* [LTP] regression: selinux testsuite broken since October
@ 2010-01-06 15:25 Stephen Smalley
2010-01-06 17:18 ` Serge E. Hallyn
` (3 more replies)
0 siblings, 4 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-06 15:25 UTC (permalink / raw)
To: ltp-list; +Cc: James Morris, Eric Paris
It seems the Makefile rewrite last October broke the selinux testsuite.
Is it unreasonable to expect that someone who rewrote the Makefile would
actually try running the testsuite?
Please, revert the changes or fix them.
See testcases/kernel/security/selinux-testsuite/README for the
instructions.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley
@ 2010-01-06 17:18 ` Serge E. Hallyn
2010-01-07 9:04 ` Garrett Cooper
2010-01-06 18:50 ` Serge E. Hallyn
` (2 subsequent siblings)
3 siblings, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-06 17:18 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> It seems the Makefile rewrite last October broke the selinux testsuite.
> Is it unreasonable to expect that someone who rewrote the Makefile would
> actually try running the testsuite?
>
> Please, revert the changes or fix them.
>
> See testcases/kernel/security/selinux-testsuite/README for the
> instructions.
Seems I have a part in breakage as well. Here are patches to get the
execshare_parent to compile.
Now to get the policy to compile...
--- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2009-11-03 15:07:35.000000000 -0500
+++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2010-01-06 11:58:47.000000000 -0500
@@ -18,9 +18,12 @@
#include <selinux/selinux.h>
#include <selinux/context.h>
#include <sched.h>
+#include <test.h>
-int clone_fn(char **argv)
+int clone_fn(void *in)
{
+ char **argv = (char **) in;
+
execv(argv[3], argv+3);
perror(argv[3]);
return -1;
@@ -73,7 +76,7 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: unable to set exec context to %s\n", argv[0], context_s);
exit(-1);
}
- pid = ltp_clone_quick(cloneflags | SIGCHLD, child_fn, argv);
+ pid = ltp_clone_quick(cloneflags | SIGCHLD, clone_fn, argv);
if (pid < 0) {
perror("clone");
exit(-1);
--- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2009-10-09 13:55:51.000000000 -0400
+++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2010-01-06 11:53:53.000000000 -0500
@@ -25,6 +25,6 @@ top_srcdir ?= ../../../../.
include $(top_srcdir)/include/mk/env_pre.mk
include $(abs_srcdir)/../Makefile.inc
-LDLIBS += -lselinux
+LDLIBS += -lselinux -lltp
include $(top_srcdir)/include/mk/generic_leaf_target.mk
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley
2010-01-06 17:18 ` Serge E. Hallyn
@ 2010-01-06 18:50 ` Serge E. Hallyn
2010-01-07 19:40 ` Stephen Smalley
2010-01-06 18:58 ` Serge E. Hallyn
2010-01-07 9:18 ` Garrett Cooper
3 siblings, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-06 18:50 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> It seems the Makefile rewrite last October broke the selinux testsuite.
> Is it unreasonable to expect that someone who rewrote the Makefile would
> actually try running the testsuite?
>
> Please, revert the changes or fix them.
>
> See testcases/kernel/security/selinux-testsuite/README for the
> instructions.
Frankly I think reverting the Makefiles is best since it doesn't get
auto-compiled anyway. The new Makefile is much longer and more complicated
for no apparent gain.
The following patch makes policy compilation work on rhel 5, but I doubt
it'll work anywhere else.
Running the testsuite still fails due to the change to running ltp from
a different dir (i.e.
/usr/bin/chcon: /root/ltp-full-20091231/testcases/bin: No such file or directory
).
-serge
diff -Nrup ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
--- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2009-10-10 19:53:29.000000000 -0400
+++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-06 13:43:19.000000000 -0500
@@ -33,19 +33,16 @@ CHECKPOLICY_VERS ?= $(shell $(CHECKPOLIC
CLEAN_TARGETS := test_policy.te
-INSTALL_TARGETS := *.te
+INSTALL_TARGETS := $(REDHAT_VERS)/*.te
+INSTALL_TARGETS_FULL := $(builddir)/redhat/$(REDHAT_VERS)/*.te
ifeq ($(CHECKPOLICY_VERS),24)
INSTALL_TARGETS := $(filter-out %/test_bounds.te,$(INSTALL_TARGETS))
+INSTALL_TARGES_FULL := $(filter-out %/test_bounds.te,$(INSTALL_TARGES_FULL))
endif
TE_SRCDIR := $(abs_srcdir)
-ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE)))
-ifneq ($(wildcard $(abs_srcdir)/redhat/$(REDHAT_VER)),)
-TE_SRCDIR := $(abs_srcdir)/redhat/$(REDHAT_VER)
-endif
-endif
.PHONY: all clean cleanup install load
@@ -60,14 +57,18 @@ cleanup:
install: all
# load remains for backwards compatibility...
-load: $(builddir)/test_policy.te
+load:
+ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE)))
+ $(MAKE) -C redhat/$(REDHAT_VERS)
+else
@if [ -d "$(POLICYDEVEL)" ]; then \
- cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS) $(POLICY_DEVEL); \
+ cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS_FULL) $(POLICYDEVEL); \
$(MAKE) -C $(POLICYDEVEL) clean test_policy.pp; \
$(SEMODULE) -i $(POLICYDEVEL)/test_policy.pp; \
else \
echo "ERROR: You must have selinux-policy-devel installed."; \
fi
+endif
$(builddir)/test_policy.te:
(cd "$(TE_SRCDIR)" && cat $(INSTALL_TARGETS)) > "$@";
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley
2010-01-06 17:18 ` Serge E. Hallyn
2010-01-06 18:50 ` Serge E. Hallyn
@ 2010-01-06 18:58 ` Serge E. Hallyn
2010-01-07 9:05 ` Garrett Cooper
2010-01-07 9:18 ` Garrett Cooper
3 siblings, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-06 18:58 UTC (permalink / raw)
To: Garrett Cooper, Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> It seems the Makefile rewrite last October broke the selinux testsuite.
> Is it unreasonable to expect that someone who rewrote the Makefile would
> actually try running the testsuite?
>
> Please, revert the changes or fix them.
>
> See testcases/kernel/security/selinux-testsuite/README for the
> instructions.
Ok, Garrett, two particular scripts that are broken since the move
to running out of /opt/ltp are
test_robind.sh
test_selinux.sh
Guidance?
thanks,
-serge
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 17:18 ` Serge E. Hallyn
@ 2010-01-07 9:04 ` Garrett Cooper
0 siblings, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-07 9:04 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Wed, Jan 6, 2010 at 9:18 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> It seems the Makefile rewrite last October broke the selinux testsuite.
>> Is it unreasonable to expect that someone who rewrote the Makefile would
>> actually try running the testsuite?
>>
>> Please, revert the changes or fix them.
>>
>> See testcases/kernel/security/selinux-testsuite/README for the
>> instructions.
>
> Seems I have a part in breakage as well. Here are patches to get the
> execshare_parent to compile.
>
> Now to get the policy to compile...
>
> --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2009-11-03 15:07:35.000000000 -0500
> +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 2010-01-06 11:58:47.000000000 -0500
> @@ -18,9 +18,12 @@
> #include <selinux/selinux.h>
> #include <selinux/context.h>
> #include <sched.h>
> +#include <test.h>
>
> -int clone_fn(char **argv)
> +int clone_fn(void *in)
> {
> + char **argv = (char **) in;
> +
> execv(argv[3], argv+3);
> perror(argv[3]);
> return -1;
> @@ -73,7 +76,7 @@ int main(int argc, char **argv)
> fprintf(stderr, "%s: unable to set exec context to %s\n", argv[0], context_s);
> exit(-1);
> }
> - pid = ltp_clone_quick(cloneflags | SIGCHLD, child_fn, argv);
> + pid = ltp_clone_quick(cloneflags | SIGCHLD, clone_fn, argv);
> if (pid < 0) {
> perror("clone");
> exit(-1);
>
> --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2009-10-09 13:55:51.000000000 -0400
> +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/tests/execshare/Makefile 2010-01-06 11:53:53.000000000 -0500
> @@ -25,6 +25,6 @@ top_srcdir ?= ../../../../.
> include $(top_srcdir)/include/mk/env_pre.mk
> include $(abs_srcdir)/../Makefile.inc
>
> -LDLIBS += -lselinux
> +LDLIBS += -lselinux -lltp
>
> include $(top_srcdir)/include/mk/generic_leaf_target.mk
Committed.
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 18:58 ` Serge E. Hallyn
@ 2010-01-07 9:05 ` Garrett Cooper
2010-01-07 19:23 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-07 9:05 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Wed, Jan 6, 2010 at 10:58 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> It seems the Makefile rewrite last October broke the selinux testsuite.
>> Is it unreasonable to expect that someone who rewrote the Makefile would
>> actually try running the testsuite?
>>
>> Please, revert the changes or fix them.
>>
>> See testcases/kernel/security/selinux-testsuite/README for the
>> instructions.
>
> Ok, Garrett, two particular scripts that are broken since the move
> to running out of /opt/ltp are
> test_robind.sh
> test_selinux.sh
>
> Guidance?
I need output in order to judge what needs to be fixed. Gentoo
doesn't have a selinux policy package (at least not in portage), thus
I cannot run the tests as they're Redhat centric.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley
` (2 preceding siblings ...)
2010-01-06 18:58 ` Serge E. Hallyn
@ 2010-01-07 9:18 ` Garrett Cooper
3 siblings, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-07 9:18 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
On Wed, Jan 6, 2010 at 7:25 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> It seems the Makefile rewrite last October broke the selinux testsuite.
> Is it unreasonable to expect that someone who rewrote the Makefile would
> actually try running the testsuite?
Unfortunately I don't have access to older copies of RHEL, thus I
shoot in the dark sometimes hoping that things work on Fedora 11 (not
often), Gentoo (all the time now) and Ubuntu (periodically), which run
newer packages and have newer kernels... I shot myself in the foot by
not running this on Fedora because Redhat distros have all of the
SELinux junk built in by default, or available for inclusion.
In general if you want support, there are three options:
1. Give me a machine to develop on (even if it's a few cycles a
week, month, whatever), so I can avoid breakage. The more
architectures the better as many issues crop up with system calls,
architectural differences, and a gamut of other wonderful problems.
This is particularly true on Linux at the kernel level I've discovered
because
2. Please become a guinea pig and help me test the changes and
report them as soon as possible.
3. Isolate, test, develop, and submit a patch.
I need this (1. / 2.) basic assistance otherwise I can't guarantee
that stuff WILL work because everyone and their brother who's designed
Linux distro X-Y-Z has been consistently inconsistent as far as where
and how things are defined.
> Please, revert the changes or fix them.
Moving forward is the only option unless the change is so ridiculously
illogical or unnecessary that it warrants reverting it. selinux will
be enabled via configurable / inclusive via configure sometime in the
future -- thus why _shouldn't_ the selinux Makefiles be migrated as
well?
> See testcases/kernel/security/selinux-testsuite/README for the
> instructions.
Ok. This is a start... time to fire up my Fedora VM...
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-07 9:05 ` Garrett Cooper
@ 2010-01-07 19:23 ` Stephen Smalley
0 siblings, 0 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-07 19:23 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Thu, 2010-01-07 at 01:05 -0800, Garrett Cooper wrote:
> On Wed, Jan 6, 2010 at 10:58 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >> It seems the Makefile rewrite last October broke the selinux testsuite.
> >> Is it unreasonable to expect that someone who rewrote the Makefile would
> >> actually try running the testsuite?
> >>
> >> Please, revert the changes or fix them.
> >>
> >> See testcases/kernel/security/selinux-testsuite/README for the
> >> instructions.
> >
> > Ok, Garrett, two particular scripts that are broken since the move
> > to running out of /opt/ltp are
> > test_robind.sh
> > test_selinux.sh
> >
> > Guidance?
>
> I need output in order to judge what needs to be fixed. Gentoo
> doesn't have a selinux policy package (at least not in portage), thus
> I cannot run the tests as they're Redhat centric.
To start, we need to get the test policy to build again.
Bad:
$ cd testcases/kernel/security/selinux-testsuite/refpolicy/
$ make
(cd "/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy" && cat *.te) > "test_policy.te";
cat: test_policy.te: input file is output file
make: *** [test_policy.te] Error 1
Good:
$ cvs update -r1.7 Makefile
P Makefile
# make
make[1]: Entering directory `/usr/share/selinux/devel'
rm -fR tmp
rm -f *.pp
Compiling targeted test_policy module
/usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
Creating targeted test_policy.pp policy package
rm tmp/test_policy.mod tmp/test_policy.mod.fc
make[1]: Leaving directory `/usr/share/selinux/devel'
I tried tweaking your Makefile to no avail. Some obvious errors in the
new Makefile:
- It has mixed use of REDHAT_VERS and REDHAT_VER, POLICY_DEVEL and
POLICYDEVEL.
- test_bounds.te is only to be included if checkpolicy supports version
24, not filtered out in that case.
- Only test_policy.* is to be copied to $POLICYDEVEL, not the
individual .te files that are concatenated into it.
- test_policy.te should be regenerated every time or made conditional on
all of the individual .te files _and_ the directory (in case a .te file
is removed or added). Less likely to miss if we just always regenerate
it as in the original makefile.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-06 18:50 ` Serge E. Hallyn
@ 2010-01-07 19:40 ` Stephen Smalley
2010-01-08 18:20 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-07 19:40 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris
On Wed, 2010-01-06 at 12:50 -0600, Serge E. Hallyn wrote:
> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > It seems the Makefile rewrite last October broke the selinux testsuite.
> > Is it unreasonable to expect that someone who rewrote the Makefile would
> > actually try running the testsuite?
> >
> > Please, revert the changes or fix them.
> >
> > See testcases/kernel/security/selinux-testsuite/README for the
> > instructions.
>
> Frankly I think reverting the Makefiles is best since it doesn't get
> auto-compiled anyway. The new Makefile is much longer and more complicated
> for no apparent gain.
>
> The following patch makes policy compilation work on rhel 5, but I doubt
> it'll work anywhere else.
Right, this won't work for Fedora.
> Running the testsuite still fails due to the change to running ltp from
> a different dir (i.e.
> /usr/bin/chcon: /root/ltp-full-20091231/testcases/bin: No such file or directory
> ).
>
> -serge
>
> diff -Nrup ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2009-10-10 19:53:29.000000000 -0400
> +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-06 13:43:19.000000000 -0500
> @@ -33,19 +33,16 @@ CHECKPOLICY_VERS ?= $(shell $(CHECKPOLIC
>
> CLEAN_TARGETS := test_policy.te
>
> -INSTALL_TARGETS := *.te
> +INSTALL_TARGETS := $(REDHAT_VERS)/*.te
> +INSTALL_TARGETS_FULL := $(builddir)/redhat/$(REDHAT_VERS)/*.te
Using the .te files under redhat/$(REDHAT_VERS) needs to be conditional
on actually running on rhel. There was logic for that down below but
it looks like it has a typo.
