_expandcheck > >> >> exit 1 > >> >> else > >> >> @@ -126,8 +125,7 @@ > >> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > >> >> > >> >> echo "Removing test_policy module..." > >> >> -cd $POLICYDIR > >> >> -make cleanup 2>&1 > >> >> +$SEMODULE -r test_policy > >> >> if [ $? != 0 ]; then > >> >> echo "Failed to remove test_policy module." > >> >> exit 1 > >> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > >> >> =================================================================== > >> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > >> >> retrieving revision 1.17 > >> >> diff -u -r1.17 Makefile > >> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 > >> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 > >> >> @@ -39,10 +39,11 @@ > >> >> > >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy > >> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > >> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > >> >> > >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy > >> >> > >> >> -INSTALL_TARGETS := Makefile.selinux > >> >> +INSTALL_TARGETS := test_policy.pp > >> >> > >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files > >> >> > >> >> @@ -63,8 +64,17 @@ > >> >> POLICY_FILES := test_global.te \ > >> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) > >> >> > >> >> +all: test_policy.pp > >> >> + > >> >> +test_policy.pp: test_policy.te > >> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > >> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ > >> >> + else \ > >> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > >> >> + false; \ > >> >> + fi > >> >> + > >> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) > >> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ > >> >> > >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk > >> >> -include $(abs_srcdir)/Makefile.selinux > >> > > >> > Cool! This is a lot easier than I originally thought it would be. > >> > > >> > Everything specified with all should be specified instead with the > >> > >> s/Everything specified with all/All dependencies of all/ > >> > >> MAKE_TARGETS variable. This is because it adds everything in > >> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then > >> > handle it appropriately via clean and install. > >> > > >> > All I have to do after this is resolve the (semodule?) security bit > >> > enabling for the tests, and we'll be in good shape for all build, > >> > install, and test scenarios with selinux. > > > > Further diff on top of the prior one to resolve a few remaining issues > > in getting the tests to pass. With these two patches, all tests appear > > to pass on Fedora 12. > > > > Things that remain unresolved: > > - RHEL4 support. Is RHEL4 to be supported still by ltp, given > > dependencies? RHEL4 has been using the test policy under policy/ and > > has a different build/load process. > > - Running individual tests manually. As described in the > > selinux-testsuite README, it used to be possible to run individual tests > > via tests/runtest.sh in order to more easily hunt down specific failures > > and get more verbose output than we get from any of the results/* files. > > > > diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh > > --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > > +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000 > > @@ -113,7 +113,7 @@ > > # The ../testcases/bin directory needs to have the test_file_t type. > > # Save and restore later. > > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin > > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin > > > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > > > > @@ -122,7 +122,7 @@ > > rm -rf $TMP/selinux > > > > # Restore type of .../testcases/bin directory > > -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > > +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin > > > > echo "Removing test_policy module..." > > $SEMODULE -r test_policy > > only in patch2: > > unchanged: > > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7 > > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000 > > @@ -193,7 +193,7 @@ > > fi > > > > # return to $LTPROOT directory > > - cd ${PWD} > > + cd ${SAVEPWD} > > > > return $RC > > } > > only in patch2: > > unchanged: > > --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2 > > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000 > > @@ -25,8 +25,6 @@ > > include $(top_srcdir)/include/mk/env_pre.mk > > include $(abs_srcdir)/../Makefile.inc > > > > -LDFLAGS += -static > > - > > LDLIBS += -lselinux > > > > include $(top_srcdir)/include/mk/generic_leaf_target.mk > > only in patch2: > > unchanged: > > --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4 > > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000 > > @@ -25,6 +25,7 @@ > > > > # run tests in $LTPROOT/testcases/bin directory > > SAVEPWD=${PWD} > > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} > > cd ${LTPBIN} > > CURRENTDIR="." > > } > > @@ -39,7 +40,7 @@ > > # the test_file from test_inherit_parent_t. > > # Should fail on fd use permission. > > > > - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1 > > + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1 > > RC=$? > > if [ $RC -ne 0 ] > > then > > Ok -- the rest of this has been committed -- please let me know > how everything goes tomorrow! It seems rather broken. Specifically: - policy/Makefile and refpolicy/Makefile still contain references to Makefile.selinux. - test_selinux.sh seems to have a wrong notion of LTPROOT and/or to be running in the wrong cwd and thus cannot execute pan and friends. It also cannot both cd to $POLICYDIR and still use $POLICYDIR in the path to test_policy.pp. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-15 14:11 ` Stephen Smalley @ 2010-01-15 14:17 ` Stephen Smalley 0 siblings, 0 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-15 14:17 UTC (permalink / raw) To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list On Fri, 2010-01-15 at 09:11 -0500, Stephen Smalley wrote: > On Thu, 2010-01-14 at 20:44 -0800, Garrett Cooper wrote: > > On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote: > > >> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > >> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > >> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: > > >> >>> I guess I'm not being clear. Most of the work presently done by 'load' > > >> >>> can be done during make all/install. In particular, everything except > > >> >>> for running semodule -i can be done during make all, and then make > > >> >>> install should just copy test_policy.pp (the output of make all) to > > >> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule > > >> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy > > >> >>> afterward. We can also avoid copying test_policy.te to the system > > >> >>> policy devel directory altogether. Something like this patch (and > > >> >>> Makefile.selinux can then be removed altogether): > > >> >> > > >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected > > >> >> patch is below. This one actually runs ;) > > >> >> > > >> >> Index: testscripts/test_selinux.sh > > >> >> =================================================================== > > >> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > > >> >> retrieving revision 1.15 > > >> >> diff -u -r1.15 test_selinux.sh > > >> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 > > >> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > > >> >> @@ -89,11 +89,10 @@ > > >> >> config_allow_domain_fd_use 0 > > >> >> > > >> >> # build and install the test policy... > > >> >> -echo "building and installing test_policy module..." > > >> >> -cd $POLICYDIR > > >> >> -make load > > >> >> +echo "installing test_policy module..." > > >> >> +$SEMODULE -i $POLICYDIR/test_policy.pp > > >> >> if [ $? != 0 ]; then > > >> >> - echo "Failed to build and load test_policy module, aborting test run." > > >> >> + echo "Failed to install load test_policy module, aborting test run." > > >> >> config_unset_expandcheck > > >> >> exit 1 > > >> >> else > > >> >> @@ -126,8 +125,7 @@ > > >> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > > >> >> > > >> >> echo "Removing test_policy module..." > > >> >> -cd $POLICYDIR > > >> >> -make cleanup 2>&1 > > >> >> +$SEMODULE -r test_policy > > >> >> if [ $? != 0 ]; then > > >> >> echo "Failed to remove test_policy module." > > >> >> exit 1 > > >> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > > >> >> =================================================================== > > >> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > > >> >> retrieving revision 1.17 > > >> >> diff -u -r1.17 Makefile > > >> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17 > > >> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000 > > >> >> @@ -39,10 +39,11 @@ > > >> >> > > >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy > > >> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > > >> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > > >> >> > > >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy > > >> >> > > >> >> -INSTALL_TARGETS := Makefile.selinux > > >> >> +INSTALL_TARGETS := test_policy.pp > > >> >> > > >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > >> >> > > >> >> @@ -63,8 +64,17 @@ > > >> >> POLICY_FILES := test_global.te \ > > >> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) > > >> >> > > >> >> +all: test_policy.pp > > >> >> + > > >> >> +test_policy.pp: test_policy.te > > >> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > > >> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ > > >> >> + else \ > > >> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > > >> >> + false; \ > > >> >> + fi > > >> >> + > > >> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) > > >> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ > > >> >> > > >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk > > >> >> -include $(abs_srcdir)/Makefile.selinux > > >> > > > >> > Cool! This is a lot easier than I originally thought it would be. > > >> > > > >> > Everything specified with all should be specified instead with the > > >> > > >> s/Everything specified with all/All dependencies of all/ > > >> > > >> MAKE_TARGETS variable. This is because it adds everything in > > >> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then > > >> > handle it appropriately via clean and install. > > >> > > > >> > All I have to do after this is resolve the (semodule?) security bit > > >> > enabling for the tests, and we'll be in good shape for all build, > > >> > install, and test scenarios with selinux. > > > > > > Further diff on top of the prior one to resolve a few remaining issues > > > in getting the tests to pass. With these two patches, all tests appear > > > to pass on Fedora 12. > > > > > > Things that remain unresolved: > > > - RHEL4 support. Is RHEL4 to be supported still by ltp, given > > > dependencies? RHEL4 has been using the test policy under policy/ and > > > has a different build/load process. > > > - Running individual tests manually. As described in the > > > selinux-testsuite README, it used to be possible to run individual tests > > > via tests/runtest.sh in order to more easily hunt down specific failures > > > and get more verbose output than we get from any of the results/* files. > > > > > > diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh > > > --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > > > +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000 > > > @@ -113,7 +113,7 @@ > > > # The ../testcases/bin directory needs to have the test_file_t type. > > > # Save and restore later. > > > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > > > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin > > > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin > > > > > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux > > > > > > @@ -122,7 +122,7 @@ > > > rm -rf $TMP/selinux > > > > > > # Restore type of .../testcases/bin directory > > > -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > > > +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin > > > > > > echo "Removing test_policy module..." > > > $SEMODULE -r test_policy > > > only in patch2: > > > unchanged: > > > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7 > > > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000 > > > @@ -193,7 +193,7 @@ > > > fi > > > > > > # return to $LTPROOT directory > > > - cd ${PWD} > > > + cd ${SAVEPWD} > > > > > > return $RC > > > } > > > only in patch2: > > > unchanged: > > > --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2 > > > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000 > > > @@ -25,8 +25,6 @@ > > > include $(top_srcdir)/include/mk/env_pre.mk > > > include $(abs_srcdir)/../Makefile.inc > > > > > > -LDFLAGS += -static > > > - > > > LDLIBS += -lselinux > > > > > > include $(top_srcdir)/include/mk/generic_leaf_target.mk > > > only in patch2: > > > unchanged: > > > --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4 > > > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000 > > > @@ -25,6 +25,7 @@ > > > > > > # run tests in $LTPROOT/testcases/bin directory > > > SAVEPWD=${PWD} > > > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} > > > cd ${LTPBIN} > > > CURRENTDIR="." > > > } > > > @@ -39,7 +40,7 @@ > > > # the test_file from test_inherit_parent_t. > > > # Should fail on fd use permission. > > > > > > - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1 > > > + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1 > > > RC=$? > > > if [ $RC -ne 0 ] > > > then > > > > Ok -- the rest of this has been committed -- please let me know > > how everything goes tomorrow! > > It seems rather broken. Specifically: > - policy/Makefile and refpolicy/Makefile still contain references to > Makefile.selinux. > - test_selinux.sh seems to have a wrong notion of LTPROOT and/or to be > running in the wrong cwd and thus cannot execute pan and friends. It > also cannot both cd to $POLICYDIR and still use $POLICYDIR in the path > to test_policy.pp. If you have a working Fedora VM, you really ought to be able to run this yourself there without any special setup - SELinux is enabled by default in Fedora and should work out of the box. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 21:00 ` Serge E. Hallyn 2010-01-11 21:31 ` Serge E. Hallyn @ 2010-01-12 8:29 ` Garrett Cooper 2010-01-12 13:00 ` Stephen Smalley 2010-01-12 15:38 ` Serge E. Hallyn 1 sibling, 2 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 8:29 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > Quoting Serge E. Hallyn (serue@us.ibm.com): >> Quoting Serge E. Hallyn (serue@us.ibm.com): >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> > > > > Fails with: >> > > > > cp: cannot stat >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> > > > >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> > > > >> > > > I think we are supposed to actually be running >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> > > > testscript? Or should the policy sources be copied into /opt? >> > > >> > > Ok, but regardless: the refpolicy Makefile is still broken. >> > >> > Yup. >> >> All right, baby-steps. >> >> The attached test_selinux.diff is not to be applied, but something >> like it is needed. Should we have the ltp 'make install' fill in >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >> that is the issue I was saying is shared between test_selinux.sh >> and some others including test_robind.sh. That's why I'm not just >> sending a patch to make it work, bc i think we need more general >> guidance. >> >> The second match makes the 'make load' part of test_selinux.sh >> succeed on rhel5.4. Stephen, how does it do on fedora? >> >> After loading policy it fails to execute ltp-pan, but I figure let's >> get policy loading working first. >> >> -serge > > gah, attaching the actual patches this time. > > -serge 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp hardcoded as LTPROOT. 2. Why is the redhat stuff support to work agnostic to the major and minor version? Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 8:29 ` Garrett Cooper @ 2010-01-12 13:00 ` Stephen Smalley 2010-01-12 15:38 ` Serge E. Hallyn 1 sibling, 0 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-12 13:00 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Tue, 2010-01-12 at 00:29 -0800, Garrett Cooper wrote: > On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > > Quoting Serge E. Hallyn (serue@us.ibm.com): > >> Quoting Serge E. Hallyn (serue@us.ibm.com): > >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): > >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > >> > > > > Fails with: > >> > > > > cp: cannot stat > >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > >> > > > > >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > >> > > > > >> > > > I think we are supposed to actually be running > >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > >> > > > testscript? Or should the policy sources be copied into /opt? > >> > > > >> > > Ok, but regardless: the refpolicy Makefile is still broken. > >> > > >> > Yup. > >> > >> All right, baby-steps. > >> > >> The attached test_selinux.diff is not to be applied, but something > >> like it is needed. Should we have the ltp 'make install' fill in > >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > >> that is the issue I was saying is shared between test_selinux.sh > >> and some others including test_robind.sh. That's why I'm not just > >> sending a patch to make it work, bc i think we need more general > >> guidance. > >> > >> The second match makes the 'make load' part of test_selinux.sh > >> succeed on rhel5.4. Stephen, how does it do on fedora? > >> > >> After loading policy it fails to execute ltp-pan, but I figure let's > >> get policy loading working first. > >> > >> -serge > > > > gah, attaching the actual patches this time. > > > > -serge > > 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp > hardcoded as LTPROOT. 2. Why is the redhat stuff support to work > agnostic to the major and minor version? We haven't yet had to fork the test policy based on minor version, only based on major version. So we presently have a fork of the test policy for rhel5, and will likely create one for rhel6 when it is released, while "generic" will continue to track latest fedora. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 8:29 ` Garrett Cooper 2010-01-12 13:00 ` Stephen Smalley @ 2010-01-12 15:38 ` Serge E. Hallyn 2010-01-12 16:56 ` Garrett Cooper ` (2 more replies) 1 sibling, 3 replies; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-12 15:38 UTC (permalink / raw) To: Garrett Cooper; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris Quoting Garrett Cooper (yanegomi@gmail.com): > On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > > Quoting Serge E. Hallyn (serue@us.ibm.com): > >> Quoting Serge E. Hallyn (serue@us.ibm.com): > >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): > >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > >> > > > > Fails with: > >> > > > > cp: cannot stat > >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > >> > > > > >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > >> > > > > >> > > > I think we are supposed to actually be running > >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > >> > > > testscript? Or should the policy sources be copied into /opt? > >> > > > >> > > Ok, but regardless: the refpolicy Makefile is still broken. > >> > > >> > Yup. > >> > >> All right, baby-steps. > >> > >> The attached test_selinux.diff is not to be applied, but something > >> like it is needed. Should we have the ltp 'make install' fill in > >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > >> that is the issue I was saying is shared between test_selinux.sh > >> and some others including test_robind.sh. That's why I'm not just > >> sending a patch to make it work, bc i think we need more general > >> guidance. > >> > >> The second match makes the 'make load' part of test_selinux.sh > >> succeed on rhel5.4. Stephen, how does it do on fedora? > >> > >> After loading policy it fails to execute ltp-pan, but I figure let's > >> get policy loading working first. > >> > >> -serge > > > > gah, attaching the actual patches this time. > > > > -serge > > 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp > hardcoded as LTPROOT. I said 'not to be applied'. You're not rejecting. > 2. Why is the redhat stuff support to work > agnostic to the major and minor version? It's not agnostic to the major version. Only the minor version. And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) i suppose we can just get rid of rhel4 support selinux-testsuite. Or pull it out altogether. -serge ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 15:38 ` Serge E. Hallyn @ 2010-01-12 16:56 ` Garrett Cooper 2010-01-12 18:51 ` Stephen Smalley 2010-01-15 17:48 ` Garrett Cooper 2 siblings, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 16:56 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > Quoting Garrett Cooper (yanegomi@gmail.com): >> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: >> > Quoting Serge E. Hallyn (serue@us.ibm.com): >> >> Quoting Serge E. Hallyn (serue@us.ibm.com): >> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> >> > > > > Fails with: >> >> > > > > cp: cannot stat >> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> >> > > > >> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> >> > > > >> >> > > > I think we are supposed to actually be running >> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> >> > > > testscript? Or should the policy sources be copied into /opt? >> >> > > >> >> > > Ok, but regardless: the refpolicy Makefile is still broken. >> >> > >> >> > Yup. >> >> >> >> All right, baby-steps. >> >> >> >> The attached test_selinux.diff is not to be applied, but something >> >> like it is needed. Should we have the ltp 'make install' fill in >> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >> >> that is the issue I was saying is shared between test_selinux.sh >> >> and some others including test_robind.sh. That's why I'm not just >> >> sending a patch to make it work, bc i think we need more general >> >> guidance. >> >> >> >> The second match makes the 'make load' part of test_selinux.sh >> >> succeed on rhel5.4. Stephen, how does it do on fedora? >> >> >> >> After loading policy it fails to execute ltp-pan, but I figure let's >> >> get policy loading working first. >> >> >> >> -serge >> > >> > gah, attaching the actual patches this time. >> > >> > -serge >> >> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp >> hardcoded as LTPROOT. > > I said 'not to be applied'. You're not rejecting. > >> 2. Why is the redhat stuff support to work >> agnostic to the major and minor version? > > It's not agnostic to the major version. Only the minor version. > > And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) > i suppose we can just get rid of rhel4 support selinux-testsuite. > > Or pull it out altogether. Ok... sorry for the misunderstanding (looks around sheepishly :\). -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 15:38 ` Serge E. Hallyn 2010-01-12 16:56 ` Garrett Cooper @ 2010-01-12 18:51 ` Stephen Smalley 2010-01-15 17:48 ` Garrett Cooper 2 siblings, 0 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-12 18:51 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris On Tue, 2010-01-12 at 09:38 -0600, Serge E. Hallyn wrote: > Quoting Garrett Cooper (yanegomi@gmail.com): > > On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > > > Quoting Serge E. Hallyn (serue@us.ibm.com): > > >> Quoting Serge E. Hallyn (serue@us.ibm.com): > > >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > > >> > > > > Fails with: > > >> > > > > cp: cannot stat > > >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > > >> > > > > > >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > > >> > > > > > >> > > > I think we are supposed to actually be running > > >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > > >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > > >> > > > testscript? Or should the policy sources be copied into /opt? > > >> > > > > >> > > Ok, but regardless: the refpolicy Makefile is still broken. > > >> > > > >> > Yup. > > >> > > >> All right, baby-steps. > > >> > > >> The attached test_selinux.diff is not to be applied, but something > > >> like it is needed. Should we have the ltp 'make install' fill in > > >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > > >> that is the issue I was saying is shared between test_selinux.sh > > >> and some others including test_robind.sh. That's why I'm not just > > >> sending a patch to make it work, bc i think we need more general > > >> guidance. > > >> > > >> The second match makes the 'make load' part of test_selinux.sh > > >> succeed on rhel5.4. Stephen, how does it do on fedora? > > >> > > >> After loading policy it fails to execute ltp-pan, but I figure let's > > >> get policy loading working first. > > >> > > >> -serge > > > > > > gah, attaching the actual patches this time. > > > > > > -serge > > > > 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp > > hardcoded as LTPROOT. > > I said 'not to be applied'. You're not rejecting. > > > 2. Why is the redhat stuff support to work > > agnostic to the major and minor version? > > It's not agnostic to the major version. Only the minor version. > > And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) > i suppose we can just get rid of rhel4 support selinux-testsuite. > > Or pull it out altogether. Hmm...doesn't Red Hat still use ltp (both main and selinux-testsuite) for regression testing of RHEL4.x releases? -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 15:38 ` Serge E. Hallyn 2010-01-12 16:56 ` Garrett Cooper 2010-01-12 18:51 ` Stephen Smalley @ 2010-01-15 17:48 ` Garrett Cooper 2010-01-26 8:31 ` Garrett Cooper 2 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-15 17:48 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > Quoting Garrett Cooper (yanegomi@gmail.com): >> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: >> > Quoting Serge E. Hallyn (serue@us.ibm.com): >> >> Quoting Serge E. Hallyn (serue@us.ibm.com): >> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> >> > > > > Fails with: >> >> > > > > cp: cannot stat >> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> >> > > > >> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> >> > > > >> >> > > > I think we are supposed to actually be running >> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> >> > > > testscript? Or should the policy sources be copied into /opt? >> >> > > >> >> > > Ok, but regardless: the refpolicy Makefile is still broken. >> >> > >> >> > Yup. >> >> >> >> All right, baby-steps. >> >> >> >> The attached test_selinux.diff is not to be applied, but something >> >> like it is needed. Should we have the ltp 'make install' fill in >> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >> >> that is the issue I was saying is shared between test_selinux.sh >> >> and some others including test_robind.sh. That's why I'm not just >> >> sending a patch to make it work, bc i think we need more general >> >> guidance. >> >> >> >> The second match makes the 'make load' part of test_selinux.sh >> >> succeed on rhel5.4. Stephen, how does it do on fedora? >> >> >> >> After loading policy it fails to execute ltp-pan, but I figure let's >> >> get policy loading working first. >> >> >> >> -serge >> > >> > gah, attaching the actual patches this time. >> > >> > -serge >> >> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp >> hardcoded as LTPROOT. > > I said 'not to be applied'. You're not rejecting. > >> 2. Why is the redhat stuff support to work >> agnostic to the major and minor version? > > It's not agnostic to the major version. Only the minor version. > > And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) > i suppose we can just get rid of rhel4 support selinux-testsuite. No. 1. Compiling make 3.81 today and installing it is trivial, so it shouldn't be removed today. 