> ifeq ($(CHECKPOLICY_VERS),24)
> INSTALL_TARGETS := $(filter-out %/test_bounds.te,$(INSTALL_TARGETS))
> +INSTALL_TARGES_FULL := $(filter-out %/test_bounds.te,$(INSTALL_TARGES_FULL))
Typo: TARGES vs TARGETS
> endif
>
> TE_SRCDIR := $(abs_srcdir)
>
> -ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE)))
> -ifneq ($(wildcard $(abs_srcdir)/redhat/$(REDHAT_VER)),)
> -TE_SRCDIR := $(abs_srcdir)/redhat/$(REDHAT_VER)
> -endif
> -endif
This is what should have pulled in the redhat/5 .te files, but it seems
buggy - there is a typo (VER vs VERS) and I'm not sure why there is the
inner ifneq block - that didn't exist in the original Makefile.
> .PHONY: all clean cleanup install load
>
> @@ -60,14 +57,18 @@ cleanup:
> install: all
>
> # load remains for backwards compatibility...
> -load: $(builddir)/test_policy.te
> +load:
> +ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE)))
> + $(MAKE) -C redhat/$(REDHAT_VERS)
> +else
This reverts to what was in the original Makefile, which takes us back
to just using the makefile down in redhat/5, which wasn't updated.
> @if [ -d "$(POLICYDEVEL)" ]; then \
> - cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS) $(POLICY_DEVEL); \
> + cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS_FULL) $(POLICYDEVEL); \
Only test_policy.* should be copied to $POLICYDEVEL, not the
individual .te files.
> $(MAKE) -C $(POLICYDEVEL) clean test_policy.pp; \
> $(SEMODULE) -i $(POLICYDEVEL)/test_policy.pp; \
> else \
> echo "ERROR: You must have selinux-policy-devel installed."; \
> fi
> +endif
>
> $(builddir)/test_policy.te:
> (cd "$(TE_SRCDIR)" && cat $(INSTALL_TARGETS)) > "$@";
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-07 19:40 ` Stephen Smalley
@ 2010-01-08 18:20 ` Garrett Cooper
2010-01-08 18:45 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-08 18:20 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Thu, Jan 7, 2010 at 11:40 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Wed, 2010-01-06 at 12:50 -0600, Serge E. Hallyn wrote:
>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> > It seems the Makefile rewrite last October broke the selinux testsuite.
>> > Is it unreasonable to expect that someone who rewrote the Makefile would
>> > actually try running the testsuite?
>> >
>> > Please, revert the changes or fix them.
>> >
>> > See testcases/kernel/security/selinux-testsuite/README for the
>> > instructions.
>>
>> Frankly I think reverting the Makefiles is best since it doesn't get
>> auto-compiled anyway. The new Makefile is much longer and more complicated
>> for no apparent gain.
>>
>> The following patch makes policy compilation work on rhel 5, but I doubt
>> it'll work anywhere else.
>
> Right, this won't work for Fedora.
>
>> Running the testsuite still fails due to the change to running ltp from
>> a different dir (i.e.
>> /usr/bin/chcon: /root/ltp-full-20091231/testcases/bin: No such file or directory
>> ).
>>
>> -serge
>>
>> diff -Nrup ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
>> --- ltp-full-20091231.orig/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2009-10-10 19:53:29.000000000 -0400
>> +++ ltp-full-20091231/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-06 13:43:19.000000000 -0500
>> @@ -33,19 +33,16 @@ CHECKPOLICY_VERS ?= $(shell $(CHECKPOLIC
>>
>> CLEAN_TARGETS := test_policy.te
>>
>> -INSTALL_TARGETS := *.te
>> +INSTALL_TARGETS := $(REDHAT_VERS)/*.te
>> +INSTALL_TARGETS_FULL := $(builddir)/redhat/$(REDHAT_VERS)/*.te
>
> Using the .te files under redhat/$(REDHAT_VERS) needs to be conditional
> on actually running on rhel. There was logic for that down below but
> it looks like it has a typo.
>
>> ifeq ($(CHECKPOLICY_VERS),24)
>> INSTALL_TARGETS := $(filter-out %/test_bounds.te,$(INSTALL_TARGETS))
>> +INSTALL_TARGES_FULL := $(filter-out %/test_bounds.te,$(INSTALL_TARGES_FULL))
>
> Typo: TARGES vs TARGETS
>
>> endif
>>
>> TE_SRCDIR := $(abs_srcdir)
>>
>> -ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE)))
>> -ifneq ($(wildcard $(abs_srcdir)/redhat/$(REDHAT_VER)),)
>> -TE_SRCDIR := $(abs_srcdir)/redhat/$(REDHAT_VER)
>> -endif
>> -endif
>
> This is what should have pulled in the redhat/5 .te files, but it seems
> buggy - there is a typo (VER vs VERS) and I'm not sure why there is the
> inner ifneq block - that didn't exist in the original Makefile.
>
>> .PHONY: all clean cleanup install load
>>
>> @@ -60,14 +57,18 @@ cleanup:
>> install: all
>>
>> # load remains for backwards compatibility...
>> -load: $(builddir)/test_policy.te
>> +load:
>> +ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE)))
>> + $(MAKE) -C redhat/$(REDHAT_VERS)
>> +else
>
> This reverts to what was in the original Makefile, which takes us back
> to just using the makefile down in redhat/5, which wasn't updated.
>
>> @if [ -d "$(POLICYDEVEL)" ]; then \
>> - cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS) $(POLICY_DEVEL); \
>> + cp -p $(builddir)/test_policy.* $(INSTALL_TARGETS_FULL) $(POLICYDEVEL); \
>
> Only test_policy.* should be copied to $POLICYDEVEL, not the
> individual .te files.
>
>> $(MAKE) -C $(POLICYDEVEL) clean test_policy.pp; \
>> $(SEMODULE) -i $(POLICYDEVEL)/test_policy.pp; \
>> else \
>> echo "ERROR: You must have selinux-policy-devel installed."; \
>> fi
>> +endif
>>
>> $(builddir)/test_policy.te:
>> (cd "$(TE_SRCDIR)" && cat $(INSTALL_TARGETS)) > "$@";
Thanks for the feedback and details Stephen.
Would you be kind enough to try out the version from CVS to see
whether or not it resolves your issue? You'll also need to update
$LTPROOT/scripts in order to use the new version as I added a distro
detection script which opens up /etc/redhat-release (for redhat) as
opposed to using rpm to query the release.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-08 18:20 ` Garrett Cooper
@ 2010-01-08 18:45 ` Stephen Smalley
2010-01-08 18:50 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-08 18:45 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> Thanks for the feedback and details Stephen.
> Would you be kind enough to try out the version from CVS to see
> whether or not it resolves your issue? You'll also need to update
> $LTPROOT/scripts in order to use the new version as I added a distro
> detection script which opens up /etc/redhat-release (for redhat) as
> opposed to using rpm to query the release.
> Thanks,
> -Garrett
The attempt to make the test policy immediately dies with:
detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-08 18:45 ` Stephen Smalley
@ 2010-01-08 18:50 ` Stephen Smalley
2010-01-08 21:38 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-08 18:50 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> > Thanks for the feedback and details Stephen.
> > Would you be kind enough to try out the version from CVS to see
> > whether or not it resolves your issue? You'll also need to update
> > $LTPROOT/scripts in order to use the new version as I added a distro
> > detection script which opens up /etc/redhat-release (for redhat) as
> > opposed to using rpm to query the release.
> > Thanks,
> > -Garrett
>
> The attempt to make the test policy immediately dies with:
> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
I should note that I'm running it on Fedora, so I wouldn't expect that
file to exist. But the script needs to handle it gracefully; we just
use the generic test policy files in that situation.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-08 18:50 ` Stephen Smalley
@ 2010-01-08 21:38 ` Garrett Cooper
2010-01-08 22:00 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-08 21:38 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
>> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
>> > Thanks for the feedback and details Stephen.
>> > Would you be kind enough to try out the version from CVS to see
>> > whether or not it resolves your issue? You'll also need to update
>> > $LTPROOT/scripts in order to use the new version as I added a distro
>> > detection script which opens up /etc/redhat-release (for redhat) as
>> > opposed to using rpm to query the release.
>> > Thanks,
>> > -Garrett
>>
>> The attempt to make the test policy immediately dies with:
>> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
>
> I should note that I'm running it on Fedora, so I wouldn't expect that
> file to exist. But the script needs to handle it gracefully; we just
> use the generic test policy files in that situation.
What does /etc/redhat-release look like (feel free to reply to me off-list)?
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-08 21:38 ` Garrett Cooper
@ 2010-01-08 22:00 ` Stephen Smalley
2010-01-08 22:08 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-08 22:00 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> >> > Thanks for the feedback and details Stephen.
> >> > Would you be kind enough to try out the version from CVS to see
> >> > whether or not it resolves your issue? You'll also need to update
> >> > $LTPROOT/scripts in order to use the new version as I added a distro
> >> > detection script which opens up /etc/redhat-release (for redhat) as
> >> > opposed to using rpm to query the release.
> >> > Thanks,
> >> > -Garrett
> >>
> >> The attempt to make the test policy immediately dies with:
> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
> >
> > I should note that I'm running it on Fedora, so I wouldn't expect that
> > file to exist. But the script needs to handle it gracefully; we just
> > use the generic test policy files in that situation.
>
> What does /etc/redhat-release look like (feel free to reply to me off-list)?
On RHEL5, it can look like one of the following:
Red Hat Enterprise Linux Server release 5 (Tikanga)
Red Hat Enterprise Linux Server release 5.x (Tikanga)
Red Hat Enterprise Linux Client release 5 (Tikanga)
Red Hat Enterprise Linux Client release 5.x (Tikanga)
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-08 22:00 ` Stephen Smalley
@ 2010-01-08 22:08 ` Garrett Cooper
2010-01-09 7:27 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-08 22:08 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
>> >> > Thanks for the feedback and details Stephen.
>> >> > Would you be kind enough to try out the version from CVS to see
>> >> > whether or not it resolves your issue? You'll also need to update
>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
>> >> > detection script which opens up /etc/redhat-release (for redhat) as
>> >> > opposed to using rpm to query the release.
>> >> > Thanks,
>> >> > -Garrett
>> >>
>> >> The attempt to make the test policy immediately dies with:
>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
>> >
>> > I should note that I'm running it on Fedora, so I wouldn't expect that
>> > file to exist. But the script needs to handle it gracefully; we just
>> > use the generic test policy files in that situation.
>>
>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
>
> On RHEL5, it can look like one of the following:
> Red Hat Enterprise Linux Server release 5 (Tikanga)
> Red Hat Enterprise Linux Server release 5.x (Tikanga)
> Red Hat Enterprise Linux Client release 5 (Tikanga)
> Red Hat Enterprise Linux Client release 5.x (Tikanga)
Interesting. They switched over to more of the Fedora-style branding, maybe?.
[garrcoop@halflife ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-08 22:08 ` Garrett Cooper
@ 2010-01-09 7:27 ` Garrett Cooper
2010-01-11 19:12 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-09 7:27 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
>>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
>>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
>>> >> > Thanks for the feedback and details Stephen.
>>> >> > Would you be kind enough to try out the version from CVS to see
>>> >> > whether or not it resolves your issue? You'll also need to update
>>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
>>> >> > detection script which opens up /etc/redhat-release (for redhat) as
>>> >> > opposed to using rpm to query the release.
>>> >> > Thanks,
>>> >> > -Garrett
>>> >>
>>> >> The attempt to make the test policy immediately dies with:
>>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
>>> >
>>> > I should note that I'm running it on Fedora, so I wouldn't expect that
>>> > file to exist. But the script needs to handle it gracefully; we just
>>> > use the generic test policy files in that situation.
>>>
>>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
>>
>> On RHEL5, it can look like one of the following:
>> Red Hat Enterprise Linux Server release 5 (Tikanga)
>> Red Hat Enterprise Linux Server release 5.x (Tikanga)
>> Red Hat Enterprise Linux Client release 5 (Tikanga)
>> Red Hat Enterprise Linux Client release 5.x (Tikanga)
>
> Interesting. They switched over to more of the Fedora-style branding, maybe?.
>
> [garrcoop@halflife ~]$ cat /etc/redhat-release
> Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
Could you try again please :)?
Thanks!
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-09 7:27 ` Garrett Cooper
@ 2010-01-11 19:12 ` Stephen Smalley
2010-01-11 19:50 ` Serge E. Hallyn
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-11 19:12 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote:
> On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
> >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
> >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> >>> >> > Thanks for the feedback and details Stephen.
> >>> >> > Would you be kind enough to try out the version from CVS to see
> >>> >> > whether or not it resolves your issue? You'll also need to update
> >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
> >>> >> > detection script which opens up /etc/redhat-release (for redhat) as
> >>> >> > opposed to using rpm to query the release.
> >>> >> > Thanks,
> >>> >> > -Garrett
> >>> >>
> >>> >> The attempt to make the test policy immediately dies with:
> >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
> >>> >
> >>> > I should note that I'm running it on Fedora, so I wouldn't expect that
> >>> > file to exist. But the script needs to handle it gracefully; we just
> >>> > use the generic test policy files in that situation.
> >>>
> >>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
> >>
> >> On RHEL5, it can look like one of the following:
> >> Red Hat Enterprise Linux Server release 5 (Tikanga)
> >> Red Hat Enterprise Linux Server release 5.x (Tikanga)
> >> Red Hat Enterprise Linux Client release 5 (Tikanga)
> >> Red Hat Enterprise Linux Client release 5.x (Tikanga)
> >
> > Interesting. They switched over to more of the Fedora-style branding, maybe?.
> >
> > [garrcoop@halflife ~]$ cat /etc/redhat-release
> > Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
>
> Could you try again please :)?
Fails with:
cp: cannot stat
`/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 19:12 ` Stephen Smalley
@ 2010-01-11 19:50 ` Serge E. Hallyn
2010-01-11 19:55 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-11 19:50 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote:
> > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
> > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
> > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> > >>> >> > Thanks for the feedback and details Stephen.
> > >>> >> > Would you be kind enough to try out the version from CVS to see
> > >>> >> > whether or not it resolves your issue? You'll also need to update
> > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
> > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as
> > >>> >> > opposed to using rpm to query the release.
> > >>> >> > Thanks,
> > >>> >> > -Garrett
> > >>> >>
> > >>> >> The attempt to make the test policy immediately dies with:
> > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
> > >>> >
> > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that
> > >>> > file to exist. But the script needs to handle it gracefully; we just
> > >>> > use the generic test policy files in that situation.