2. I've finally decided that I'm going to look outside of the box into providing equivalent functionality via shell functions using purely built-in commands [and test(1)] to fill in the feature gaps for make 3.80. I've gotten to the point where I just gave up trying to ride out what I possibly can in make 3.80, so it's time to pull in some external pieces to get the job done. Thanks, -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-15 17:48 ` Garrett Cooper @ 2010-01-26 8:31 ` Garrett Cooper 2010-01-26 14:30 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-26 8:31 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: >> Quoting Garrett Cooper (yanegomi@gmail.com): >>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: >>> > Quoting Serge E. Hallyn (serue@us.ibm.com): >>> >> Quoting Serge E. Hallyn (serue@us.ibm.com): >>> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): >>> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >>> >> > > > > Fails with: >>> >> > > > > cp: cannot stat >>> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >>> >> > > > >>> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >>> >> > > > >>> >> > > > I think we are supposed to actually be running >>> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for >>> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >>> >> > > > testscript? Or should the policy sources be copied into /opt? >>> >> > > >>> >> > > Ok, but regardless: the refpolicy Makefile is still broken. >>> >> > >>> >> > Yup. >>> >> >>> >> All right, baby-steps. >>> >> >>> >> The attached test_selinux.diff is not to be applied, but something >>> >> like it is needed. Should we have the ltp 'make install' fill in >>> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >>> >> that is the issue I was saying is shared between test_selinux.sh >>> >> and some others including test_robind.sh. That's why I'm not just >>> >> sending a patch to make it work, bc i think we need more general >>> >> guidance. >>> >> >>> >> The second match makes the 'make load' part of test_selinux.sh >>> >> succeed on rhel5.4. Stephen, how does it do on fedora? >>> >> >>> >> After loading policy it fails to execute ltp-pan, but I figure let's >>> >> get policy loading working first. >>> >> >>> >> -serge >>> > >>> > gah, attaching the actual patches this time. >>> > >>> > -serge >>> >>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp >>> hardcoded as LTPROOT. >> >> I said 'not to be applied'. You're not rejecting. >> >>> 2. Why is the redhat stuff support to work >>> agnostic to the major and minor version? >> >> It's not agnostic to the major version. Only the minor version. >> >> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) >> i suppose we can just get rid of rhel4 support selinux-testsuite. > > No. 1. Compiling make 3.81 today and installing it is trivial, so it > shouldn't be removed today. 2. I've finally decided that I'm going to > look outside of the box into providing equivalent functionality via > shell functions using purely built-in commands [and test(1)] to fill > in the feature gaps for make 3.80. I've gotten to the point where I > just gave up trying to ride out what I possibly can in make 3.80, so > it's time to pull in some external pieces to get the job done. All of the install junk works now, but the modes need fixing, or some such fun. Please analyze the test_selinux.sh script and tell me what to commit next to fix everything. Thanks, -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-26 8:31 ` Garrett Cooper @ 2010-01-26 14:30 ` Stephen Smalley 2010-01-27 6:34 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-26 14:30 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote: > On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote: > > On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > >> Quoting Garrett Cooper (yanegomi@gmail.com): > >>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > >>> > Quoting Serge E. Hallyn (serue@us.ibm.com): > >>> >> Quoting Serge E. Hallyn (serue@us.ibm.com): > >>> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov): > >>> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > >>> >> > > > > Fails with: > >>> >> > > > > cp: cannot stat > >>> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > >>> >> > > > > >>> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > >>> >> > > > > >>> >> > > > I think we are supposed to actually be running > >>> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for > >>> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > >>> >> > > > testscript? Or should the policy sources be copied into /opt? > >>> >> > > > >>> >> > > Ok, but regardless: the refpolicy Makefile is still broken. > >>> >> > > >>> >> > Yup. > >>> >> > >>> >> All right, baby-steps. > >>> >> > >>> >> The attached test_selinux.diff is not to be applied, but something > >>> >> like it is needed. Should we have the ltp 'make install' fill in > >>> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > >>> >> that is the issue I was saying is shared between test_selinux.sh > >>> >> and some others including test_robind.sh. That's why I'm not just > >>> >> sending a patch to make it work, bc i think we need more general > >>> >> guidance. > >>> >> > >>> >> The second match makes the 'make load' part of test_selinux.sh > >>> >> succeed on rhel5.4. Stephen, how does it do on fedora? > >>> >> > >>> >> After loading policy it fails to execute ltp-pan, but I figure let's > >>> >> get policy loading working first. > >>> >> > >>> >> -serge > >>> > > >>> > gah, attaching the actual patches this time. > >>> > > >>> > -serge > >>> > >>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp > >>> hardcoded as LTPROOT. > >> > >> I said 'not to be applied'. You're not rejecting. > >> > >>> 2. Why is the redhat stuff support to work > >>> agnostic to the major and minor version? > >> > >> It's not agnostic to the major version. Only the minor version. > >> > >> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) > >> i suppose we can just get rid of rhel4 support selinux-testsuite. > > > > No. 1. Compiling make 3.81 today and installing it is trivial, so it > > shouldn't be removed today. 2. I've finally decided that I'm going to > > look outside of the box into providing equivalent functionality via > > shell functions using purely built-in commands [and test(1)] to fill > > in the feature gaps for make 3.80. I've gotten to the point where I > > just gave up trying to ride out what I possibly can in make 3.80, so > > it's time to pull in some external pieces to get the job done. > > All of the install junk works now, but the modes need fixing, or > some such fun. Please analyze the test_selinux.sh script and tell me > what to commit next to fix everything. Hi Garrett, I needed to apply the patch below to make test_selinux.sh run successfully on Fedora 12. The problems were: - The setting of LTPROOT in test_selinux.sh was incorrect, leading to problems with invoking everything else. Note that I invoke it by doing: cd /opt/ltp && ./testscripts/test_selinux.sh and thus $0 is a relative path, whereas we want an absolute one. - You don't need to cd to $POLICYDIR at all since you specify $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on the installed policy module. - The attempt to extract paths from runtest/selinux and invoke chcon on them wasn't working as $LTPROOT wasn't being expanded; easier to just do a chcon -R there as before. - runtest/selinux had the wrong paths to the test programs (or alternatively, they aren't being installed to the right location - they all get installed directly to $LTPROOT/testcases/bin. Index: testscripts/test_selinux.sh =================================================================== RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v retrieving revision 1.20 diff -u -r1.20 test_selinux.sh --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20 +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000 @@ -37,15 +37,14 @@ fi # set the LTPROOT directory -LTPROOT=${LTPROOT:=${0%/*}} -cd "$LTPROOT" +LTPROOT=`pwd` export TMP=${TMP:-/tmp} -# If we're in the testscripts directory, go down a dir.. +# If we're in the testscripts directory, go up a dir.. LTPROOT_TMP=${LTPROOT%/testscripts} if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] then cd .. - LTPROOT=$LTPROOT_TMP + LTPROOT=`pwd` fi export LTPROOT unset LTPROOT_TMP @@ -89,7 +88,6 @@ # install the test policy... echo "Installing test_policy module..." -cd $POLICYDIR if ! semodule -i $POLICYDIR/test_policy.pp; then echo "Failed to install test_policy module, aborting test run." config_unset_expandcheck @@ -100,9 +98,6 @@ config_unset_expandcheck -# go back to test's root directory -cd $LTPROOT - echo "Running the SELinux testsuite..." mkdir $TMP/selinux > /dev/null 2>&1 @@ -112,8 +107,7 @@ # The ../testcases/bin directory needs to have the test_file_t type. # Save and restore later. SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \ - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux") +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \ -l $LTPROOT/results/selinux.logfile \ @@ -127,7 +121,6 @@ /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin echo "Removing test_policy module..." -cd $POLICYDIR if ! semodule -r test_policy; then echo "Failed to remove test_policy module." exit 1 Index: runtest/selinux =================================================================== RCS file: /cvsroot/ltp/ltp/runtest/selinux,v retrieving revision 1.4 diff -u -r1.4 selinux --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4 +++ runtest/selinux 26 Jan 2010 14:20:40 -0000 @@ -1,40 +1,40 @@ #DESCRIPTION:Security-Enhanced Linux -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-26 14:30 ` Stephen Smalley @ 2010-01-27 6:34 ` Garrett Cooper 2010-01-27 19:12 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-27 6:34 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote: > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote: >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote: >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: >>>> Quoting Garrett Cooper (yanegomi@gmail.com): >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov): >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >>>>>>>>>>> Fails with: >>>>>>>>>>> cp: cannot stat >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >>>>>>>>>> >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >>>>>>>>>> >>>>>>>>>> I think we are supposed to actually be running >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >>>>>>>>>> testscript? Or should the policy sources be copied into /opt? >>>>>>>>> >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken. >>>>>>>> >>>>>>>> Yup. >>>>>>> >>>>>>> All right, baby-steps. >>>>>>> >>>>>>> The attached test_selinux.diff is not to be applied, but something >>>>>>> like it is needed. Should we have the ltp 'make install' fill in >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >>>>>>> that is the issue I was saying is shared between test_selinux.sh >>>>>>> and some others including test_robind.sh. That's why I'm not just >>>>>>> sending a patch to make it work, bc i think we need more general >>>>>>> guidance. >>>>>>> >>>>>>> The second match makes the 'make load' part of test_selinux.sh >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora? >>>>>>> >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's >>>>>>> get policy loading working first. >>>>>>> >>>>>>> -serge >>>>>> >>>>>> gah, attaching the actual patches this time. >>>>>> >>>>>> -serge >>>>> >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp >>>>> hardcoded as LTPROOT. >>>> >>>> I said 'not to be applied'. You're not rejecting. >>>> >>>>> 2. Why is the redhat stuff support to work >>>>> agnostic to the major and minor version? >>>> >>>> It's not agnostic to the major version. Only the minor version. >>>> >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) >>>> i suppose we can just get rid of rhel4 support selinux-testsuite. >>> >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it >>> shouldn't be removed today. 2. I've finally decided that I'm going to >>> look outside of the box into providing equivalent functionality via >>> shell functions using purely built-in commands [and test(1)] to fill >>> in the feature gaps for make 3.80. I've gotten to the point where I >>> just gave up trying to ride out what I possibly can in make 3.80, so >>> it's time to pull in some external pieces to get the job done. >> >> All of the install junk works now, but the modes need fixing, or >> some such fun. Please analyze the test_selinux.sh script and tell me >> what to commit next to fix everything. > > Hi Garrett, > > I needed to apply the patch below to make test_selinux.sh run > successfully on Fedora 12. The problems were: > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to > problems with invoking everything else. Note that I invoke it by doing: > cd /opt/ltp && ./testscripts/test_selinux.sh > and thus $0 is a relative path, whereas we want an absolute one. > - You don't need to cd to $POLICYDIR at all since you specify > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on > the installed policy module. > - The attempt to extract paths from runtest/selinux and invoke chcon on > them wasn't working as $LTPROOT wasn't being expanded; easier to just do > a chcon -R there as before. > - runtest/selinux had the wrong paths to the test programs (or > alternatively, they aren't being installed to the right location - they > all get installed directly to $LTPROOT/testcases/bin. > > Index: testscripts/test_selinux.sh > =================================================================== > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > retrieving revision 1.20 > diff -u -r1.20 test_selinux.sh > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20 > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000 > @@ -37,15 +37,14 @@ > fi > > # set the LTPROOT directory > -LTPROOT=${LTPROOT:=${0%/*}} > -cd "$LTPROOT" > +LTPROOT=`pwd` > export TMP=${TMP:-/tmp} > -# If we're in the testscripts directory, go down a dir.. > +# If we're in the testscripts directory, go up a dir.. > LTPROOT_TMP=${LTPROOT%/testscripts} > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] > then > cd .. > - LTPROOT=$LTPROOT_TMP > + LTPROOT=`pwd` > fi > export LTPROOT > unset LTPROOT_TMP > @@ -89,7 +88,6 @@ > > # install the test policy... > echo "Installing test_policy module..." > -cd $POLICYDIR > if ! semodule -i $POLICYDIR/test_policy.pp; then > echo "Failed to install test_policy module, aborting test run." > config_unset_expandcheck > @@ -100,9 +98,6 @@ > > config_unset_expandcheck > > -# go back to test's root directory > -cd $LTPROOT > - > echo "Running the SELinux testsuite..." > > mkdir $TMP/selinux > /dev/null 2>&1 > @@ -112,8 +107,7 @@ > # The ../testcases/bin directory needs to have the test_file_t type. > # Save and restore later. > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \ > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux") > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \ > -l $LTPROOT/results/selinux.logfile \ > @@ -127,7 +121,6 @@ > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin > > echo "Removing test_policy module..." > -cd $POLICYDIR > if ! semodule -r test_policy; then > echo "Failed to remove test_policy module." > exit 1 > Index: runtest/selinux > =================================================================== > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v > retrieving revision 1.4 > diff -u -r1.4 selinux > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4 > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000 > @@ -1,40 +1,40 @@ > #DESCRIPTION:Security-Enhanced Linux > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh Ok -- I think that we just resolved the last of the selinux test suite saga by properly The difference between your suggested patch above and what I committed was the line were it determined LTPROOT. Assuming that LTPROOT is the directory where the script was run isn't a smart idea, and I'm pretty sure that you were doing this purely because test_selinux.sh was in your path. After the above items were committed, this is the end result: Total Tests: 39 Total Failures: 0 Kernel Version: 2.6.31.9-174.fc12.i686.PAE Machine Architecture: i686 Hostname: localhost.localdomain I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...? Thanks, -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-27 6:34 ` Garrett Cooper @ 2010-01-27 19:12 ` Stephen Smalley 2010-01-27 22:37 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-27 19:12 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Tue, 2010-01-26 at 22:34 -0800, Garrett Cooper wrote: > On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote: > > > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote: > >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote: > >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > >>>> Quoting Garrett Cooper (yanegomi@gmail.com): > >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: > >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): > >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): > >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov): > >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > >>>>>>>>>>> Fails with: > >>>>>>>>>>> cp: cannot stat > >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > >>>>>>>>>> > >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > >>>>>>>>>> > >>>>>>>>>> I think we are supposed to actually be running > >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for > >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > >>>>>>>>>> testscript? Or should the policy sources be copied into /opt? > >>>>>>>>> > >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken. > >>>>>>>> > >>>>>>>> Yup. > >>>>>>> > >>>>>>> All right, baby-steps. > >>>>>>> > >>>>>>> The attached test_selinux.diff is not to be applied, but something > >>>>>>> like it is needed. Should we have the ltp 'make install' fill in > >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, > >>>>>>> that is the issue I was saying is shared between test_selinux.sh > >>>>>>> and some others including test_robind.sh. That's why I'm not just > >>>>>>> sending a patch to make it work, bc i think we need more general > >>>>>>> guidance. > >>>>>>> > >>>>>>> The second match makes the 'make load' part of test_selinux.sh > >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora? > >>>>>>> > >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's > >>>>>>> get policy loading working first. > >>>>>>> > >>>>>>> -serge > >>>>>> > >>>>>> gah, attaching the actual patches this time. > >>>>>> > >>>>>> -serge > >>>>> > >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp > >>>>> hardcoded as LTPROOT. > >>>> > >>>> I said 'not to be applied'. You're not rejecting. > >>>> > >>>>> 2. Why is the redhat stuff support to work > >>>>> agnostic to the major and minor version? > >>>> > >>>> It's not agnostic to the major version. Only the minor version. > >>>> > >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) > >>>> i suppose we can just get rid of rhel4 support selinux-testsuite. > >>> > >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it > >>> shouldn't be removed today. 2. I've finally decided that I'm going to > >>> look outside of the box into providing equivalent functionality via > >>> shell functions using purely built-in commands [and test(1)] to fill > >>> in the feature gaps for make 3.80. I've gotten to the point where I > >>> just gave up trying to ride out what I possibly can in make 3.80, so > >>> it's time to pull in some external pieces to get the job done. > >> > >> All of the install junk works now, but the modes need fixing, or > >> some such fun. Please analyze the test_selinux.sh script and tell me > >> what to commit next to fix everything. > > > > Hi Garrett, > > > > I needed to apply the patch below to make test_selinux.sh run > > successfully on Fedora 12. The problems were: > > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to > > problems with invoking everything else. Note that I invoke it by doing: > > cd /opt/ltp && ./testscripts/test_selinux.sh > > and thus $0 is a relative path, whereas we want an absolute one. > > - You don't need to cd to $POLICYDIR at all since you specify > > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on > > the installed policy module. > > - The attempt to extract paths from runtest/selinux and invoke chcon on > > them wasn't working as $LTPROOT wasn't being expanded; easier to just do > > a chcon -R there as before. > > - runtest/selinux had the wrong paths to the test programs (or > > alternatively, they aren't being installed to the right location - they > > all get installed directly to $LTPROOT/testcases/bin. > > > > Index: testscripts/test_selinux.sh > > =================================================================== > > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > > retrieving revision 1.20 > > diff -u -r1.20 test_selinux.sh > > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20 > > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000 > > @@ -37,15 +37,14 @@ > > fi > > > > # set the LTPROOT directory > > -LTPROOT=${LTPROOT:=${0%/*}} > > -cd "$LTPROOT" > > +LTPROOT=`pwd` > > export TMP=${TMP:-/tmp} > > -# If we're in the testscripts directory, go down a dir.. > > +# If we're in the testscripts directory, go up a dir.. > > LTPROOT_TMP=${LTPROOT%/testscripts} > > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] > > then > > cd .. > > - LTPROOT=$LTPROOT_TMP > > + LTPROOT=`pwd` > > fi > > export LTPROOT > > unset LTPROOT_TMP > > @@ -89,7 +88,6 @@ > > > > # install the test policy... > > echo "Installing test_policy module..." > > -cd $POLICYDIR > > if ! semodule -i $POLICYDIR/test_policy.pp; then > > echo "Failed to install test_policy module, aborting test run." > > config_unset_expandcheck > > @@ -100,9 +98,6 @@ > > > > config_unset_expandcheck > > > > -# go back to test's root directory > > -cd $LTPROOT > > - > > echo "Running the SELinux testsuite..." > > > > mkdir $TMP/selinux > /dev/null 2>&1 > > @@ -112,8 +107,7 @@ > > # The ../testcases/bin directory needs to have the test_file_t type. > > # Save and restore later. > > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` > > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \ > > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux") > > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin > > > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \ > > -l $LTPROOT/results/selinux.logfile \ > > @@ -127,7 +121,6 @@ > > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin > > > > echo "Removing test_policy module..." > > -cd $POLICYDIR > > if ! semodule -r test_policy; then > > echo "Failed to remove test_policy module." > > exit 1 > > Index: runtest/selinux > > =================================================================== > > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v > > retrieving revision 1.4 > > diff -u -r1.4 selinux > > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4 > > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000 > > @@ -1,40 +1,40 @@ > > #DESCRIPTION:Security-Enhanced Linux > > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh > > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh > > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh > > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh > > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh > > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh > > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh > > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh > > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh > > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh > > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh > > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh > > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh > > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh > > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh > > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh > > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh > > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh > > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh > > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh > > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh > > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh > > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh > > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh > > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh > > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh > > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh > > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh > > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh > > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh > > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh > > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh > > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh > > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh > > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh > > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh > > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh > > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh > > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh > > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh > > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh > > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh > > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh > > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh > > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh > > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh > > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh > > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh > > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh > > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh > > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh > > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh > > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh > > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh > > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh > > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh > > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh > > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh > > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh > > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh > > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh > > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh > > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh > > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh > > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh > > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh > > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh > > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh > > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh > > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh > > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh > > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh > > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh > > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh > > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh > > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh > > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh > > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh > > Ok -- I think that we just resolved the last of the selinux test suite saga by properly > > The difference between your suggested patch above and what I committed > was the line were it determined LTPROOT. Assuming that LTPROOT is the > directory where the script was run isn't a smart idea, and I'm pretty > sure that you were doing this purely because test_selinux.sh was in > your path. So you require that the test script be invoked by absolute path, ala: $ /opt/ltp/testscripts/test_selinux.sh I was invoking the tests via: $ cd /opt/ltp $ ./testscripts/test_selinux.sh The latter won't work with your current LTPROOT definition; it will end up with a LTPROOT=. and LTPBIN=./testcases/bin, which then won't work when it gets referenced by the individual test scripts particularly when they change to a subdirectory for a particular test. This yields a couple of failures in the .log and 'No such file or directory' errors in the .outfile. > After the above items were committed, this is the end result: > > Total Tests: 39 > Total Failures: 0 > Kernel Version: 2.6.31.9-174.fc12.i686.PAE > Machine Architecture: i686 > Hostname: localhost.localdomain > > I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...? When invoked via cd /opt/ltp && ./testscripts/test_selinux.sh I get the following errors in the .outfile: chcon: cannot access `selinux_wait_io': No such file or directory ./testcases/bin/selinux_file.sh: line 188: tst_resm: command not found runcon: selinux_wait_parent: No such file or directory ./testcases/bin/selinux_wait.sh: line 35: tst_resm: command not found runcon: selinux_wait_parent: No such file or directory ./testcases/bin/selinux_wait.sh: line 51: tst_resm: command not found The first message actually shows up even when invoked via /opt/ltp/testscripts/test_selinux.sh, although it doesn't appear to cause any FAIL in that case. The test_resm messages are odd - is that not getting defined anywhere? -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-27 19:12 ` Stephen Smalley @ 2010-01-27 22:37 ` Garrett Cooper 2010-01-28 5:56 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-27 22:37 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Wed, Jan 27, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Tue, 2010-01-26 at 22:34 -0800, Garrett Cooper wrote: >> On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote: >> >> > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote: >> >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote: >> >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: >> >>>> Quoting Garrett Cooper (yanegomi@gmail.com): >> >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: >> >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >> >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >> >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov): >> >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> >>>>>>>>>>> Fails with: >> >>>>>>>>>>> cp: cannot stat >> >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> >>>>>>>>>> >> >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> >>>>>>>>>> >> >>>>>>>>>> I think we are supposed to actually be running >> >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> >>>>>>>>>> testscript? Or should the policy sources be copied into /opt? >> >>>>>>>>> >> >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken. >> >>>>>>>> >> >>>>>>>> Yup. >> >>>>>>> >> >>>>>>> All right, baby-steps. >> >>>>>>> >> >>>>>>> The attached test_selinux.diff is not to be applied, but something >> >>>>>>> like it is needed. Should we have the ltp 'make install' fill in >> >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >> >>>>>>> that is the issue I was saying is shared between test_selinux.sh >> >>>>>>> and some others including test_robind.sh. That's why I'm not just >> >>>>>>> sending a patch to make it work, bc i think we need more general >> >>>>>>> guidance. >> >>>>>>> >> >>>>>>> The second match makes the 'make load' part of test_selinux.sh >> >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora? >> >>>>>>> >> >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's >> >>>>>>> get policy loading working first. >> >>>>>>> >> >>>>>>> -serge >> >>>>>> >> >>>>>> gah, attaching the actual patches this time. >> >>>>>> >> >>>>>> -serge >> >>>>> >> >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp >> >>>>> hardcoded as LTPROOT. >> >>>> >> >>>> I said 'not to be applied'. You're not rejecting. >> >>>> >> >>>>> 2. Why is the redhat stuff support to work >> >>>>> agnostic to the major and minor version? >> >>>> >> >>>> It's not agnostic to the major version. Only the minor version. >> >>>> >> >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) >> >>>> i suppose we can just get rid of rhel4 support selinux-testsuite. >> >>> >> >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it >> >>> shouldn't be removed today. 2. I've finally decided that I'm going to >> >>> look outside of the box into providing equivalent functionality via >> >>> shell functions using purely built-in commands [and test(1)] to fill >> >>> in the feature gaps for make 3.80. I've gotten to the point where I >> >>> just gave up trying to ride out what I possibly can in make 3.80, so >> >>> it's time to pull in some external pieces to get the job done. >> >> >> >> All of the install junk works now, but the modes need fixing, or >> >> some such fun. Please analyze the test_selinux.sh script and tell me >> >> what to commit next to fix everything. >> > >> > Hi Garrett, >> > >> > I needed to apply the patch below to make test_selinux.sh run >> > successfully on Fedora 12. The problems were: >> > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to >> > problems with invoking everything else. Note that I invoke it by doing: >> > cd /opt/ltp && ./testscripts/test_selinux.sh >> > and thus $0 is a relative path, whereas we want an absolute one. >> > - You don't need to cd to $POLICYDIR at all since you specify >> > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on >> > the installed policy module. >> > - The attempt to extract paths from runtest/selinux and invoke chcon on >> > them wasn't working as $LTPROOT wasn't being expanded; easier to just do >> > a chcon -R there as before. >> > - runtest/selinux had the wrong paths to the test programs (or >> > alternatively, they aren't being installed to the right location - they >> > all get installed directly to $LTPROOT/testcases/bin. >> > >> > Index: testscripts/test_selinux.sh >> > =================================================================== >> > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v >> > retrieving revision 1.20 >> > diff -u -r1.20 test_selinux.sh >> > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20 >> > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000 >> > @@ -37,15 +37,14 @@ >> > fi >> > >> > # set the LTPROOT directory >> > -LTPROOT=${LTPROOT:=${0%/*}} >> > -cd "$LTPROOT" >> > +LTPROOT=`pwd` >> > export TMP=${TMP:-/tmp} >> > -# If we're in the testscripts directory, go down a dir.. >> > +# If we're in the testscripts directory, go up a dir.. >> > LTPROOT_TMP=${LTPROOT%/testscripts} >> > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] >> > then >> > cd .. >> > - LTPROOT=$LTPROOT_TMP >> > + LTPROOT=`pwd` >> > fi >> > export LTPROOT >> > unset LTPROOT_TMP >> > @@ -89,7 +88,6 @@ >> > >> > # install the test policy... >> > echo "Installing test_policy module..." >> > -cd $POLICYDIR >> > if ! semodule -i $POLICYDIR/test_policy.pp; then >> > echo "Failed to install test_policy module, aborting test run." >> > config_unset_expandcheck >> > @@ -100,9 +98,6 @@ >> > >> > config_unset_expandcheck >> > >> > -# go back to test's root directory >> > -cd $LTPROOT >> > - >> > echo "Running the SELinux testsuite..." >> > >> > mkdir $TMP/selinux > /dev/null 2>&1 >> > @@ -112,8 +107,7 @@ >> > # The ../testcases/bin directory needs to have the test_file_t type. >> > # Save and restore later. >> > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` >> > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \ >> > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux") >> > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin >> > >> > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \ >> > -l $LTPROOT/results/selinux.logfile \ >> > @@ -127,7 +121,6 @@ >> > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin >> > >> > echo "Removing test_policy module..." >> > -cd $POLICYDIR >> > if ! semodule -r test_policy; then >> > echo "Failed to remove test_policy module." >> > exit 1 >> > Index: runtest/selinux >> > =================================================================== >> > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v >> > retrieving revision 1.4 >> > diff -u -r1.4 selinux >> > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4 >> > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000 >> > @@ -1,40 +1,40 @@ >> > #DESCRIPTION:Security-Enhanced Linux >> > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh >> > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh >> > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh >> > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh >> > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh >> > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh >> > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh >> > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh >> > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh >> > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh >> > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh >> > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh >> > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh >> > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh >> > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh >> > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh >> > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh >> > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh >> > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh >> > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh >> > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh >> > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh >> > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh >> > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh >> > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh >> > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh >> > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh >> > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh >> > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh >> > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh >> > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh >> > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh >> > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh >> > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh >> > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh >> > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh >> > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh >> > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh >> > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh >> > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh >> > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh >> > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh >> > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh >> > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh >> > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh >> > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh >> > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh >> > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh >> > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh >> > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh >> > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh >> > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh >> > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh >> > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh >> > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh >> > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh >> > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh >> > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh >> > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh >> > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh >> > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh >> > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh >> > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh >> > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh >> > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh >> > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh >> > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh >> > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh >> > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh >> > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh >> > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh >> > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh >> > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh >> > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh >> > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh >> > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh >> > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh >> > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh >> >> Ok -- I think that we just resolved the last of the selinux test suite saga by properly >> >> The difference between your suggested patch above and what I committed >> was the line were it determined LTPROOT. Assuming that LTPROOT is the >> directory where the script was run isn't a smart idea, and I'm pretty >> sure that you were doing this purely because test_selinux.sh was in >> your path. > > So you require that the test script be invoked by absolute path, ala: > $ /opt/ltp/testscripts/test_selinux.sh > > I was invoking the tests via: > $ cd /opt/ltp > $ ./testscripts/test_selinux.sh > > The latter won't work with your current LTPROOT definition; it will end > up with a LTPROOT=. and LTPBIN=./testcases/bin, which then won't work > when it gets referenced by the individual test scripts particularly when > they change to a subdirectory for a particular test. This yields a > couple of failures in the .log and 'No such file or directory' errors in > the .outfile. > >> After the above items were committed, this is the end result: >> >> Total Tests: 39 >> Total Failures: 0 >> Kernel Version: 2.6.31.9-174.fc12.i686.PAE >> Machine Architecture: i686 >> Hostname: localhost.localdomain >> >> I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...? > > When invoked via cd /opt/ltp && ./testscripts/test_selinux.sh I get the > following errors in the .outfile: > > chcon: cannot access `selinux_wait_io': No such file or directory > ./testcases/bin/selinux_file.sh: line 188: tst_resm: command not found > runcon: selinux_wait_parent: No such file or directory > ./testcases/bin/selinux_wait.sh: line 35: tst_resm: command not found > runcon: selinux_wait_parent: No such file or directory > ./testcases/bin/selinux_wait.sh: line 51: tst_resm: command not found > > The first message actually shows up even when invoked > via /opt/ltp/testscripts/test_selinux.sh, although it doesn't appear to > cause any FAIL in that case. The test_resm messages are odd - is that > not getting defined anywhere? Ok. Send me a patch that does a readlink -f of the LTPPATH and set your PATH to include $LTPROOT/testcases/bin, and you'll be good to go -- thanks! -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-27 22:37 ` Garrett Cooper @ 2010-01-28 5:56 ` Garrett Cooper 2010-01-28 14:02 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-28 5:56 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Wed, Jan 27, 2010 at 2:37 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > On Wed, Jan 27, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On Tue, 2010-01-26 at 22:34 -0800, Garrett Cooper wrote: >>> On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote: >>> >>> > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote: >>> >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote: >>> >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: >>> >>>> Quoting Garrett Cooper (yanegomi@gmail.com): >>> >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote: >>> >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>> >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com): >>> >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov): >>> >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >>> >>>>>>>>>>> Fails with: >>> >>>>>>>>>>> cp: cannot stat >>> >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >>> >>>>>>>>>> >>> >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >>> >>>>>>>>>> >>> >>>>>>>>>> I think we are supposed to actually be running >>> >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for >>> >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >>> >>>>>>>>>> testscript? Or should the policy sources be copied into /opt? >>> >>>>>>>>> >>> >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken. >>> >>>>>>>> >>> >>>>>>>> Yup. >>> >>>>>>> >>> >>>>>>> All right, baby-steps. >>> >>>>>>> >>> >>>>>>> The attached test_selinux.diff is not to be applied, but something >>> >>>>>>> like it is needed. Should we have the ltp 'make install' fill in >>> >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, >>> >>>>>>> that is the issue I was saying is shared between test_selinux.sh >>> >>>>>>> and some others including test_robind.sh. That's why I'm not just >>> >>>>>>> sending a patch to make it work, bc i think we need more general >>> >>>>>>> guidance. >>> >>>>>>> >>> >>>>>>> The second match makes the 'make load' part of test_selinux.sh >>> >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora? >>> >>>>>>> >>> >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's >>> >>>>>>> get policy loading working first. >>> >>>>>>> >>> >>>>>>> -serge >>> >>>>>> >>> >>>>>> gah, attaching the actual patches this time. >>> >>>>>> >>> >>>>>> -serge >>> >>>>> >>> >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp >>> >>>>> hardcoded as LTPROOT. >>> >>>> >>> >>>> I said 'not to be applied'. You're not rejecting. >>> >>>> >>> >>>>> 2. Why is the redhat stuff support to work >>> >>>>> agnostic to the major and minor version? >>> >>>> >>> >>>> It's not agnostic to the major version. Only the minor version. >>> >>>> >>> >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) >>> >>>> i suppose we can just get rid of rhel4 support selinux-testsuite. >>> >>> >>> >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it >>> >>> shouldn't be removed today. 2. I've finally decided that I'm going to >>> >>> look outside of the box into providing equivalent functionality via >>> >>> shell functions using purely built-in commands [and test(1)] to fill >>> >>> in the feature gaps for make 3.80. I've gotten to the point where I >>> >>> just gave up trying to ride out what I possibly can in make 3.80, so >>> >>> it's time to pull in some external pieces to get the job done. >>> >> >>> >> All of the install junk works now, but the modes need fixing, or >>> >> some such fun. Please analyze the test_selinux.sh script and tell me >>> >> what to commit next to fix everything. >>> > >>> > Hi Garrett, >>> > >>> > I needed to apply the patch below to make test_selinux.sh run >>> > successfully on Fedora 12. The problems were: >>> > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to >>> > problems with invoking everything else. Note that I invoke it by doing: >>> > cd /opt/ltp && ./testscripts/test_selinux.sh >>> > and thus $0 is a relative path, whereas we want an absolute one. >>> > - You don't need to cd to $POLICYDIR at all since you specify >>> > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on >>> > the installed policy module. >>> > - The attempt to extract paths from runtest/selinux and invoke chcon on >>> > them wasn't working as $LTPROOT wasn't being expanded; easier to just do >>> > a chcon -R there as before. >>> > - runtest/selinux had the wrong paths to the test programs (or >>> > alternatively, they aren't being installed to the right location - they >>> > all get installed directly to $LTPROOT/testcases/bin. >>> > >>> > Index: testscripts/test_selinux.sh >>> > =================================================================== >>> > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v >>> > retrieving revision 1.20 >>> > diff -u -r1.20 test_selinux.sh >>> > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20 >>> > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000 >>> > @@ -37,15 +37,14 @@ >>> > fi >>> > >>> > # set the LTPROOT directory >>> > -LTPROOT=${LTPROOT:=${0%/*}} >>> > -cd "$LTPROOT" >>> > +LTPROOT=`pwd` >>> > export TMP=${TMP:-/tmp} >>> > -# If we're in the testscripts directory, go down a dir.. >>> > +# If we're in the testscripts directory, go up a dir.. >>> > LTPROOT_TMP=${LTPROOT%/testscripts} >>> > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ] >>> > then >>> > cd .. >>> > - LTPROOT=$LTPROOT_TMP >>> > + LTPROOT=`pwd` >>> > fi >>> > export LTPROOT >>> > unset LTPROOT_TMP >>> > @@ -89,7 +88,6 @@ >>> > >>> > # install the test policy... >>> > echo "Installing test_policy module..." >>> > -cd $POLICYDIR >>> > if ! semodule -i $POLICYDIR/test_policy.pp; then >>> > echo "Failed to install test_policy module, aborting test run." >>> > config_unset_expandcheck >>> > @@ -100,9 +98,6 @@ >>> > >>> > config_unset_expandcheck >>> > >>> > -# go back to test's root directory >>> > -cd $LTPROOT >>> > - >>> > echo "Running the SELinux testsuite..." >>> > >>> > mkdir $TMP/selinux > /dev/null 2>&1 >>> > @@ -112,8 +107,7 @@ >>> > # The ../testcases/bin directory needs to have the test_file_t type. >>> > # Save and restore later. >>> > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` >>> > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \ >>> > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux") >>> > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin >>> > >>> > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \ >>> > -l $LTPROOT/results/selinux.logfile \ >>> > @@ -127,7 +121,6 @@ >>> > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin >>> > >>> > echo "Removing test_policy module..." >>> > -cd $POLICYDIR >>> > if ! semodule -r test_policy; then >>> > echo "Failed to remove test_policy module." >>> > exit 1 >>> > Index: runtest/selinux >>> > =================================================================== >>> > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v >>> > retrieving revision 1.4 >>> > diff -u -r1.4 selinux >>> > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4 >>> > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000 >>> > @@ -1,40 +1,40 @@ >>> > #DESCRIPTION:Security-Enhanced Linux >>> > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh >>> > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh >>> > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh >>> > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh >>> > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh >>> > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh >>> > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh >>> > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh >>> > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh >>> > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh >>> > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh >>> > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh >>> > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh >>> > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh >>> > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh >>> > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh >>> > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh >>> > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh >>> > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh >>> > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh >>> > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh >>> > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh >>> > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh >>> > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh >>> > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh >>> > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh >>> > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh >>> > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh >>> > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh >>> > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh >>> > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh >>> > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh >>> > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh >>> > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh >>> > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh >>> > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh >>> > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh >>> > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh >>> > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh >>> > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh >>> > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh >>> > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh >>> > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh >>> > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh >>> > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh >>> > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh >>> > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh >>> > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh >>> > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh >>> > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh >>> > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh >>> > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh >>> > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh >>> > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh >>> > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh >>> > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh >>> > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh >>> > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh >>> > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh >>> > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh >>> > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh >>> > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh >>> > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh >>> > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh >>> > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh >>> > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh >>> > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh >>> > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh >>> > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh >>> > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh >>> > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh >>> > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh >>> > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh >>> > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh >>> > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh >>> > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh >>> > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh >>> > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh >>> >>> Ok -- I think that we just resolved the last of the selinux test suite saga by properly >>> >>> The difference between your suggested patch above and what I committed >>> was the line were it determined LTPROOT. Assuming that LTPROOT is the >>> directory where the script was run isn't a smart idea, and I'm pretty >>> sure that you were doing this purely because test_selinux.sh was in >>> your path. >> >> So you require that the test script be invoked by absolute path, ala: >> $ /opt/ltp/testscripts/test_selinux.sh >> >> I was invoking the tests via: >> $ cd /opt/ltp >> $ ./testscripts/test_selinux.sh >> >> The latter won't work with your current LTPROOT definition; it will end >> up with a LTPROOT=. and LTPBIN=./testcases/bin, which then won't work >> when it gets referenced by the individual test scripts particularly when >> they change to a subdirectory for a particular test. This yields a >> couple of failures in the .log and 'No such file or directory' errors in >> the .outfile. >> >>> After the above items were committed, this is the end result: >>> >>> Total Tests: 39 >>> Total Failures: 0 >>> Kernel Version: 2.6.31.9-174.fc12.i686.PAE >>> Machine Architecture: i686 >>> Hostname: localhost.localdomain >>> >>> I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...? >> >> When invoked via cd /opt/ltp && ./testscripts/test_selinux.sh I get the >> following errors in the .outfile: >> >> chcon: cannot access `selinux_wait_io': No such file or directory >> ./testcases/bin/selinux_file.sh: line 188: tst_resm: command not found >> runcon: selinux_wait_parent: No such file or directory >> ./testcases/bin/selinux_wait.sh: line 35: tst_resm: command not found >> runcon: selinux_wait_parent: No such file or directory >> ./testcases/bin/selinux_wait.sh: line 51: tst_resm: command not found >> >> The first message actually shows up even when invoked >> via /opt/ltp/testscripts/test_selinux.sh, although it doesn't appear to >> cause any FAIL in that case. The test_resm messages are odd - is that >> not getting defined anywhere? > > Ok. Send me a patch that does a readlink -f of the LTPPATH and set > your PATH to include $LTPROOT/testcases/bin, and you'll be good to go Nevermind. I just committed the change... please retest and hopefully all goes well for you this time around. Cheers, -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-28 5:56 ` Garrett Cooper @ 2010-01-28 14:02 ` Stephen Smalley 2010-01-28 15:10 ` Garrett Cooper 0 siblings, 1 reply; 69+ messages in thread From: Stephen Smalley @ 2010-01-28 14:02 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Wed, 2010-01-27 at 21:56 -0800, Garrett Cooper wrote: > On Wed, Jan 27, 2010 at 2:37 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > > Ok. Send me a patch that does a readlink -f of the LTPPATH and set > > your PATH to include $LTPROOT/testcases/bin, and you'll be good to go > > Nevermind. I just committed the change... please retest and > hopefully all goes well for you this time around. Looks good. Patch below fixes two bugs in the selinux tests, noticed by examining the selinux.outfile carefully for errors (No such file or directory, Segmentation fault). Index: testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh,v retrieving revision 1.10 diff -u -r1.10 selinux_file.sh --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 26 Jan 2010 07:05:02 -0000 1.10 +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 28 Jan 2010 13:50:31 -0000 @@ -47,7 +47,8 @@ # # Change the context of the test executable # - chcon -t fileop_exec_t selinux_wait_io 2>&1 > /dev/null + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} + chcon -t fileop_exec_t $LTPBIN/selinux_wait_io 2>&1 > /dev/null # # Get the SID of the good file. Index: testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c,v retrieving revision 1.4 diff -u -r1.4 selinux_shmat.c --- testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 13 Jan 2010 08:16:57 -0000 1.4 +++ testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 28 Jan 2010 13:50:31 -0000 @@ -40,7 +40,7 @@ return 1; buf = shmat(id, 0, 0); - error = (*buf == -1) ? -1 : 0; + error = (buf == (void*)-1) ? -1 : 0; printf("shmat: buf=%p, returned %d\n", buf, error); return error; } -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-28 14:02 ` Stephen Smalley @ 2010-01-28 15:10 ` Garrett Cooper 0 siblings, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-28 15:10 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Thu, Jan 28, 2010 at 6:02 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Wed, 2010-01-27 at 21:56 -0800, Garrett Cooper wrote: >> On Wed, Jan 27, 2010 at 2:37 PM, Garrett Cooper <yanegomi@gmail.com> wrote: >> > Ok. Send me a patch that does a readlink -f of the LTPPATH and set >> > your PATH to include $LTPROOT/testcases/bin, and you'll be good to go >> >> Nevermind. I just committed the change... please retest and >> hopefully all goes well for you this time around. > > Looks good. Patch below fixes two bugs in the selinux tests, noticed by > examining the selinux.outfile carefully for errors (No such file or > directory, Segmentation fault). > > Index: testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh,v > retrieving revision 1.10 > diff -u -r1.10 selinux_file.sh > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 26 Jan 2010 07:05:02 -0000 1.10 > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 28 Jan 2010 13:50:31 -0000 > @@ -47,7 +47,8 @@ > # > # Change the context of the test executable > # > - chcon -t fileop_exec_t selinux_wait_io 2>&1 > /dev/null > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin} > + chcon -t fileop_exec_t $LTPBIN/selinux_wait_io 2>&1 > /dev/null > > # > # Get the SID of the good file. > Index: testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c > =================================================================== > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c,v > retrieving revision 1.4 > diff -u -r1.4 selinux_shmat.c > --- testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 13 Jan 2010 08:16:57 -0000 1.4 > +++ testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 28 Jan 2010 13:50:31 -0000 > @@ -40,7 +40,7 @@ > return 1; > > buf = shmat(id, 0, 0); > - error = (*buf == -1) ? -1 : 0; > + error = (buf == (void*)-1) ? -1 : 0; > printf("shmat: buf=%p, returned %d\n", buf, error); > return error; > } Done -- thanks! -Garrett ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-11 19:55 ` Stephen Smalley 2010-01-11 20:19 ` Serge E. Hallyn @ 2010-01-12 8:43 ` Garrett Cooper 2010-01-12 13:08 ` Stephen Smalley 1 sibling, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-12 8:43 UTC (permalink / raw) To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list On Mon, Jan 11, 2010 at 11:55 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: >> Quoting Stephen Smalley (sds@tycho.nsa.gov): >> > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: >> > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote: >> > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: >> > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: >> > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: >> > > >>> >> > Thanks for the feedback and details Stephen. >> > > >>> >> > Would you be kind enough to try out the version from CVS to see >> > > >>> >> > whether or not it resolves your issue? You'll also need to update >> > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro >> > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as >> > > >>> >> > opposed to using rpm to query the release. >> > > >>> >> > Thanks, >> > > >>> >> > -Garrett >> > > >>> >> >> > > >>> >> The attempt to make the test policy immediately dies with: >> > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release >> > > >>> > >> > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that >> > > >>> > file to exist. But the script needs to handle it gracefully; we just >> > > >>> > use the generic test policy files in that situation. >> > > >>> >> > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)? >> > > >> >> > > >> On RHEL5, it can look like one of the following: >> > > >> Red Hat Enterprise Linux Server release 5 (Tikanga) >> > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga) >> > > >> Red Hat Enterprise Linux Client release 5 (Tikanga) >> > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga) >> > > > >> > > > Interesting. They switched over to more of the Fedora-style branding, maybe?. >> > > > >> > > > [garrcoop@halflife ~]$ cat /etc/redhat-release >> > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) >> > > >> > > Could you try again please :)? >> > >> > Fails with: >> > cp: cannot stat >> > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory >> >> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? >> >> I think we are supposed to actually be running >> /opt/ltp/testscripts/test_selinux.sh. So then the first question for >> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a >> testscript? Or should the policy sources be copied into /opt? > > Ok, but regardless: the refpolicy Makefile is still broken. Yes, it is (I don't have access to that package I think on my version of Fedora...). Please try the attached patch and let me know how it goes [the comments aren't as important as the `set -e' and `$(TEST_POLICY_DIR)/' removal on the cp(1) call]. Thanks, -Garrett Index: Makefile =================================================================== RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 8 Jan 2010 09:39:20 -0000 1.12 +++ Makefile 12 Jan 2010 08:40:23 -0000 @@ -69,15 +69,17 @@ TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) +# This is being done to preserve precedence; test_global.te must come first. +POLICY_FILES := test_global.te \ + $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) ifneq ($(CHECKPOLICY_VERS),24) POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) endif load: - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-12 8:43 ` Garrett Cooper @ 2010-01-12 