> > >>>
> > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
> > >>
> > >> On RHEL5, it can look like one of the following:
> > >> Red Hat Enterprise Linux Server release 5 (Tikanga)
> > >> Red Hat Enterprise Linux Server release 5.x (Tikanga)
> > >> Red Hat Enterprise Linux Client release 5 (Tikanga)
> > >> Red Hat Enterprise Linux Client release 5.x (Tikanga)
> > >
> > > Interesting. They switched over to more of the Fedora-style branding, maybe?.
> > >
> > > [garrcoop@halflife ~]$ cat /etc/redhat-release
> > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
> >
> > Could you try again please :)?
>
> Fails with:
> cp: cannot stat
> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
I think we are supposed to actually be running
/opt/ltp/testscripts/test_selinux.sh. So then the first question for
Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
testscript? Or should the policy sources be copied into /opt?
-serge
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 19:50 ` Serge E. Hallyn
@ 2010-01-11 19:55 ` Stephen Smalley
2010-01-11 20:19 ` Serge E. Hallyn
2010-01-12 8:43 ` Garrett Cooper
0 siblings, 2 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-11 19:55 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris
On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote:
> > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
> > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
> > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> > > >>> >> > Thanks for the feedback and details Stephen.
> > > >>> >> > Would you be kind enough to try out the version from CVS to see
> > > >>> >> > whether or not it resolves your issue? You'll also need to update
> > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
> > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as
> > > >>> >> > opposed to using rpm to query the release.
> > > >>> >> > Thanks,
> > > >>> >> > -Garrett
> > > >>> >>
> > > >>> >> The attempt to make the test policy immediately dies with:
> > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
> > > >>> >
> > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that
> > > >>> > file to exist. But the script needs to handle it gracefully; we just
> > > >>> > use the generic test policy files in that situation.
> > > >>>
> > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
> > > >>
> > > >> On RHEL5, it can look like one of the following:
> > > >> Red Hat Enterprise Linux Server release 5 (Tikanga)
> > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga)
> > > >> Red Hat Enterprise Linux Client release 5 (Tikanga)
> > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga)
> > > >
> > > > Interesting. They switched over to more of the Fedora-style branding, maybe?.
> > > >
> > > > [garrcoop@halflife ~]$ cat /etc/redhat-release
> > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
> > >
> > > Could you try again please :)?
> >
> > Fails with:
> > cp: cannot stat
> > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>
> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>
> I think we are supposed to actually be running
> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> testscript? Or should the policy sources be copied into /opt?
Ok, but regardless: the refpolicy Makefile is still broken.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 19:55 ` Stephen Smalley
@ 2010-01-11 20:19 ` Serge E. Hallyn
2010-01-11 20:58 ` Serge E. Hallyn
2010-01-12 8:43 ` Garrett Cooper
1 sibling, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-11 20:19 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> > > Fails with:
> > > cp: cannot stat
> > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> >
> > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> >
> > I think we are supposed to actually be running
> > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> > testscript? Or should the policy sources be copied into /opt?
>
> Ok, but regardless: the refpolicy Makefile is still broken.
Yup.
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 20:19 ` Serge E. Hallyn
@ 2010-01-11 20:58 ` Serge E. Hallyn
2010-01-11 21:00 ` Serge E. Hallyn
0 siblings, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-11 20:58 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Serge E. Hallyn (serue@us.ibm.com):
> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> > > > Fails with:
> > > > cp: cannot stat
> > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> > >
> > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> > >
> > > I think we are supposed to actually be running
> > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> > > testscript? Or should the policy sources be copied into /opt?
> >
> > Ok, but regardless: the refpolicy Makefile is still broken.
>
> Yup.
All right, baby-steps.
The attached test_selinux.diff is not to be applied, but something
like it is needed. Should we have the ltp 'make install' fill in
TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
that is the issue I was saying is shared between test_selinux.sh
and some others including test_robind.sh. That's why I'm not just
sending a patch to make it work, bc i think we need more general
guidance.
The second match makes the 'make load' part of test_selinux.sh
succeed on rhel5.4. Stephen, how does it do on fedora?
After loading policy it fails to execute ltp-pan, but I figure let's
get policy loading working first.
-serge
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 20:58 ` Serge E. Hallyn
@ 2010-01-11 21:00 ` Serge E. Hallyn
2010-01-11 21:31 ` Serge E. Hallyn
2010-01-12 8:29 ` Garrett Cooper
0 siblings, 2 replies; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-11 21:00 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
[-- Attachment #1: Type: text/plain, Size: 1599 bytes --]
Quoting Serge E. Hallyn (serue@us.ibm.com):
> Quoting Serge E. Hallyn (serue@us.ibm.com):
> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> > > > > Fails with:
> > > > > cp: cannot stat
> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> > > >
> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> > > >
> > > > I think we are supposed to actually be running
> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> > > > testscript? Or should the policy sources be copied into /opt?
> > >
> > > Ok, but regardless: the refpolicy Makefile is still broken.
> >
> > Yup.
>
> All right, baby-steps.
>
> The attached test_selinux.diff is not to be applied, but something
> like it is needed. Should we have the ltp 'make install' fill in
> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> that is the issue I was saying is shared between test_selinux.sh
> and some others including test_robind.sh. That's why I'm not just
> sending a patch to make it work, bc i think we need more general
> guidance.
>
> The second match makes the 'make load' part of test_selinux.sh
> succeed on rhel5.4. Stephen, how does it do on fedora?
>
> After loading policy it fails to execute ltp-pan, but I figure let's
> get policy loading working first.
>
> -serge
gah, attaching the actual patches this time.
-serge
[-- Attachment #2: Makefile.diff --]
[-- Type: text/x-diff, Size: 431 bytes --]
--- /root/ltp_cvs_orig/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-08 04:39:20.000000000 -0500
+++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 2010-01-11 15:52:13.000000000 -0500
@@ -34,6 +34,8 @@
ifeq ($(strip $(DISTRO_VER)),)
DISTRO_VER := generic
+else
+DISTRO_VER := $(shell echo $(DISTRO_VER) | cut -d . -f 1 - )
endif
CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
[-- Attachment #3: test_selinux.diff --]
[-- Type: text/x-diff, Size: 630 bytes --]
--- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
+++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 15:11:34.000000000 -0500
@@ -77,10 +77,12 @@
SEMODULE="/usr/sbin/semodule"
+TOP_SRCDIR=/root/ltp
+
if [ -f $SEMODULE ]; then
- POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy"
+ POLICYDIR="$TOP_SRCDIR/testcases/kernel/security/selinux-testsuite/refpolicy"
else
- POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/policy"
+ POLICYDIR="$TOP_SRCDIR/testcases/kernel/security/selinux-testsuite/policy"
fi
config_set_expandcheck
[-- Attachment #4: Type: text/plain, Size: 390 bytes --]
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
[-- Attachment #5: Type: text/plain, Size: 155 bytes --]
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 21:00 ` Serge E. Hallyn
@ 2010-01-11 21:31 ` Serge E. Hallyn
2010-01-12 8:36 ` Garrett Cooper
2010-01-12 13:16 ` Stephen Smalley
2010-01-12 8:29 ` Garrett Cooper
1 sibling, 2 replies; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-11 21:31 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Serge E. Hallyn (serue@us.ibm.com):
> Quoting Serge E. Hallyn (serue@us.ibm.com):
> > Quoting Serge E. Hallyn (serue@us.ibm.com):
> > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> > > > > > Fails with:
> > > > > > cp: cannot stat
> > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> > > > >
> > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> > > > >
> > > > > I think we are supposed to actually be running
> > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> > > > > testscript? Or should the policy sources be copied into /opt?
> > > >
> > > > Ok, but regardless: the refpolicy Makefile is still broken.
> > >
> > > Yup.
> >
> > All right, baby-steps.
> >
> > The attached test_selinux.diff is not to be applied, but something
> > like it is needed. Should we have the ltp 'make install' fill in
> > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> > that is the issue I was saying is shared between test_selinux.sh
> > and some others including test_robind.sh. That's why I'm not just
> > sending a patch to make it work, bc i think we need more general
> > guidance.
> >
> > The second match makes the 'make load' part of test_selinux.sh
> > succeed on rhel5.4. Stephen, how does it do on fedora?
> >
> > After loading policy it fails to execute ltp-pan, but I figure let's
> > get policy loading working first.
All right well just doing
--- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
+++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
@@ -115,7 +117,7 @@
SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
-$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
+$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
# cleanup before exiting
================================================================
in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
up to then pass)
Again this is on RHEL5.4.
-serge
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 21:00 ` Serge E. Hallyn
2010-01-11 21:31 ` Serge E. Hallyn
@ 2010-01-12 8:29 ` Garrett Cooper
2010-01-12 13:00 ` Stephen Smalley
2010-01-12 15:38 ` Serge E. Hallyn
1 sibling, 2 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 8:29 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> > > > > Fails with:
>> > > > > cp: cannot stat
>> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>> > > >
>> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>> > > >
>> > > > I think we are supposed to actually be running
>> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> > > > testscript? Or should the policy sources be copied into /opt?
>> > >
>> > > Ok, but regardless: the refpolicy Makefile is still broken.
>> >
>> > Yup.
>>
>> All right, baby-steps.
>>
>> The attached test_selinux.diff is not to be applied, but something
>> like it is needed. Should we have the ltp 'make install' fill in
>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>> that is the issue I was saying is shared between test_selinux.sh
>> and some others including test_robind.sh. That's why I'm not just
>> sending a patch to make it work, bc i think we need more general
>> guidance.
>>
>> The second match makes the 'make load' part of test_selinux.sh
>> succeed on rhel5.4. Stephen, how does it do on fedora?
>>
>> After loading policy it fails to execute ltp-pan, but I figure let's
>> get policy loading working first.
>>
>> -serge
>
> gah, attaching the actual patches this time.
>
> -serge
1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
hardcoded as LTPROOT. 2. Why is the redhat stuff support to work
agnostic to the major and minor version?
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 21:31 ` Serge E. Hallyn
@ 2010-01-12 8:36 ` Garrett Cooper
2010-01-12 13:16 ` Stephen Smalley
1 sibling, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 8:36 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Mon, Jan 11, 2010 at 1:31 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>> > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> > > > > > Fails with:
>> > > > > > cp: cannot stat
>> > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>> > > > >
>> > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>> > > > >
>> > > > > I think we are supposed to actually be running
>> > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> > > > > testscript? Or should the policy sources be copied into /opt?
>> > > >
>> > > > Ok, but regardless: the refpolicy Makefile is still broken.
>> > >
>> > > Yup.
>> >
>> > All right, baby-steps.
>> >
>> > The attached test_selinux.diff is not to be applied, but something
>> > like it is needed. Should we have the ltp 'make install' fill in
>> > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>> > that is the issue I was saying is shared between test_selinux.sh
>> > and some others including test_robind.sh. That's why I'm not just
>> > sending a patch to make it work, bc i think we need more general
>> > guidance.
>> >
>> > The second match makes the 'make load' part of test_selinux.sh
>> > succeed on rhel5.4. Stephen, how does it do on fedora?
>> >
>> > After loading policy it fails to execute ltp-pan, but I figure let's
>> > get policy loading working first.
>
> All right well just doing
>
> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
> @@ -115,7 +117,7 @@
> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>
> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>
> # cleanup before exiting
>
> ================================================================
> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
> up to then pass)
>
> Again this is on RHEL5.4.
>
> -serge
Yowch. This was a problem in more than just that script. Apparently
PAN was incorrect for test_containers.sh and test_filecaps.sh as well.
Fixed.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 19:55 ` Stephen Smalley
2010-01-11 20:19 ` Serge E. Hallyn
@ 2010-01-12 8:43 ` Garrett Cooper
2010-01-12 13:08 ` Stephen Smalley
1 sibling, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 8:43 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Mon, Jan 11, 2010 at 11:55 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote:
>> > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
>> > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
>> > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
>> > > >>> >> > Thanks for the feedback and details Stephen.
>> > > >>> >> > Would you be kind enough to try out the version from CVS to see
>> > > >>> >> > whether or not it resolves your issue? You'll also need to update
>> > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
>> > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as
>> > > >>> >> > opposed to using rpm to query the release.
>> > > >>> >> > Thanks,
>> > > >>> >> > -Garrett
>> > > >>> >>
>> > > >>> >> The attempt to make the test policy immediately dies with:
>> > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
>> > > >>> >
>> > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that
>> > > >>> > file to exist. But the script needs to handle it gracefully; we just
>> > > >>> > use the generic test policy files in that situation.
>> > > >>>
>> > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
>> > > >>
>> > > >> On RHEL5, it can look like one of the following:
>> > > >> Red Hat Enterprise Linux Server release 5 (Tikanga)
>> > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga)
>> > > >> Red Hat Enterprise Linux Client release 5 (Tikanga)
>> > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga)
>> > > >
>> > > > Interesting. They switched over to more of the Fedora-style branding, maybe?.
>> > > >
>> > > > [garrcoop@halflife ~]$ cat /etc/redhat-release
>> > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
>> > >
>> > > Could you try again please :)?
>> >
>> > Fails with:
>> > cp: cannot stat
>> > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>
>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>
>> I think we are supposed to actually be running
>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> testscript? Or should the policy sources be copied into /opt?
>
> Ok, but regardless: the refpolicy Makefile is still broken.
Yes, it is (I don't have access to that package I think on my
version of Fedora...). Please try the attached patch and let me know
how it goes [the comments aren't as important as the `set -e' and
`$(TEST_POLICY_DIR)/' removal on the cp(1) call].
Thanks,
-Garrett
Index: Makefile
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile 8 Jan 2010 09:39:20 -0000 1.12
+++ Makefile 12 Jan 2010 08:40:23 -0000
@@ -69,15 +69,17 @@
TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
-POLICY_FILES := test_global.te $(filter-out
test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
+# This is being done to preserve precedence; test_global.te must come first.
+POLICY_FILES := test_global.te \
+ $(filter-out test_global.te,$(notdir
$(wildcard $(TEST_POLICY_DIR)/*.te)))
ifneq ($(CHECKPOLICY_VERS),24)
POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
endif
load:
- @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
- cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
+ @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
+ cp -p test_policy.* $(POLICY_DEVEL_DIR); \
$(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
$(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
$(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 8:29 ` Garrett Cooper
@ 2010-01-12 13:00 ` Stephen Smalley
2010-01-12 15:38 ` Serge E. Hallyn
1 sibling, 0 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-12 13:00 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Tue, 2010-01-12 at 00:29 -0800, Garrett Cooper wrote:
> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> > Quoting Serge E. Hallyn (serue@us.ibm.com):
> >> Quoting Serge E. Hallyn (serue@us.ibm.com):
> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> >> > > > > Fails with:
> >> > > > > cp: cannot stat
> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> >> > > >
> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> >> > > >
> >> > > > I think we are supposed to actually be running
> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> >> > > > testscript? Or should the policy sources be copied into /opt?
> >> > >
> >> > > Ok, but regardless: the refpolicy Makefile is still broken.
> >> >
> >> > Yup.
> >>
> >> All right, baby-steps.
> >>
> >> The attached test_selinux.diff is not to be applied, but something
> >> like it is needed. Should we have the ltp 'make install' fill in
> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> >> that is the issue I was saying is shared between test_selinux.sh
> >> and some others including test_robind.sh. That's why I'm not just
> >> sending a patch to make it work, bc i think we need more general
> >> guidance.
> >>
> >> The second match makes the 'make load' part of test_selinux.sh
> >> succeed on rhel5.4. Stephen, how does it do on fedora?
> >>
> >> After loading policy it fails to execute ltp-pan, but I figure let's
> >> get policy loading working first.
> >>
> >> -serge
> >
> > gah, attaching the actual patches this time.
> >
> > -serge
>
> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
> hardcoded as LTPROOT. 2. Why is the redhat stuff support to work
> agnostic to the major and minor version?
We haven't yet had to fork the test policy based on minor version, only
based on major version. So we presently have a fork of the test policy
for rhel5, and will likely create one for rhel6 when it is released,
while "generic" will continue to track latest fedora.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 8:43 ` Garrett Cooper
@ 2010-01-12 13:08 ` Stephen Smalley
0 siblings, 0 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-12 13:08 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Tue, 2010-01-12 at 00:43 -0800, Garrett Cooper wrote:
> On Mon, Jan 11, 2010 at 11:55 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> >> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >> > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote:
> >> > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> >> > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote:
> >> > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote:
> >> > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote:
> >> > > >>> >> > Thanks for the feedback and details Stephen.
> >> > > >>> >> > Would you be kind enough to try out the version from CVS to see
> >> > > >>> >> > whether or not it resolves your issue? You'll also need to update
> >> > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a distro
> >> > > >>> >> > detection script which opens up /etc/redhat-release (for redhat) as
> >> > > >>> >> > opposed to using rpm to query the release.
> >> > > >>> >> > Thanks,
> >> > > >>> >> > -Garrett
> >> > > >>> >>
> >> > > >>> >> The attempt to make the test policy immediately dies with:
> >> > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release
> >> > > >>> >
> >> > > >>> > I should note that I'm running it on Fedora, so I wouldn't expect that
> >> > > >>> > file to exist. But the script needs to handle it gracefully; we just
> >> > > >>> > use the generic test policy files in that situation.
> >> > > >>>
> >> > > >>> What does /etc/redhat-release look like (feel free to reply to me off-list)?
> >> > > >>
> >> > > >> On RHEL5, it can look like one of the following:
> >> > > >> Red Hat Enterprise Linux Server release 5 (Tikanga)
> >> > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga)
> >> > > >> Red Hat Enterprise Linux Client release 5 (Tikanga)
> >> > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga)
> >> > > >
> >> > > > Interesting. They switched over to more of the Fedora-style branding, maybe?.
> >> > > >
> >> > > > [garrcoop@halflife ~]$ cat /etc/redhat-release
> >> > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
> >> > >
> >> > > Could you try again please :)?
> >> >
> >> > Fails with:
> >> > cp: cannot stat
> >> > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> >>
> >> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> >>
> >> I think we are supposed to actually be running
> >> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> >> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> >> testscript? Or should the policy sources be copied into /opt?
> >
> > Ok, but regardless: the refpolicy Makefile is still broken.
>
> Yes, it is (I don't have access to that package I think on my
> version of Fedora...). Please try the attached patch and let me know
> how it goes [the comments aren't as important as the `set -e' and
> `$(TEST_POLICY_DIR)/' removal on the cp(1) call].
> Thanks,
> -Garrett
The patch was whitespace-damaged, so I had to fix it up by hand.
Now a 'make' in the refpolicy directory yields:
(cd
"/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic" && cat test_global.te test_bounds.te test_capable_file.te test_capable_net.te test_capable_sys.te test_dyntrace.te test_dyntrans.te test_entrypoint.te test_execshare.te test_exectrace.te test_execute_no_trans.te test_fdreceive.te test_file.te test_inherit.te test_ioctl.te test_ipc.te test_link.te test_mkdir.te test_open.te test_ptrace.te test_readlink.te test_relabel.te test_rename.te test_rxdir.te test_setattr.te test_setnice.te test_sigkill.te test_stat.te test_sysctl.te test_task_create.te test_task_getpgid.te test_task_getsched.te test_task_getsid.te test_task_setpgid.te test_task_setsched.te test_transition.te test_wait.te) > test_policy.te
And a 'make load' successfully loads that.
On recent Fedora you don't need any additional
packages; /usr/share/selinux/devel is shipped as part of selinux-policy
these days rather than as a separate selinux-policy-devel package.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-11 21:31 ` Serge E. Hallyn
2010-01-12 8:36 ` Garrett Cooper
@ 2010-01-12 13:16 ` Stephen Smalley
2010-01-12 16:55 ` Garrett Cooper
1 sibling, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-12 13:16 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris
On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote:
> Quoting Serge E. Hallyn (serue@us.ibm.com):
> > Quoting Serge E. Hallyn (serue@us.ibm.com):
> > > Quoting Serge E. Hallyn (serue@us.ibm.com):
> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> > > > > > > Fails with:
> > > > > > > cp: cannot stat
> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> > > > > >
> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> > > > > >
> > > > > > I think we are supposed to actually be running
> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> > > > > > testscript? Or should the policy sources be copied into /opt?
> > > > >
> > > > > Ok, but regardless: the refpolicy Makefile is still broken.
> > > >
> > > > Yup.
> > >
> > > All right, baby-steps.
> > >
> > > The attached test_selinux.diff is not to be applied, but something
> > > like it is needed. Should we have the ltp 'make install' fill in
> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> > > that is the issue I was saying is shared between test_selinux.sh
> > > and some others including test_robind.sh. That's why I'm not just
> > > sending a patch to make it work, bc i think we need more general
> > > guidance.
> > >
> > > The second match makes the 'make load' part of test_selinux.sh
> > > succeed on rhel5.4. Stephen, how does it do on fedora?
> > >
> > > After loading policy it fails to execute ltp-pan, but I figure let's
> > > get policy loading working first.
>
> All right well just doing
>
> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
> @@ -115,7 +117,7 @@
> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>
> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>
> # cleanup before exiting
>
> ================================================================
> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
> up to then pass)
>
> Again this is on RHEL5.4.
test39 isn't supposed to be run on RHEL5.4.
The old tests/Makefile had conditional logic to exclude certain tests on
RHEL4 and on RHEL5, as their kernels wouldn't support newer tests.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 8:29 ` Garrett Cooper
2010-01-12 13:00 ` Stephen Smalley
@ 2010-01-12 15:38 ` Serge E. Hallyn
2010-01-12 16:56 ` Garrett Cooper
` (2 more replies)
1 sibling, 3 replies; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-12 15:38 UTC (permalink / raw)
To: Garrett Cooper; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
Quoting Garrett Cooper (yanegomi@gmail.com):
> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> > Quoting Serge E. Hallyn (serue@us.ibm.com):
> >> Quoting Serge E. Hallyn (serue@us.ibm.com):
> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> >> > > > > Fails with:
> >> > > > > cp: cannot stat
> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> >> > > >
> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> >> > > >
> >> > > > I think we are supposed to actually be running
> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> >> > > > testscript? Or should the policy sources be copied into /opt?
> >> > >
> >> > > Ok, but regardless: the refpolicy Makefile is still broken.
> >> >
> >> > Yup.
> >>
> >> All right, baby-steps.
> >>
> >> The attached test_selinux.diff is not to be applied, but something
> >> like it is needed. Should we have the ltp 'make install' fill in
> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> >> that is the issue I was saying is shared between test_selinux.sh
> >> and some others including test_robind.sh. That's why I'm not just
> >> sending a patch to make it work, bc i think we need more general
> >> guidance.
> >>
> >> The second match makes the 'make load' part of test_selinux.sh
> >> succeed on rhel5.4. Stephen, how does it do on fedora?
> >>
> >> After loading policy it fails to execute ltp-pan, but I figure let's
> >> get policy loading working first.
> >>
> >> -serge
> >
> > gah, attaching the actual patches this time.
> >
> > -serge
>
> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
> hardcoded as LTPROOT.
I said 'not to be applied'. You're not rejecting.
> 2. Why is the redhat stuff support to work
> agnostic to the major and minor version?
It's not agnostic to the major version. Only the minor version.
And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
i suppose we can just get rid of rhel4 support selinux-testsuite.
Or pull it out altogether.
-serge
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 13:16 ` Stephen Smalley
@ 2010-01-12 16:55 ` Garrett Cooper
2010-01-12 17:19 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 16:55 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote:
>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>> > > Quoting Serge E. Hallyn (serue@us.ibm.com):
>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> > > > > > > Fails with:
>> > > > > > > cp: cannot stat
>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>> > > > > >
>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>> > > > > >
>> > > > > > I think we are supposed to actually be running
>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> > > > > > testscript? Or should the policy sources be copied into /opt?
>> > > > >
>> > > > > Ok, but regardless: the refpolicy Makefile is still broken.
>> > > >
>> > > > Yup.
>> > >
>> > > All right, baby-steps.
>> > >
>> > > The attached test_selinux.diff is not to be applied, but something
>> > > like it is needed. Should we have the ltp 'make install' fill in
>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>> > > that is the issue I was saying is shared between test_selinux.sh
>> > > and some others including test_robind.sh. That's why I'm not just
>> > > sending a patch to make it work, bc i think we need more general
>> > > guidance.
>> > >
>> > > The second match makes the 'make load' part of test_selinux.sh
>> > > succeed on rhel5.4. Stephen, how does it do on fedora?
>> > >
>> > > After loading policy it fails to execute ltp-pan, but I figure let's
>> > > get policy loading working first.
>>
>> All right well just doing
>>
>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
>> @@ -115,7 +117,7 @@
>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>>
>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>
>> # cleanup before exiting
>>
>> ================================================================
>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
>> up to then pass)
>>
>> Again this is on RHEL5.4.
>
> test39 isn't supposed to be run on RHEL5.4.
> The old tests/Makefile had conditional logic to exclude certain tests on
> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests.
Something that fell through the cracks because I didn't take the time
to actually determine _what_ the requirements were for the tests so
they would report configuration failure instead of failure. Please try
this (I properly pasted it this time instead of using my xterm window
and paste):
Index: tests/Makefile
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
+++ tests/Makefile 12 Jan 2010 16:53:57 -0000
@@ -24,11 +24,26 @@
include $(top_srcdir)/include/mk/env_pre.mk
-RECURSIVE_TARGETS := install
+ARGS = -m
+# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
+ifneq ($(strip $(DESTDIR)),)
+ARGS += -d $(DESTDIR)
+endif
-include $(top_srcdir)/include/mk/generic_trunk_target.mk
+DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
+
+#
+# Certain tests should be excluded on RHEL [45].x as their kernels don't
+# support the tests.
+#
+# XXX (garrcoop): actually complete the work to add proper checks to the tests
+# to report TCONF on configuration failure.
+#
+ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),)
+FILTER_OUT_DIRS += dyntrace dyntrans
+endif
+ifeq (redhat-4,$(DISTRO_VER))
+FILTER_OUT_DIRS += bounds
+endif
-all:
- @set -e; for i in $(SUBDIRS); do \
- $(MAKE) -C $$i $@; \
- done
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 15:38 ` Serge E. Hallyn
@ 2010-01-12 16:56 ` Garrett Cooper
2010-01-12 18:51 ` Stephen Smalley
2010-01-15 17:48 ` Garrett Cooper
2 siblings, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 16:56 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> Quoting Garrett Cooper (yanegomi@gmail.com):
>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>> >> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> >> > > > > Fails with:
>> >> > > > > cp: cannot stat
>> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>> >> > > >
>> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>> >> > > >
>> >> > > > I think we are supposed to actually be running
>> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> >> > > > testscript? Or should the policy sources be copied into /opt?
>> >> > >
>> >> > > Ok, but regardless: the refpolicy Makefile is still broken.
>> >> >
>> >> > Yup.
>> >>
>> >> All right, baby-steps.
>> >>
>> >> The attached test_selinux.diff is not to be applied, but something
>> >> like it is needed. Should we have the ltp 'make install' fill in
>> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>> >> that is the issue I was saying is shared between test_selinux.sh
>> >> and some others including test_robind.sh. That's why I'm not just
>> >> sending a patch to make it work, bc i think we need more general
>> >> guidance.
>> >>
>> >> The second match makes the 'make load' part of test_selinux.sh
>> >> succeed on rhel5.4. Stephen, how does it do on fedora?
>> >>
>> >> After loading policy it fails to execute ltp-pan, but I figure let's
>> >> get policy loading working first.
>> >>
>> >> -serge
>> >
>> > gah, attaching the actual patches this time.
>> >
>> > -serge
>>
>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
>> hardcoded as LTPROOT.
>
> I said 'not to be applied'. You're not rejecting.
>
>> 2. Why is the redhat stuff support to work
>> agnostic to the major and minor version?
>
> It's not agnostic to the major version. Only the minor version.
>
> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
> i suppose we can just get rid of rhel4 support selinux-testsuite.
>
> Or pull it out altogether.
Ok... sorry for the misunderstanding (looks around sheepishly :\).
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 16:55 ` Garrett Cooper
@ 2010-01-12 17:19 ` Garrett Cooper
2010-01-12 17:24 ` Garrett Cooper
2010-01-12 17:26 ` Garrett Cooper
0 siblings, 2 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 17:19 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote:
>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> > > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>> > > > > > > Fails with:
>>> > > > > > > cp: cannot stat
>>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>> > > > > >
>>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>> > > > > >
>>> > > > > > I think we are supposed to actually be running
>>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>>> > > > > > testscript? Or should the policy sources be copied into /opt?
>>> > > > >
>>> > > > > Ok, but regardless: the refpolicy Makefile is still broken.
>>> > > >
>>> > > > Yup.
>>> > >
>>> > > All right, baby-steps.
>>> > >
>>> > > The attached test_selinux.diff is not to be applied, but something
>>> > > like it is needed. Should we have the ltp 'make install' fill in
>>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>> > > that is the issue I was saying is shared between test_selinux.sh
>>> > > and some others including test_robind.sh. That's why I'm not just
>>> > > sending a patch to make it work, bc i think we need more general
>>> > > guidance.