13:08 ` Stephen Smalley 0 siblings, 0 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-12 13:08 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Tue, 2010-01-12 at 00:43 -0800, Garrett Cooper wrote: > On Mon, Jan 11, 2010 at 11:55 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > >> Quoting Stephen Smalley (sds@tycho.nsa.gov): > >> > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: > >> > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote: > >> > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: > >> > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > >> > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > >> > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > >> > > >>> >> > Thanks for the feedback and details Stephen. > >> > > >>> >> > Would you be kind enough to try out the version from CVS to see > >> > > >>> >> > whether or not it resolves your issue? You'll also need to update > >> > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro > >> > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as > >> > > >>> >> > opposed to using rpm to query the release. > >> > > >>> >> > Thanks, > >> > > >>> >> > -Garrett > >> > > >>> >> > >> > > >>> >> The attempt to make the test policy immediately dies with: > >> > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > >> > > >>> > > >> > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that > >> > > >>> > file to exist. But the script needs to handle it gracefully; we just > >> > > >>> > use the generic test policy files in that situation. > >> > > >>> > >> > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)? > >> > > >> > >> > > >> On RHEL5, it can look like one of the following: > >> > > >> Red Hat Enterprise Linux Server release 5 (Tikanga) > >> > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga) > >> > > >> Red Hat Enterprise Linux Client release 5 (Tikanga) > >> > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga) > >> > > > > >> > > > Interesting. They switched over to more of the Fedora-style branding, maybe?. > >> > > > > >> > > > [garrcoop@halflife ~]$ cat /etc/redhat-release > >> > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) > >> > > > >> > > Could you try again please :)? > >> > > >> > Fails with: > >> > cp: cannot stat > >> > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory > >> > >> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > >> > >> I think we are supposed to actually be running > >> /opt/ltp/testscripts/test_selinux.sh. So then the first question for > >> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > >> testscript? Or should the policy sources be copied into /opt? > > > > Ok, but regardless: the refpolicy Makefile is still broken. > > Yes, it is (I don't have access to that package I think on my > version of Fedora...). Please try the attached patch and let me know > how it goes [the comments aren't as important as the `set -e' and > `$(TEST_POLICY_DIR)/' removal on the cp(1) call]. > Thanks, > -Garrett The patch was whitespace-damaged, so I had to fix it up by hand. Now a 'make' in the refpolicy directory yields: (cd "/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic" && cat test_global.te test_bounds.te test_capable_file.te test_capable_net.te test_capable_sys.te test_dyntrace.te test_dyntrans.te test_entrypoint.te test_execshare.te test_exectrace.te test_execute_no_trans.te test_fdreceive.te test_file.te test_inherit.te test_ioctl.te test_ipc.te test_link.te test_mkdir.te test_open.te test_ptrace.te test_readlink.te test_relabel.te test_rename.te test_rxdir.te test_setattr.te test_setnice.te test_sigkill.te test_stat.te test_sysctl.te test_task_create.te test_task_getpgid.te test_task_getsched.te test_task_getsid.te test_task_setpgid.te test_task_setsched.te test_transition.te test_wait.te) > test_policy.te And a 'make load' successfully loads that. On recent Fedora you don't need any additional packages; /usr/share/selinux/devel is shipped as part of selinux-policy these days rather than as a separate selinux-policy-devel package. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley 2010-01-06 17:18 ` Serge E. Hallyn 2010-01-06 18:50 ` Serge E. Hallyn @ 2010-01-06 18:58 ` Serge E. Hallyn 2010-01-07 9:05 ` Garrett Cooper 2010-01-07 9:18 ` Garrett Cooper 3 siblings, 1 reply; 69+ messages in thread From: Serge E. Hallyn @ 2010-01-06 18:58 UTC (permalink / raw) To: Garrett Cooper, Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris Quoting Stephen Smalley (sds@tycho.nsa.gov): > It seems the Makefile rewrite last October broke the selinux testsuite. > Is it unreasonable to expect that someone who rewrote the Makefile would > actually try running the testsuite? > > Please, revert the changes or fix them. > > See testcases/kernel/security/selinux-testsuite/README for the > instructions. Ok, Garrett, two particular scripts that are broken since the move to running out of /opt/ltp are test_robind.sh test_selinux.sh Guidance? thanks, -serge ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 18:58 ` Serge E. Hallyn @ 2010-01-07 9:05 ` Garrett Cooper 2010-01-07 19:23 ` Stephen Smalley 0 siblings, 1 reply; 69+ messages in thread From: Garrett Cooper @ 2010-01-07 9:05 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris On Wed, Jan 6, 2010 at 10:58 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > Quoting Stephen Smalley (sds@tycho.nsa.gov): >> It seems the Makefile rewrite last October broke the selinux testsuite. >> Is it unreasonable to expect that someone who rewrote the Makefile would >> actually try running the testsuite? >> >> Please, revert the changes or fix them. >> >> See testcases/kernel/security/selinux-testsuite/README for the >> instructions. > > Ok, Garrett, two particular scripts that are broken since the move > to running out of /opt/ltp are > test_robind.sh > test_selinux.sh > > Guidance? I need output in order to judge what needs to be fixed. Gentoo doesn't have a selinux policy package (at least not in portage), thus I cannot run the tests as they're Redhat centric. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-07 9:05 ` Garrett Cooper @ 2010-01-07 19:23 ` Stephen Smalley 0 siblings, 0 replies; 69+ messages in thread From: Stephen Smalley @ 2010-01-07 19:23 UTC (permalink / raw) To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list On Thu, 2010-01-07 at 01:05 -0800, Garrett Cooper wrote: > On Wed, Jan 6, 2010 at 10:58 AM, Serge E. Hallyn <serue@us.ibm.com> wrote: > > Quoting Stephen Smalley (sds@tycho.nsa.gov): > >> It seems the Makefile rewrite last October broke the selinux testsuite. > >> Is it unreasonable to expect that someone who rewrote the Makefile would > >> actually try running the testsuite? > >> > >> Please, revert the changes or fix them. > >> > >> See testcases/kernel/security/selinux-testsuite/README for the > >> instructions. > > > > Ok, Garrett, two particular scripts that are broken since the move > > to running out of /opt/ltp are > > test_robind.sh > > test_selinux.sh > > > > Guidance? > > I need output in order to judge what needs to be fixed. Gentoo > doesn't have a selinux policy package (at least not in portage), thus > I cannot run the tests as they're Redhat centric. To start, we need to get the test policy to build again. Bad: $ cd testcases/kernel/security/selinux-testsuite/refpolicy/ $ make (cd "/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy" && cat *.te) > "test_policy.te"; cat: test_policy.te: input file is output file make: *** [test_policy.te] Error 1 Good: $ cvs update -r1.7 Makefile P Makefile # make make[1]: Entering directory `/usr/share/selinux/devel' rm -fR tmp rm -f *.pp Compiling targeted test_policy module /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod Creating targeted test_policy.pp policy package rm tmp/test_policy.mod tmp/test_policy.mod.fc make[1]: Leaving directory `/usr/share/selinux/devel' I tried tweaking your Makefile to no avail. Some obvious errors in the new Makefile: - It has mixed use of REDHAT_VERS and REDHAT_VER, POLICY_DEVEL and POLICYDEVEL. - test_bounds.te is only to be included if checkpolicy supports version 24, not filtered out in that case. - Only test_policy.* is to be copied to $POLICYDEVEL, not the individual .te files that are concatenated into it. - test_policy.te should be regenerated every time or made conditional on all of the individual .te files _and_ the directory (in case a .te file is removed or added). Less likely to miss if we just always regenerate it as in the original makefile. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October 2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley ` (2 preceding siblings ...) 2010-01-06 18:58 ` Serge E. Hallyn @ 2010-01-07 9:18 ` Garrett Cooper 3 siblings, 0 replies; 69+ messages in thread From: Garrett Cooper @ 2010-01-07 9:18 UTC (permalink / raw) To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris On Wed, Jan 6, 2010 at 7:25 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > It seems the Makefile rewrite last October broke the selinux testsuite. > Is it unreasonable to expect that someone who rewrote the Makefile would > actually try running the testsuite? Unfortunately I don't have access to older copies of RHEL, thus I shoot in the dark sometimes hoping that things work on Fedora 11 (not often), Gentoo (all the time now) and Ubuntu (periodically), which run newer packages and have newer kernels... I shot myself in the foot by not running this on Fedora because Redhat distros have all of the SELinux junk built in by default, or available for inclusion. In general if you want support, there are three options: 1. Give me a machine to develop on (even if it's a few cycles a week, month, whatever), so I can avoid breakage. The more architectures the better as many issues crop up with system calls, architectural differences, and a gamut of other wonderful problems. This is particularly true on Linux at the kernel level I've discovered because 2. Please become a guinea pig and help me test the changes and report them as soon as possible. 3. Isolate, test, develop, and submit a patch. I need this (1. / 2.) basic assistance otherwise I can't guarantee that stuff WILL work because everyone and their brother who's designed Linux distro X-Y-Z has been consistently inconsistent as far as where and how things are defined. > Please, revert the changes or fix them. Moving forward is the only option unless the change is so ridiculously illogical or unnecessary that it warrants reverting it. selinux will be enabled via configurable / inclusive via configure sometime in the future -- thus why _shouldn't_ the selinux Makefiles be migrated as well? > See testcases/kernel/security/selinux-testsuite/README for the > instructions. Ok. This is a start... time to fire up my Fedora VM... Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 69+ messages in thread
end of thread, other threads:[~2010-01-28 15:10 UTC | newest] Thread overview: 69+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley 2010-01-06 17:18 ` Serge E. Hallyn 2010-01-07 9:04 ` Garrett Cooper 2010-01-06 18:50 ` Serge E. Hallyn 2010-01-07 19:40 ` Stephen Smalley 2010-01-08 18:20 ` Garrett Cooper 2010-01-08 18:45 ` Stephen Smalley 2010-01-08 18:50 ` Stephen Smalley 2010-01-08 21:38 ` Garrett Cooper 2010-01-08 22:00 ` Stephen Smalley 2010-01-08 22:08 ` Garrett Cooper 2010-01-09 7:27 ` Garrett Cooper 2010-01-11 19:12 ` Stephen Smalley 2010-01-11 19:50 ` Serge E. Hallyn 2010-01-11 19:55 ` Stephen Smalley 2010-01-11 20:19 ` Serge E. Hallyn 2010-01-11 20:58 ` Serge E. Hallyn 2010-01-11 21:00 ` Serge E. Hallyn 2010-01-11 21:31 ` Serge E. Hallyn 2010-01-12 8:36 ` Garrett Cooper 2010-01-12 13:16 ` Stephen Smalley 2010-01-12 16:55 ` Garrett Cooper 2010-01-12 17:19 ` Garrett Cooper 2010-01-12 17:24 ` Garrett Cooper 2010-01-12 17:26 ` Garrett Cooper 2010-01-12 19:12 ` Stephen Smalley 2010-01-13 6:51 ` Garrett Cooper 2010-01-13 6:54 ` Garrett Cooper 2010-01-13 13:43 ` Stephen Smalley 2010-01-13 18:52 ` Garrett Cooper 2010-01-13 19:18 ` Stephen Smalley 2010-01-13 19:37 ` Garrett Cooper 2010-01-13 19:49 ` Stephen Smalley 2010-01-13 21:58 ` Garrett Cooper 2010-01-13 22:00 ` Serge E. Hallyn 2010-01-13 22:03 ` Stephen Smalley 2010-01-13 22:49 ` Garrett Cooper 2010-01-14 14:07 ` Stephen Smalley 2010-01-14 20:10 ` Garrett Cooper 2010-01-14 20:35 ` Stephen Smalley 2010-01-14 20:44 ` Stephen Smalley 2010-01-14 21:29 ` Garrett Cooper 2010-01-14 21:32 ` Garrett Cooper 2010-01-14 21:59 ` Stephen Smalley 2010-01-14 22:31 ` Stephen Smalley 2010-01-15 4:22 ` Garrett Cooper 2010-01-15 4:44 ` Garrett Cooper 2010-01-15 14:11 ` Stephen Smalley 2010-01-15 14:17 ` Stephen Smalley 2010-01-12 8:29 ` Garrett Cooper 2010-01-12 13:00 ` Stephen Smalley 2010-01-12 15:38 ` Serge E. Hallyn 2010-01-12 16:56 ` Garrett Cooper 2010-01-12 18:51 ` Stephen Smalley 2010-01-15 17:48 ` Garrett Cooper 2010-01-26 8:31 ` Garrett Cooper 2010-01-26 14:30 ` Stephen Smalley 2010-01-27 6:34 ` Garrett Cooper 2010-01-27 19:12 ` Stephen Smalley 2010-01-27 22:37 ` Garrett Cooper 2010-01-28 5:56 ` Garrett Cooper 2010-01-28 14:02 ` Stephen Smalley 2010-01-28 15:10 ` Garrett Cooper 2010-01-12 8:43 ` Garrett Cooper 2010-01-12 13:08 ` Stephen Smalley 2010-01-06 18:58 ` Serge E. Hallyn 2010-01-07 9:05 ` Garrett Cooper 2010-01-07 19:23 ` Stephen Smalley 2010-01-07 9:18 ` Garrett Cooper
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.