>>> > >
>>> > > The second match makes the 'make load' part of test_selinux.sh
>>> > > succeed on rhel5.4. Stephen, how does it do on fedora?
>>> > >
>>> > > After loading policy it fails to execute ltp-pan, but I figure let's
>>> > > get policy loading working first.
>>>
>>> All right well just doing
>>>
>>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
>>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
>>> @@ -115,7 +117,7 @@
>>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
>>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>>>
>>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>>
>>> # cleanup before exiting
>>>
>>> ================================================================
>>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
>>> up to then pass)
>>>
>>> Again this is on RHEL5.4.
>>
>> test39 isn't supposed to be run on RHEL5.4.
>> The old tests/Makefile had conditional logic to exclude certain tests on
>> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests.
>
>
> Something that fell through the cracks because I didn't take the time
> to actually determine _what_ the requirements were for the tests so
> they would report configuration failure instead of failure. Please try
> this (I properly pasted it this time instead of using my xterm window
> and paste):
>
> Index: tests/Makefile
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
> retrieving revision 1.7
> diff -u -r1.7 Makefile
> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
> +++ tests/Makefile 12 Jan 2010 16:53:57 -0000
> @@ -24,11 +24,26 @@
>
> include $(top_srcdir)/include/mk/env_pre.mk
>
> -RECURSIVE_TARGETS := install
> +ARGS = -m
> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
> +ifneq ($(strip $(DESTDIR)),)
> +ARGS += -d $(DESTDIR)
> +endif
>
> -include $(top_srcdir)/include/mk/generic_trunk_target.mk
> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> +
> +#
> +# Certain tests should be excluded on RHEL [45].x as their kernels don't
> +# support the tests.
> +#
> +# XXX (garrcoop): actually complete the work to add proper checks to the tests
> +# to report TCONF on configuration failure.
> +#
> +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),)
> +FILTER_OUT_DIRS += dyntrace dyntrans
> +endif
> +ifeq (redhat-4,$(DISTRO_VER))
> +FILTER_OUT_DIRS += bounds
> +endif
>
> -all:
> - @set -e; for i in $(SUBDIRS); do \
> - $(MAKE) -C $$i $@; \
> - done
> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
>
The conditional checks didn't make sense with what Stephen mentioned
above to you Serge, so I respun the diff:
Index: tests/Makefile
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
+++ tests/Makefile 12 Jan 2010 17:16:09 -0000
@@ -24,11 +24,28 @@
include $(top_srcdir)/include/mk/env_pre.mk
-RECURSIVE_TARGETS := install
+ARGS = -m
+# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
+ifneq ($(strip $(DESTDIR)),)
+ARGS += -d $(DESTDIR)
+endif
-include $(top_srcdir)/include/mk/generic_trunk_target.mk
+DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
+
+#
+# Certain tests should be excluded on RHEL [45].x as their kernels don't
+# support the tests.
+#
+# XXX (garrcoop): actually complete the work to add proper checks to the tests
+# to report TCONF on configuration failure.
-all:
- @set -e; for i in $(SUBDIRS); do \
- $(MAKE) -C $$i $@; \
- done
+# RHEL 4.x doesn't support the dyntrace and dyntrans tests.
+ifneq ($(findstring $(DISTRO_VER),redhat-4),)
+FILTER_OUT_DIRS += dyntrace dyntrans
+endif
+# RHEL 5.x doesn't support the bounds test.
+ifeq (redhat-5,$(DISTRO_VER))
+FILTER_OUT_DIRS += bounds
+endif
+
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
Also, if you guys can try out this patch for refpolicy/Makefile, I'd
prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
Make logic):
Index: refpolicy/Makefile
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
+++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
@@ -17,7 +17,7 @@
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-# Garrett Cooper, August 2009
+# Garrett Cooper, January 2010
#
top_srcdir ?= ../../../../..
@@ -32,6 +32,7 @@
DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
+# Avoid empty strings.
ifeq ($(strip $(DISTRO_VER)),)
DISTRO_VER := generic
endif
@@ -41,10 +42,17 @@
POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
-INSTALL_DIR := testcases/kernel/security/selinux-testsuite
+INSTALL_DIR := testcases/selinux-testsuite/refpolicy
TEST_POLICY_DIR := $(abs_srcdir)/policy_files
+# Do we have a special set of policies in the SCM to install?
+ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
+TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
+else
+TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
+endif
+
.PHONY: all clean cleanup install load
CLEAN_DEPS := cleanup
@@ -55,34 +63,24 @@
-$(SEMODULE) -r test_policy
$(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
-ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
-MAKE_TARGETS :=
-
-TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
-
-# load remains for backwards compatibility...
-load:
- $(MAKE) -C $(TEST_POLICY_DIR)
-else
-
MAKE_TARGETS := test_policy.te
-TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
-
-POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
$(wildcard $(TEST_POLICY_DIR)/*.te)))
-
ifneq ($(CHECKPOLICY_VERS),24)
POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
endif
+# This is being done to preserve precedence; test_global.te must come first.
+POLICY_FILES := test_global.te \
+ $(filter-out test_global.te,$(notdir $(wildcard
$(TEST_POLICY_DIR)/*.te)))
+
load:
- @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
- cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
+ @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
+ cp -p test_policy.* $(POLICY_DEVEL_DIR); \
$(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
$(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
$(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
else \
- echo "ERROR: You must have selinux-policy-devel installed."; \
+ echo "ERROR: You must have selinux-policy?-devel? installed."; \
false; \
fi
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 17:19 ` Garrett Cooper
@ 2010-01-12 17:24 ` Garrett Cooper
2010-01-12 17:26 ` Garrett Cooper
1 sibling, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 17:24 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Tue, Jan 12, 2010 at 9:19 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote:
>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>> > > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>>>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>>> > > > > > > Fails with:
>>>> > > > > > > cp: cannot stat
>>>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>>> > > > > >
>>>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>>> > > > > >
>>>> > > > > > I think we are supposed to actually be running
>>>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>>>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>>>> > > > > > testscript? Or should the policy sources be copied into /opt?
>>>> > > > >
>>>> > > > > Ok, but regardless: the refpolicy Makefile is still broken.
>>>> > > >
>>>> > > > Yup.
>>>> > >
>>>> > > All right, baby-steps.
>>>> > >
>>>> > > The attached test_selinux.diff is not to be applied, but something
>>>> > > like it is needed. Should we have the ltp 'make install' fill in
>>>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>>> > > that is the issue I was saying is shared between test_selinux.sh
>>>> > > and some others including test_robind.sh. That's why I'm not just
>>>> > > sending a patch to make it work, bc i think we need more general
>>>> > > guidance.
>>>> > >
>>>> > > The second match makes the 'make load' part of test_selinux.sh
>>>> > > succeed on rhel5.4. Stephen, how does it do on fedora?
>>>> > >
>>>> > > After loading policy it fails to execute ltp-pan, but I figure let's
>>>> > > get policy loading working first.
>>>>
>>>> All right well just doing
>>>>
>>>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
>>>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
>>>> @@ -115,7 +117,7 @@
>>>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
>>>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>>>>
>>>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>>>
>>>> # cleanup before exiting
>>>>
>>>> ================================================================
>>>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
>>>> up to then pass)
>>>>
>>>> Again this is on RHEL5.4.
>>>
>>> test39 isn't supposed to be run on RHEL5.4.
>>> The old tests/Makefile had conditional logic to exclude certain tests on
>>> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests.
>>
>>
>> Something that fell through the cracks because I didn't take the time
>> to actually determine _what_ the requirements were for the tests so
>> they would report configuration failure instead of failure. Please try
>> this (I properly pasted it this time instead of using my xterm window
>> and paste):
>>
>> Index: tests/Makefile
>> ===================================================================
>> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
>> retrieving revision 1.7
>> diff -u -r1.7 Makefile
>> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
>> +++ tests/Makefile 12 Jan 2010 16:53:57 -0000
>> @@ -24,11 +24,26 @@
>>
>> include $(top_srcdir)/include/mk/env_pre.mk
>>
>> -RECURSIVE_TARGETS := install
>> +ARGS = -m
>> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
>> +ifneq ($(strip $(DESTDIR)),)
>> +ARGS += -d $(DESTDIR)
>> +endif
>>
>> -include $(top_srcdir)/include/mk/generic_trunk_target.mk
>> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> +
>> +#
>> +# Certain tests should be excluded on RHEL [45].x as their kernels don't
>> +# support the tests.
>> +#
>> +# XXX (garrcoop): actually complete the work to add proper checks to the tests
>> +# to report TCONF on configuration failure.
>> +#
>> +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),)
>> +FILTER_OUT_DIRS += dyntrace dyntrans
>> +endif
>> +ifeq (redhat-4,$(DISTRO_VER))
>> +FILTER_OUT_DIRS += bounds
>> +endif
>>
>> -all:
>> - @set -e; for i in $(SUBDIRS); do \
>> - $(MAKE) -C $$i $@; \
>> - done
>> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
>>
>
> The conditional checks didn't make sense with what Stephen mentioned
> above to you Serge, so I respun the diff:
>
> Index: tests/Makefile
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
> retrieving revision 1.7
> diff -u -r1.7 Makefile
> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
> +++ tests/Makefile 12 Jan 2010 17:16:09 -0000
> @@ -24,11 +24,28 @@
>
> include $(top_srcdir)/include/mk/env_pre.mk
>
> -RECURSIVE_TARGETS := install
> +ARGS = -m
> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
> +ifneq ($(strip $(DESTDIR)),)
> +ARGS += -d $(DESTDIR)
> +endif
>
> -include $(top_srcdir)/include/mk/generic_trunk_target.mk
> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> +
> +#
> +# Certain tests should be excluded on RHEL [45].x as their kernels don't
> +# support the tests.
> +#
> +# XXX (garrcoop): actually complete the work to add proper checks to the tests
> +# to report TCONF on configuration failure.
>
> -all:
> - @set -e; for i in $(SUBDIRS); do \
> - $(MAKE) -C $$i $@; \
> - done
> +# RHEL 4.x doesn't support the dyntrace and dyntrans tests.
> +ifneq ($(findstring $(DISTRO_VER),redhat-4),)
> +FILTER_OUT_DIRS += dyntrace dyntrans
> +endif
> +# RHEL 5.x doesn't support the bounds test.
> +ifeq (redhat-5,$(DISTRO_VER))
> +FILTER_OUT_DIRS += bounds
> +endif
Man, my brain's a bit groggy this morning. The previous conditional
was correct -- the directories / versions to filter out were just
flip-flopped -_-. If you do:
+# RHEL 4.x and 5.x don't support the bounds test.
+ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),)
+FILTER_OUT_DIRS += bounds
+endif
+# RHEL 4.x doesn't support the dyntrace and dyntrans tests.
+ifeq (redhat-4,$(DISTRO_VER))
+FILTER_OUT_DIRS += dyntrace dyntrans
+endif
That should end up with the final desired result.
> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
>
> Also, if you guys can try out this patch for refpolicy/Makefile, I'd
> prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
> Make logic):
>
> Index: refpolicy/Makefile
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> retrieving revision 1.12
> diff -u -r1.12 Makefile
> --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
> +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
> @@ -17,7 +17,7 @@
> # with this program; if not, write to the Free Software Foundation, Inc.,
> # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> #
> -# Garrett Cooper, August 2009
> +# Garrett Cooper, January 2010
> #
>
> top_srcdir ?= ../../../../..
> @@ -32,6 +32,7 @@
>
> DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>
> +# Avoid empty strings.
> ifeq ($(strip $(DISTRO_VER)),)
> DISTRO_VER := generic
> endif
> @@ -41,10 +42,17 @@
> POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>
> -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
> +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>
> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>
> +# Do we have a special set of policies in the SCM to install?
> +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
> +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> +else
> +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> +endif
> +
> .PHONY: all clean cleanup install load
>
> CLEAN_DEPS := cleanup
> @@ -55,34 +63,24 @@
> -$(SEMODULE) -r test_policy
> $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>
> -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
> -MAKE_TARGETS :=
> -
> -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> -
> -# load remains for backwards compatibility...
> -load:
> - $(MAKE) -C $(TEST_POLICY_DIR)
> -else
> -
> MAKE_TARGETS := test_policy.te
>
> -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> -
> -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
> $(wildcard $(TEST_POLICY_DIR)/*.te)))
> -
> ifneq ($(CHECKPOLICY_VERS),24)
> POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
> endif
>
> +# This is being done to preserve precedence; test_global.te must come first.
> +POLICY_FILES := test_global.te \
> + $(filter-out test_global.te,$(notdir $(wildcard
> $(TEST_POLICY_DIR)/*.te)))
> +
> load:
> - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
> $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
> $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
> $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
> else \
> - echo "ERROR: You must have selinux-policy-devel installed."; \
> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> false; \
> fi
>
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 17:19 ` Garrett Cooper
2010-01-12 17:24 ` Garrett Cooper
@ 2010-01-12 17:26 ` Garrett Cooper
2010-01-12 19:12 ` Stephen Smalley
1 sibling, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-12 17:26 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Tue, Jan 12, 2010 at 9:19 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote:
>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>> > > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>> > > > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>>>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>>> > > > > > > Fails with:
>>>> > > > > > > cp: cannot stat
>>>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>>> > > > > >
>>>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>>> > > > > >
>>>> > > > > > I think we are supposed to actually be running
>>>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>>>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>>>> > > > > > testscript? Or should the policy sources be copied into /opt?
>>>> > > > >
>>>> > > > > Ok, but regardless: the refpolicy Makefile is still broken.
>>>> > > >
>>>> > > > Yup.
>>>> > >
>>>> > > All right, baby-steps.
>>>> > >
>>>> > > The attached test_selinux.diff is not to be applied, but something
>>>> > > like it is needed. Should we have the ltp 'make install' fill in
>>>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>>> > > that is the issue I was saying is shared between test_selinux.sh
>>>> > > and some others including test_robind.sh. That's why I'm not just
>>>> > > sending a patch to make it work, bc i think we need more general
>>>> > > guidance.
>>>> > >
>>>> > > The second match makes the 'make load' part of test_selinux.sh
>>>> > > succeed on rhel5.4. Stephen, how does it do on fedora?
>>>> > >
>>>> > > After loading policy it fails to execute ltp-pan, but I figure let's
>>>> > > get policy loading working first.
>>>>
>>>> All right well just doing
>>>>
>>>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.000000000 -0400
>>>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000 -0500
>>>> @@ -115,7 +117,7 @@
>>>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
>>>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>>>>
>>>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>>>>
>>>> # cleanup before exiting
>>>>
>>>> ================================================================
>>>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
>>>> up to then pass)
>>>>
>>>> Again this is on RHEL5.4.
>>>
>>> test39 isn't supposed to be run on RHEL5.4.
>>> The old tests/Makefile had conditional logic to exclude certain tests on
>>> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests.
>>
>>
>> Something that fell through the cracks because I didn't take the time
>> to actually determine _what_ the requirements were for the tests so
>> they would report configuration failure instead of failure. Please try
>> this (I properly pasted it this time instead of using my xterm window
>> and paste):
>>
>> Index: tests/Makefile
>> ===================================================================
>> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
>> retrieving revision 1.7
>> diff -u -r1.7 Makefile
>> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
>> +++ tests/Makefile 12 Jan 2010 16:53:57 -0000
>> @@ -24,11 +24,26 @@
>>
>> include $(top_srcdir)/include/mk/env_pre.mk
>>
>> -RECURSIVE_TARGETS := install
>> +ARGS = -m
>> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
>> +ifneq ($(strip $(DESTDIR)),)
>> +ARGS += -d $(DESTDIR)
>> +endif
>>
>> -include $(top_srcdir)/include/mk/generic_trunk_target.mk
>> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> +
>> +#
>> +# Certain tests should be excluded on RHEL [45].x as their kernels don't
>> +# support the tests.
>> +#
>> +# XXX (garrcoop): actually complete the work to add proper checks to the tests
>> +# to report TCONF on configuration failure.
>> +#
>> +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),)
>> +FILTER_OUT_DIRS += dyntrace dyntrans
>> +endif
>> +ifeq (redhat-4,$(DISTRO_VER))
>> +FILTER_OUT_DIRS += bounds
>> +endif
>>
>> -all:
>> - @set -e; for i in $(SUBDIRS); do \
>> - $(MAKE) -C $$i $@; \
>> - done
>> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
>>
>
> The conditional checks didn't make sense with what Stephen mentioned
> above to you Serge, so I respun the diff:
>
> Index: tests/Makefile
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
> retrieving revision 1.7
> diff -u -r1.7 Makefile
> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
> +++ tests/Makefile 12 Jan 2010 17:16:09 -0000
> @@ -24,11 +24,28 @@
>
> include $(top_srcdir)/include/mk/env_pre.mk
>
> -RECURSIVE_TARGETS := install
> +ARGS = -m
> +# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
> +ifneq ($(strip $(DESTDIR)),)
> +ARGS += -d $(DESTDIR)
> +endif
>
> -include $(top_srcdir)/include/mk/generic_trunk_target.mk
> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> +
> +#
> +# Certain tests should be excluded on RHEL [45].x as their kernels don't
> +# support the tests.
> +#
> +# XXX (garrcoop): actually complete the work to add proper checks to the tests
> +# to report TCONF on configuration failure.
>
> -all:
> - @set -e; for i in $(SUBDIRS); do \
> - $(MAKE) -C $$i $@; \
> - done
> +# RHEL 4.x doesn't support the dyntrace and dyntrans tests.
> +ifneq ($(findstring $(DISTRO_VER),redhat-4),)
> +FILTER_OUT_DIRS += dyntrace dyntrans
> +endif
> +# RHEL 5.x doesn't support the bounds test.
> +ifeq (redhat-5,$(DISTRO_VER))
> +FILTER_OUT_DIRS += bounds
> +endif
> +
> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
>
> Also, if you guys can try out this patch for refpolicy/Makefile, I'd
> prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
> Make logic):
>
> Index: refpolicy/Makefile
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> retrieving revision 1.12
> diff -u -r1.12 Makefile
> --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
> +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
> @@ -17,7 +17,7 @@
> # with this program; if not, write to the Free Software Foundation, Inc.,
> # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> #
> -# Garrett Cooper, August 2009
> +# Garrett Cooper, January 2010
> #
>
> top_srcdir ?= ../../../../..
> @@ -32,6 +32,7 @@
>
> DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>
> +# Avoid empty strings.
> ifeq ($(strip $(DISTRO_VER)),)
> DISTRO_VER := generic
> endif
> @@ -41,10 +42,17 @@
> POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>
> -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
> +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>
> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>
> +# Do we have a special set of policies in the SCM to install?
> +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
> +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> +else
> +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> +endif
> +
> .PHONY: all clean cleanup install load
>
> CLEAN_DEPS := cleanup
> @@ -55,34 +63,24 @@
> -$(SEMODULE) -r test_policy
> $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>
> -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
> -MAKE_TARGETS :=
> -
> -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> -
> -# load remains for backwards compatibility...
> -load:
> - $(MAKE) -C $(TEST_POLICY_DIR)
> -else
> -
> MAKE_TARGETS := test_policy.te
>
> -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> -
> -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
> $(wildcard $(TEST_POLICY_DIR)/*.te)))
> -
> ifneq ($(CHECKPOLICY_VERS),24)
> POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
> endif
>
> +# This is being done to preserve precedence; test_global.te must come first.
> +POLICY_FILES := test_global.te \
> + $(filter-out test_global.te,$(notdir $(wildcard
> $(TEST_POLICY_DIR)/*.te)))
> +
> load:
> - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
> $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
> $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
> $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
> else \
> - echo "ERROR: You must have selinux-policy-devel installed."; \
> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> false; \
> fi
There's a stray endif on line 90 of refpolicy/Makefile that needs to
be deleted as well, FYI...
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 15:38 ` Serge E. Hallyn
2010-01-12 16:56 ` Garrett Cooper
@ 2010-01-12 18:51 ` Stephen Smalley
2010-01-15 17:48 ` Garrett Cooper
2 siblings, 0 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-12 18:51 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris
On Tue, 2010-01-12 at 09:38 -0600, Serge E. Hallyn wrote:
> Quoting Garrett Cooper (yanegomi@gmail.com):
> > On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> > > Quoting Serge E. Hallyn (serue@us.ibm.com):
> > >> Quoting Serge E. Hallyn (serue@us.ibm.com):
> > >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> > >> > > > > Fails with:
> > >> > > > > cp: cannot stat
> > >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> > >> > > >
> > >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> > >> > > >
> > >> > > > I think we are supposed to actually be running
> > >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> > >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> > >> > > > testscript? Or should the policy sources be copied into /opt?
> > >> > >
> > >> > > Ok, but regardless: the refpolicy Makefile is still broken.
> > >> >
> > >> > Yup.
> > >>
> > >> All right, baby-steps.
> > >>
> > >> The attached test_selinux.diff is not to be applied, but something
> > >> like it is needed. Should we have the ltp 'make install' fill in
> > >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> > >> that is the issue I was saying is shared between test_selinux.sh
> > >> and some others including test_robind.sh. That's why I'm not just
> > >> sending a patch to make it work, bc i think we need more general
> > >> guidance.
> > >>
> > >> The second match makes the 'make load' part of test_selinux.sh
> > >> succeed on rhel5.4. Stephen, how does it do on fedora?
> > >>
> > >> After loading policy it fails to execute ltp-pan, but I figure let's
> > >> get policy loading working first.
> > >>
> > >> -serge
> > >
> > > gah, attaching the actual patches this time.
> > >
> > > -serge
> >
> > 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
> > hardcoded as LTPROOT.
>
> I said 'not to be applied'. You're not rejecting.
>
> > 2. Why is the redhat stuff support to work
> > agnostic to the major and minor version?
>
> It's not agnostic to the major version. Only the minor version.
>
> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
> i suppose we can just get rid of rhel4 support selinux-testsuite.
>
> Or pull it out altogether.
Hmm...doesn't Red Hat still use ltp (both main and selinux-testsuite)
for regression testing of RHEL4.x releases?
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 17:26 ` Garrett Cooper
@ 2010-01-12 19:12 ` Stephen Smalley
2010-01-13 6:51 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-12 19:12 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
> > Make logic):
> >
> > Index: refpolicy/Makefile
> > ===================================================================
> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> > retrieving revision 1.12
> > diff -u -r1.12 Makefile
> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
> > @@ -17,7 +17,7 @@
> > # with this program; if not, write to the Free Software Foundation, Inc.,
> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> > #
> > -# Garrett Cooper, August 2009
> > +# Garrett Cooper, January 2010
> > #
> >
> > top_srcdir ?= ../../../../..
> > @@ -32,6 +32,7 @@
> >
> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> >
> > +# Avoid empty strings.
> > ifeq ($(strip $(DISTRO_VER)),)
> > DISTRO_VER := generic
> > endif
> > @@ -41,10 +42,17 @@
> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
> >
> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
> >
> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> >
> > +# Do we have a special set of policies in the SCM to install?
> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> > +else
> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> > +endif
> > +
> > .PHONY: all clean cleanup install load
> >
> > CLEAN_DEPS := cleanup
> > @@ -55,34 +63,24 @@
> > -$(SEMODULE) -r test_policy
> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
> >
> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
> > -MAKE_TARGETS :=
> > -
> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> > -
> > -# load remains for backwards compatibility...
> > -load:
> > - $(MAKE) -C $(TEST_POLICY_DIR)
> > -else
> > -
> > MAKE_TARGETS := test_policy.te
> >
> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> > -
> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
> > -
> > ifneq ($(CHECKPOLICY_VERS),24)
> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
> > endif
> >
> > +# This is being done to preserve precedence; test_global.te must come first.
> > +POLICY_FILES := test_global.te \
> > + $(filter-out test_global.te,$(notdir $(wildcard
> > $(TEST_POLICY_DIR)/*.te)))
> > +
> > load:
> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
> > else \
> > - echo "ERROR: You must have selinux-policy-devel installed."; \
> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> > false; \
> > fi
>
> There's a stray endif on line 90 of refpolicy/Makefile that needs to
> be deleted as well, FYI...
Ok. test policy appears to build (on Fedora) when running make by hand
from the refpolicy directory, but you still can't run the tests, either
from /opt/ltp or from the source tree.
# cd /opt/ltp/testscripts && ./test_selinux.sh
Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
/etc/selinux /opt/ltp
/opt/ltp
allow_domain_fd_use --> off
allow_domain_fd_use exists setting
building and installing test_policy module...
./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
make: *** No rule to make target `load'. Stop.
Failed to build and load test_policy module, aborting test run.
/etc/selinux /opt/ltp
/opt/ltp
# cd LTP_SRCDIR/testscripts && ./test_selinux.sh
Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
/etc/selinux /home/sds/ltp
/home/sds/ltp
allow_domain_fd_use --> off
allow_domain_fd_use exists setting
building and installing test_policy module...
make[1]: Entering directory `/usr/share/selinux/devel'
rm -fR tmp
rm -f *.pp
make[1]: Leaving directory `/usr/share/selinux/devel'
make[1]: Entering directory `/usr/share/selinux/devel'
Compiling targeted test_policy module
/usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
Creating targeted test_policy.pp policy package
rm tmp/test_policy.mod tmp/test_policy.mod.fc
make[1]: Leaving directory `/usr/share/selinux/devel'
Successfully built and loaded test_policy module.
/etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
Running the SELinux testsuite...
ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
/usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
/usr/bin/chcon: missing operand
Try `/usr/bin/chcon --help' for more information.
Removing test_policy module...
/usr/sbin/semodule -r test_policy
rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
allow_domain_fd_use --> off
allow_domain_fd_use exists setting
Done.
Both test_selinux.sh and tests/runtest.sh need to be updated.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 19:12 ` Stephen Smalley
@ 2010-01-13 6:51 ` Garrett Cooper
2010-01-13 6:54 ` Garrett Cooper
2010-01-13 13:43 ` Stephen Smalley
0 siblings, 2 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-13 6:51 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
>> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
>> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
>> > Make logic):
>> >
>> > Index: refpolicy/Makefile
>> > ===================================================================
>> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> > retrieving revision 1.12
>> > diff -u -r1.12 Makefile
>> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
>> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
>> > @@ -17,7 +17,7 @@
>> > # with this program; if not, write to the Free Software Foundation, Inc.,
>> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>> > #
>> > -# Garrett Cooper, August 2009
>> > +# Garrett Cooper, January 2010
>> > #
>> >
>> > top_srcdir ?= ../../../../..
>> > @@ -32,6 +32,7 @@
>> >
>> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> >
>> > +# Avoid empty strings.
>> > ifeq ($(strip $(DISTRO_VER)),)
>> > DISTRO_VER := generic
>> > endif
>> > @@ -41,10 +42,17 @@
>> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>> >
>> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
>> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>> >
>> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >
>> > +# Do we have a special set of policies in the SCM to install?
>> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
>> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> > +else
>> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> > +endif
>> > +
>> > .PHONY: all clean cleanup install load
>> >
>> > CLEAN_DEPS := cleanup
>> > @@ -55,34 +63,24 @@
>> > -$(SEMODULE) -r test_policy
>> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>> >
>> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
>> > -MAKE_TARGETS :=
>> > -
>> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> > -
>> > -# load remains for backwards compatibility...
>> > -load:
>> > - $(MAKE) -C $(TEST_POLICY_DIR)
>> > -else
>> > -
>> > MAKE_TARGETS := test_policy.te
>> >
>> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> > -
>> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
>> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> > -
>> > ifneq ($(CHECKPOLICY_VERS),24)
>> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
>> > endif
>> >
>> > +# This is being done to preserve precedence; test_global.te must come first.
>> > +POLICY_FILES := test_global.te \
>> > + $(filter-out test_global.te,$(notdir $(wildcard
>> > $(TEST_POLICY_DIR)/*.te)))
>> > +
>> > load:
>> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
>> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
>> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
>> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
>> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
>> > else \
>> > - echo "ERROR: You must have selinux-policy-devel installed."; \
>> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> > false; \
>> > fi
>>
>> There's a stray endif on line 90 of refpolicy/Makefile that needs to
>> be deleted as well, FYI...
>
> Ok. test policy appears to build (on Fedora) when running make by hand
> from the refpolicy directory, but you still can't run the tests, either
> from /opt/ltp or from the source tree.
>
> # cd /opt/ltp/testscripts && ./test_selinux.sh
> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> /etc/selinux /opt/ltp
> /opt/ltp
> allow_domain_fd_use --> off
> allow_domain_fd_use exists setting
> building and installing test_policy module...
> ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
> make: *** No rule to make target `load'. Stop.
> Failed to build and load test_policy module, aborting test run.
> /etc/selinux /opt/ltp
> /opt/ltp
>
> # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> /etc/selinux /home/sds/ltp
> /home/sds/ltp
> allow_domain_fd_use --> off
> allow_domain_fd_use exists setting
> building and installing test_policy module...
> make[1]: Entering directory `/usr/share/selinux/devel'
> rm -fR tmp
> rm -f *.pp
> make[1]: Leaving directory `/usr/share/selinux/devel'
> make[1]: Entering directory `/usr/share/selinux/devel'
> Compiling targeted test_policy module
> /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
> /usr/bin/checkmodule: policy configuration loaded
> /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
> Creating targeted test_policy.pp policy package
> rm tmp/test_policy.mod tmp/test_policy.mod.fc
> make[1]: Leaving directory `/usr/share/selinux/devel'
> Successfully built and loaded test_policy module.
> /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> Running the SELinux testsuite...
> ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
> /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
> ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
> /usr/bin/chcon: missing operand
> Try `/usr/bin/chcon --help' for more information.
> Removing test_policy module...
> /usr/sbin/semodule -r test_policy
> rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
> allow_domain_fd_use --> off
> allow_domain_fd_use exists setting
> Done.
>
> Both test_selinux.sh and tests/runtest.sh need to be updated.
>
> --
> Stephen Smalley
> National Security Agency
Ok, next patch then... Let me know how this goes (I took a quick
look and I didn't see anything suspicious in the test scripts
themselves..).
Thanks,
-Garrett
Index: tests/runtest.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/runtest.sh,v
retrieving revision 1.2
diff -u -r1.2 runtest.sh
--- tests/runtest.sh 6 Apr 2008 10:27:36 -0000 1.2
+++ tests/runtest.sh 13 Jan 2010 06:49:48 -0000
@@ -12,7 +12,7 @@
global_setup()
{
# Must be root to run the selinux testsuite
- if [ $UID != 0 ]
+ if [ $(id -ru) -ne 0 ]
then
echo "FAILED: Must be root to execute this script"
exit 1
@@ -38,14 +38,14 @@
exit
fi
- # Save and later restore /tmp's type.
+ # Save and later restore $TMP's type.
# We need to change it's type to work within test domain
- SAVETMPTYPE=`ls -Zd /tmp | awk '{ print $4 }' | awk -F: '{ print $3 }'`
- chcon -t test_file_t /tmp
+ SAVETMPTYPE=`ls -Zd $TMP | awk '{ print $4 }' | awk -F: '{ print $3 }'`
+ chcon -t test_file_t $TMP
- mkdir /tmp/selinux > /dev/null 2>&1
- chcon -t test_file_t /tmp/selinux
- export SELINUXTMPDIR=/tmp/selinux
+ mkdir $TMP/selinux > /dev/null 2>&1
+ chcon -t test_file_t $TMP/selinux
+ export SELINUXTMPDIR=$TMP/selinux
# It seems LTP wants executables to reside in the
# $LTPROOT/testcases/bin directory. However, this directory
@@ -61,9 +61,9 @@
global_cleanup()
{
- # Restore original type of /tmp
- chcon -t $SAVETMPTYPE /tmp
- rm -rf /tmp/selinux
+ # Restore original type of $TMP
+ chcon -t $SAVETMPTYPE $TMP
+ rm -rf $TMP/selinux
# Restore original type of .../testcases/bin directory
chcon -t $SAVEBINTYPE $LTPBIN
@@ -71,6 +71,7 @@
exit 0
}
+export TMP=${TMP:-/tmp}
global_setup
-./$1/selinux_$1.sh
+selinux_$1.sh
global_cleanup
Index: ../../../../testscripts/test_selinux.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
retrieving revision 1.14
diff -u -r1.14 test_selinux.sh
--- ../../../../testscripts/test_selinux.sh 12 Jan 2010 08:35:59 -0000 1.14
+++ ../../../../testscripts/test_selinux.sh 13 Jan 2010 06:49:48 -0000
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
# Copyright (c) International Business Machines Corp., 2005
#
@@ -23,32 +23,33 @@
}
config_allow_domain_fd_use () {
- setval=$1
- /usr/sbin/getsebool allow_domain_fd_use
- getseRC=$?
- if [ "$getseRC" -eq "0" ]; then
- echo "allow_domain_fd_use exists setting"
- /usr/sbin/setsebool allow_domain_fd_use=$setval
- fi
+ setval=$1
+ if /usr/sbin/getsebool allow_domain_fd_use; then
+ echo "allow_domain_fd_use exists setting"
+ /usr/sbin/setsebool allow_domain_fd_use=$setval
+ fi
}
# Must be root to run the selinux testsuite
-if [ $UID != 0 ]
+if [ $(id -ru) -ne 0 ]
then
echo "FAILED: Must be root to execute this script"
exit 1
fi
# set the LTPROOT directory
-cd `dirname $0`
-LTPROOT=${PWD}
-TMP=${TMP:-/tmp}
-echo $LTPROOT | grep testscripts > /dev/null 2>&1
-if [ $? -eq 0 ]
+LTPROOT=${LTPROOT:=${0%/*}}
+cd "$LTPROOT"
+export TMP=${TMP:-/tmp}
+# If we're in the testscripts directory, go down a dir..
+LTPROOT_TMP=${LTPROOT%/testscripts}
+if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
then
cd ..
- LTPROOT=${PWD}
+ LTPROOT=$LTPROOT_TMP
fi
+export LTPROOT
+unset LTPROOT_TMP
# set the PATH to include testcase/bin
@@ -57,11 +58,8 @@
# We will store the logfiles in $LTPROOT/results, so make sure
# it exists.
-if [ ! -d $LTPROOT/results ]
-then
- /bin/mkdir $LTPROOT/results
-fi
-
+test -d $LTPROOT/results || /bin/mkdir $LTPROOT/results
+
# Check the role and mode testsuite is being executed under.
SELINUX_CONTEXT=`/usr/bin/id | sed 's/.* //'`
@@ -78,10 +76,12 @@
SEMODULE="/usr/sbin/semodule"
-if [ -f $SEMODULE ]; then
- POLICYDIR="$LTPROOT/testcases/selinux-testsuite/refpolicy"
+POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite"
+
+if [ -x $SEMODULE ]; then
+ POLICYDIR="$POLICYDIR/refpolicy"
else
- POLICYDIR="$LTPROOT/testcases/selinux-testsuite/policy"
+ POLICYDIR="$POLICYDIR/policy"
fi
config_set_expandcheck
@@ -137,4 +137,3 @@
cd $LTPROOT
echo "Done."
-exit 0
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 6:51 ` Garrett Cooper
@ 2010-01-13 6:54 ` Garrett Cooper
2010-01-13 13:43 ` Stephen Smalley
1 sibling, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-13 6:54 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Tue, Jan 12, 2010 at 10:51 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
>>> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
>>> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
>>> > Make logic):
>>> >
>>> > Index: refpolicy/Makefile
>>> > ===================================================================
>>> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>>> > retrieving revision 1.12
>>> > diff -u -r1.12 Makefile
>>> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
>>> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
>>> > @@ -17,7 +17,7 @@
>>> > # with this program; if not, write to the Free Software Foundation, Inc.,
>>> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>>> > #
>>> > -# Garrett Cooper, August 2009
>>> > +# Garrett Cooper, January 2010
>>> > #
>>> >
>>> > top_srcdir ?= ../../../../..
>>> > @@ -32,6 +32,7 @@
>>> >
>>> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>>> >
>>> > +# Avoid empty strings.
>>> > ifeq ($(strip $(DISTRO_VER)),)
>>> > DISTRO_VER := generic
>>> > endif
>>> > @@ -41,10 +42,17 @@
>>> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>>> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>>> >
>>> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
>>> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>>> >
>>> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>>> >
>>> > +# Do we have a special set of policies in the SCM to install?
>>> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
>>> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>>> > +else
>>> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>>> > +endif
>>> > +
>>> > .PHONY: all clean cleanup install load
>>> >
>>> > CLEAN_DEPS := cleanup
>>> > @@ -55,34 +63,24 @@
>>> > -$(SEMODULE) -r test_policy
>>> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>>> >
>>> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
>>> > -MAKE_TARGETS :=
>>> > -
>>> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>>> > -
>>> > -# load remains for backwards compatibility...
>>> > -load:
>>> > - $(MAKE) -C $(TEST_POLICY_DIR)
>>> > -else
>>> > -
>>> > MAKE_TARGETS := test_policy.te
>>> >
>>> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>>> > -
>>> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
>>> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
>>> > -
>>> > ifneq ($(CHECKPOLICY_VERS),24)
>>> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
>>> > endif
>>> >
>>> > +# This is being done to preserve precedence; test_global.te must come first.
>>> > +POLICY_FILES := test_global.te \
>>> > + $(filter-out test_global.te,$(notdir $(wildcard
>>> > $(TEST_POLICY_DIR)/*.te)))
>>> > +
>>> > load:
>>> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>>> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
>>> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>>> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
>>> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
>>> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
>>> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
>>> > else \
>>> > - echo "ERROR: You must have selinux-policy-devel installed."; \
>>> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>>> > false; \
>>> > fi
>>>
>>> There's a stray endif on line 90 of refpolicy/Makefile that needs to
>>> be deleted as well, FYI...
>>
>> Ok. test policy appears to build (on Fedora) when running make by hand
>> from the refpolicy directory, but you still can't run the tests, either
>> from /opt/ltp or from the source tree.
>>
>> # cd /opt/ltp/testscripts && ./test_selinux.sh
>> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> /etc/selinux /opt/ltp
>> /opt/ltp
>> allow_domain_fd_use --> off
>> allow_domain_fd_use exists setting
>> building and installing test_policy module...
>> ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
>> make: *** No rule to make target `load'. Stop.
>> Failed to build and load test_policy module, aborting test run.
>> /etc/selinux /opt/ltp
>> /opt/ltp
>>
>> # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
>> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> /etc/selinux /home/sds/ltp
>> /home/sds/ltp
>> allow_domain_fd_use --> off
>> allow_domain_fd_use exists setting
>> building and installing test_policy module...
>> make[1]: Entering directory `/usr/share/selinux/devel'
>> rm -fR tmp
>> rm -f *.pp
>> make[1]: Leaving directory `/usr/share/selinux/devel'
>> make[1]: Entering directory `/usr/share/selinux/devel'
>> Compiling targeted test_policy module
>> /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
>> /usr/bin/checkmodule: policy configuration loaded
>> /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
>> Creating targeted test_policy.pp policy package
>> rm tmp/test_policy.mod tmp/test_policy.mod.fc
>> make[1]: Leaving directory `/usr/share/selinux/devel'
>> Successfully built and loaded test_policy module.
>> /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> Running the SELinux testsuite...
>> ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
>> /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
>> ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
>> /usr/bin/chcon: missing operand
>> Try `/usr/bin/chcon --help' for more information.
>> Removing test_policy module...
>> /usr/sbin/semodule -r test_policy
>> rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
>> allow_domain_fd_use --> off
>> allow_domain_fd_use exists setting
>> Done.
>>
>> Both test_selinux.sh and tests/runtest.sh need to be updated.
>>
>> --
>> Stephen Smalley
>> National Security Agency
>
> Ok, next patch then... Let me know how this goes (I took a quick
> look and I didn't see anything suspicious in the test scripts
> themselves..).
> Thanks,
> -Garrett
>
> Index: tests/runtest.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/runtest.sh,v
> retrieving revision 1.2
> diff -u -r1.2 runtest.sh
> --- tests/runtest.sh 6 Apr 2008 10:27:36 -0000 1.2
> +++ tests/runtest.sh 13 Jan 2010 06:49:48 -0000
> @@ -12,7 +12,7 @@
> global_setup()
> {
> # Must be root to run the selinux testsuite
> - if [ $UID != 0 ]
> + if [ $(id -ru) -ne 0 ]
> then
> echo "FAILED: Must be root to execute this script"
> exit 1
> @@ -38,14 +38,14 @@
> exit
> fi
>
> - # Save and later restore /tmp's type.
> + # Save and later restore $TMP's type.
> # We need to change it's type to work within test domain
> - SAVETMPTYPE=`ls -Zd /tmp | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> - chcon -t test_file_t /tmp
> + SAVETMPTYPE=`ls -Zd $TMP | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> + chcon -t test_file_t $TMP
>
> - mkdir /tmp/selinux > /dev/null 2>&1
> - chcon -t test_file_t /tmp/selinux
> - export SELINUXTMPDIR=/tmp/selinux
> + mkdir $TMP/selinux > /dev/null 2>&1
> + chcon -t test_file_t $TMP/selinux
> + export SELINUXTMPDIR=$TMP/selinux
>
> # It seems LTP wants executables to reside in the
> # $LTPROOT/testcases/bin directory. However, this directory
> @@ -61,9 +61,9 @@
> global_cleanup()
> {
>
> - # Restore original type of /tmp
> - chcon -t $SAVETMPTYPE /tmp
> - rm -rf /tmp/selinux
> + # Restore original type of $TMP
> + chcon -t $SAVETMPTYPE $TMP
> + rm -rf $TMP/selinux
>
> # Restore original type of .../testcases/bin directory
> chcon -t $SAVEBINTYPE $LTPBIN
> @@ -71,6 +71,7 @@
> exit 0
> }
>
> +export TMP=${TMP:-/tmp}
> global_setup
> -./$1/selinux_$1.sh
> +selinux_$1.sh
> global_cleanup
> Index: ../../../../testscripts/test_selinux.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> retrieving revision 1.14
> diff -u -r1.14 test_selinux.sh
> --- ../../../../testscripts/test_selinux.sh 12 Jan 2010 08:35:59 -0000 1.14
> +++ ../../../../testscripts/test_selinux.sh 13 Jan 2010 06:49:48 -0000
> @@ -1,4 +1,4 @@
> -#!/bin/bash
> +#!/bin/sh
> #
> # Copyright (c) International Business Machines Corp., 2005
> #
> @@ -23,32 +23,33 @@
> }
>
> config_allow_domain_fd_use () {
> - setval=$1
> - /usr/sbin/getsebool allow_domain_fd_use
> - getseRC=$?
> - if [ "$getseRC" -eq "0" ]; then
> - echo "allow_domain_fd_use exists setting"
> - /usr/sbin/setsebool allow_domain_fd_use=$setval
> - fi
> + setval=$1
> + if /usr/sbin/getsebool allow_domain_fd_use; then
> + echo "allow_domain_fd_use exists setting"
> + /usr/sbin/setsebool allow_domain_fd_use=$setval
> + fi
> }
>
> # Must be root to run the selinux testsuite
> -if [ $UID != 0 ]
> +if [ $(id -ru) -ne 0 ]
> then
> echo "FAILED: Must be root to execute this script"
> exit 1
> fi
>
> # set the LTPROOT directory
> -cd `dirname $0`
> -LTPROOT=${PWD}
> -TMP=${TMP:-/tmp}
> -echo $LTPROOT | grep testscripts > /dev/null 2>&1
> -if [ $? -eq 0 ]
> +LTPROOT=${LTPROOT:=${0%/*}}
> +cd "$LTPROOT"
> +export TMP=${TMP:-/tmp}
> +# If we're in the testscripts directory, go down a dir..
> +LTPROOT_TMP=${LTPROOT%/testscripts}
> +if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
> then
> cd ..
> - LTPROOT=${PWD}
> + LTPROOT=$LTPROOT_TMP
> fi
> +export LTPROOT
> +unset LTPROOT_TMP
>
> # set the PATH to include testcase/bin
>
> @@ -57,11 +58,8 @@
>
> # We will store the logfiles in $LTPROOT/results, so make sure
> # it exists.
> -if [ ! -d $LTPROOT/results ]
> -then
> - /bin/mkdir $LTPROOT/results
> -fi
> -
> +test -d $LTPROOT/results || /bin/mkdir $LTPROOT/results
> +
> # Check the role and mode testsuite is being executed under.
>
> SELINUX_CONTEXT=`/usr/bin/id | sed 's/.* //'`
> @@ -78,10 +76,12 @@
>
> SEMODULE="/usr/sbin/semodule"
>
> -if [ -f $SEMODULE ]; then
> - POLICYDIR="$LTPROOT/testcases/selinux-testsuite/refpolicy"
> +POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite"
> +
> +if [ -x $SEMODULE ]; then
> + POLICYDIR="$POLICYDIR/refpolicy"
> else
> - POLICYDIR="$LTPROOT/testcases/selinux-testsuite/policy"
> + POLICYDIR="$POLICYDIR/policy"
> fi
>
> config_set_expandcheck
> @@ -137,4 +137,3 @@
>
> cd $LTPROOT
> echo "Done."
> -exit 0
One other thing before I go off for a while ... I think it's a bad
idea to be invoking make as part of the test itself. Do you oppose the
idea of moving load and cleanup into proper bourne shell scripts, and
then have them run as setup and teardown for the tests? That way: a)
folks can build and install everything into an LTP install tree
without being root, b) folks that have selinux support, but not make
tools can actually run the tests.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 6:51 ` Garrett Cooper
2010-01-13 6:54 ` Garrett Cooper
@ 2010-01-13 13:43 ` Stephen Smalley
2010-01-13 18:52 ` Garrett Cooper
1 sibling, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-13 13:43 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
> >> > Make logic):
> >> >
> >> > Index: refpolicy/Makefile
> >> > ===================================================================
> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> >> > retrieving revision 1.12
> >> > diff -u -r1.12 Makefile
> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
> >> > @@ -17,7 +17,7 @@
> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> >> > #
> >> > -# Garrett Cooper, August 2009
> >> > +# Garrett Cooper, January 2010
> >> > #
> >> >
> >> > top_srcdir ?= ../../../../..
> >> > @@ -32,6 +32,7 @@
> >> >
> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> >> >
> >> > +# Avoid empty strings.
> >> > ifeq ($(strip $(DISTRO_VER)),)
> >> > DISTRO_VER := generic
> >> > endif
> >> > @@ -41,10 +42,17 @@
> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
> >> >
> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
> >> >
> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> >> >
> >> > +# Do we have a special set of policies in the SCM to install?
> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> >> > +else
> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> >> > +endif
> >> > +
> >> > .PHONY: all clean cleanup install load
> >> >
> >> > CLEAN_DEPS := cleanup
> >> > @@ -55,34 +63,24 @@
> >> > -$(SEMODULE) -r test_policy
> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
> >> >
> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
> >> > -MAKE_TARGETS :=
> >> > -
> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> >> > -
> >> > -# load remains for backwards compatibility...
> >> > -load:
> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
> >> > -else
> >> > -
> >> > MAKE_TARGETS := test_policy.te
> >> >
> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> >> > -
> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
> >> > -
> >> > ifneq ($(CHECKPOLICY_VERS),24)
> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
> >> > endif
> >> >
> >> > +# This is being done to preserve precedence; test_global.te must come first.
> >> > +POLICY_FILES := test_global.te \
> >> > + $(filter-out test_global.te,$(notdir $(wildcard
> >> > $(TEST_POLICY_DIR)/*.te)))
> >> > +
> >> > load:
> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
> >> > else \
> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> >> > false; \
> >> > fi
> >>
> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
> >> be deleted as well, FYI...
> >
> > Ok. test policy appears to build (on Fedora) when running make by hand
> > from the refpolicy directory, but you still can't run the tests, either
> > from /opt/ltp or from the source tree.
> >
> > # cd /opt/ltp/testscripts && ./test_selinux.sh
> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > /etc/selinux /opt/ltp
> > /opt/ltp
> > allow_domain_fd_use --> off
> > allow_domain_fd_use exists setting
> > building and installing test_policy module...
> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
> > make: *** No rule to make target `load'. Stop.
> > Failed to build and load test_policy module, aborting test run.
> > /etc/selinux /opt/ltp
> > /opt/ltp
> >
> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > /etc/selinux /home/sds/ltp
> > /home/sds/ltp
> > allow_domain_fd_use --> off
> > allow_domain_fd_use exists setting
> > building and installing test_policy module...
> > make[1]: Entering directory `/usr/share/selinux/devel'
> > rm -fR tmp
> > rm -f *.pp
> > make[1]: Leaving directory `/usr/share/selinux/devel'
> > make[1]: Entering directory `/usr/share/selinux/devel'
> > Compiling targeted test_policy module
> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
> > /usr/bin/checkmodule: policy configuration loaded
> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
> > Creating targeted test_policy.pp policy package
> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
> > make[1]: Leaving directory `/usr/share/selinux/devel'
> > Successfully built and loaded test_policy module.
> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> > Running the SELinux testsuite...
> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
> > /usr/bin/chcon: missing operand
> > Try `/usr/bin/chcon --help' for more information.
> > Removing test_policy module...
> > /usr/sbin/semodule -r test_policy
> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
> > allow_domain_fd_use --> off
> > allow_domain_fd_use exists setting
> > Done.
> >
> > Both test_selinux.sh and tests/runtest.sh need to be updated.
> >
> > --
> > Stephen Smalley
> > National Security Agency
>
> Ok, next patch then... Let me know how this goes (I took a quick
> look and I didn't see anything suspicious in the test scripts
> themselves..).
> Thanks,
> -Garrett
patching file ../../../../testscripts/test_selinux.sh
Hunk #2 FAILED at 23.
Hunk #3 FAILED at 57.
2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
I think it would work better if you just committed all of the patches
thus far and I can just re-test cvs head.
If you do post any further patches, please make them relative to the top
of the tree.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 13:43 ` Stephen Smalley
@ 2010-01-13 18:52 ` Garrett Cooper
2010-01-13 19:18 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-13 18:52 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
>> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
>> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
>> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
>> >> > Make logic):
>> >> >
>> >> > Index: refpolicy/Makefile
>> >> > ===================================================================
>> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> >> > retrieving revision 1.12
>> >> > diff -u -r1.12 Makefile
>> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
>> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
>> >> > @@ -17,7 +17,7 @@
>> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
>> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>> >> > #
>> >> > -# Garrett Cooper, August 2009
>> >> > +# Garrett Cooper, January 2010
>> >> > #
>> >> >
>> >> > top_srcdir ?= ../../../../..
>> >> > @@ -32,6 +32,7 @@
>> >> >
>> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> >> >
>> >> > +# Avoid empty strings.
>> >> > ifeq ($(strip $(DISTRO_VER)),)
>> >> > DISTRO_VER := generic
>> >> > endif
>> >> > @@ -41,10 +42,17 @@
>> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>> >> >
>> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
>> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>> >> >
>> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >> >
>> >> > +# Do we have a special set of policies in the SCM to install?
>> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
>> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> > +else
>> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> > +endif
>> >> > +
>> >> > .PHONY: all clean cleanup install load
>> >> >
>> >> > CLEAN_DEPS := cleanup
>> >> > @@ -55,34 +63,24 @@
>> >> > -$(SEMODULE) -r test_policy
>> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>> >> >
>> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
>> >> > -MAKE_TARGETS :=
>> >> > -
>> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> > -
>> >> > -# load remains for backwards compatibility...
>> >> > -load:
>> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
>> >> > -else
>> >> > -
>> >> > MAKE_TARGETS := test_policy.te
>> >> >
>> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> > -
>> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
>> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> >> > -
>> >> > ifneq ($(CHECKPOLICY_VERS),24)
>> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
>> >> > endif
>> >> >
>> >> > +# This is being done to preserve precedence; test_global.te must come first.
>> >> > +POLICY_FILES := test_global.te \
>> >> > + $(filter-out test_global.te,$(notdir $(wildcard
>> >> > $(TEST_POLICY_DIR)/*.te)))
>> >> > +
>> >> > load:
>> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
>> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
>> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
>> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
>> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
>> >> > else \
>> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
>> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> >> > false; \
>> >> > fi
>> >>
>> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
>> >> be deleted as well, FYI...
>> >
>> > Ok. test policy appears to build (on Fedora) when running make by hand
>> > from the refpolicy directory, but you still can't run the tests, either
>> > from /opt/ltp or from the source tree.
>> >
>> > # cd /opt/ltp/testscripts && ./test_selinux.sh
>> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> > /etc/selinux /opt/ltp
>> > /opt/ltp
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > building and installing test_policy module...
>> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
>> > make: *** No rule to make target `load'. Stop.
>> > Failed to build and load test_policy module, aborting test run.
>> > /etc/selinux /opt/ltp
>> > /opt/ltp
>> >
>> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
>> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> > /etc/selinux /home/sds/ltp
>> > /home/sds/ltp
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > building and installing test_policy module...
>> > make[1]: Entering directory `/usr/share/selinux/devel'
>> > rm -fR tmp
>> > rm -f *.pp
>> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> > make[1]: Entering directory `/usr/share/selinux/devel'
>> > Compiling targeted test_policy module
>> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
>> > /usr/bin/checkmodule: policy configuration loaded
>> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
>> > Creating targeted test_policy.pp policy package
>> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
>> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> > Successfully built and loaded test_policy module.
>> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> > Running the SELinux testsuite...
>> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
>> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
>> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
>> > /usr/bin/chcon: missing operand
>> > Try `/usr/bin/chcon --help' for more information.
>> > Removing test_policy module...
>> > /usr/sbin/semodule -r test_policy
>> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > Done.
>> >
>> > Both test_selinux.sh and tests/runtest.sh need to be updated.
>> >
>> > --
>> > Stephen Smalley
>> > National Security Agency
>>
>> Ok, next patch then... Let me know how this goes (I took a quick
>> look and I didn't see anything suspicious in the test scripts
>> themselves..).
>> Thanks,
>> -Garrett
>
> patching file ../../../../testscripts/test_selinux.sh
> Hunk #2 FAILED at 23.
> Hunk #3 FAILED at 57.
> 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
>
> I think it would work better if you just committed all of the patches
> thus far and I can just re-test cvs head.
>
> If you do post any further patches, please make them relative to the top
> of the tree.
Ugh, I hate CVS diffs too (so I understand)... I was trying to
avoid committing intermediate work, but as long as this gets fixed
before the next snapshot, I guess that's fine. Committed the next step
to CVS.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 18:52 ` Garrett Cooper
@ 2010-01-13 19:18 ` Stephen Smalley
2010-01-13 19:37 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-13 19:18 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote:
> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
> >> >> > Make logic):
> >> >> >
> >> >> > Index: refpolicy/Makefile
> >> >> > ===================================================================
> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> >> >> > retrieving revision 1.12
> >> >> > diff -u -r1.12 Makefile
> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
> >> >> > @@ -17,7 +17,7 @@
> >> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> >> >> > #
> >> >> > -# Garrett Cooper, August 2009
> >> >> > +# Garrett Cooper, January 2010
> >> >> > #
> >> >> >
> >> >> > top_srcdir ?= ../../../../..
> >> >> > @@ -32,6 +32,7 @@
> >> >> >
> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> >> >> >
> >> >> > +# Avoid empty strings.
> >> >> > ifeq ($(strip $(DISTRO_VER)),)
> >> >> > DISTRO_VER := generic
> >> >> > endif
> >> >> > @@ -41,10 +42,17 @@
> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
> >> >> >
> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
> >> >> >
> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> >> >> >
> >> >> > +# Do we have a special set of policies in the SCM to install?
> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> >> >> > +else
> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> >> >> > +endif
> >> >> > +
> >> >> > .PHONY: all clean cleanup install load
> >> >> >
> >> >> > CLEAN_DEPS := cleanup
> >> >> > @@ -55,34 +63,24 @@
> >> >> > -$(SEMODULE) -r test_policy
> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
> >> >> >
> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
> >> >> > -MAKE_TARGETS :=
> >> >> > -
> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> >> >> > -
> >> >> > -# load remains for backwards compatibility...
> >> >> > -load:
> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
> >> >> > -else
> >> >> > -
> >> >> > MAKE_TARGETS := test_policy.te
> >> >> >
> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> >> >> > -
> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
> >> >> > -
> >> >> > ifneq ($(CHECKPOLICY_VERS),24)
> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
> >> >> > endif
> >> >> >
> >> >> > +# This is being done to preserve precedence; test_global.te must come first.
> >> >> > +POLICY_FILES := test_global.te \
> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard
> >> >> > $(TEST_POLICY_DIR)/*.te)))
> >> >> > +
> >> >> > load:
> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
> >> >> > else \
> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> >> >> > false; \
> >> >> > fi
> >> >>
> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
> >> >> be deleted as well, FYI...
> >> >
> >> > Ok. test policy appears to build (on Fedora) when running make by hand
> >> > from the refpolicy directory, but you still can't run the tests, either
> >> > from /opt/ltp or from the source tree.
> >> >
> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh
> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >> > /etc/selinux /opt/ltp
> >> > /opt/ltp
> >> > allow_domain_fd_use --> off
> >> > allow_domain_fd_use exists setting
> >> > building and installing test_policy module...
> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
> >> > make: *** No rule to make target `load'. Stop.
> >> > Failed to build and load test_policy module, aborting test run.
> >> > /etc/selinux /opt/ltp
> >> > /opt/ltp
> >> >
> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >> > /etc/selinux /home/sds/ltp
> >> > /home/sds/ltp
> >> > allow_domain_fd_use --> off
> >> > allow_domain_fd_use exists setting
> >> > building and installing test_policy module...
> >> > make[1]: Entering directory `/usr/share/selinux/devel'
> >> > rm -fR tmp
> >> > rm -f *.pp
> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
> >> > make[1]: Entering directory `/usr/share/selinux/devel'
> >> > Compiling targeted test_policy module
> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
> >> > /usr/bin/checkmodule: policy configuration loaded
> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
> >> > Creating targeted test_policy.pp policy package
> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
> >> > Successfully built and loaded test_policy module.
> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >> > Running the SELinux testsuite...
> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
> >> > /usr/bin/chcon: missing operand
> >> > Try `/usr/bin/chcon --help' for more information.
> >> > Removing test_policy module...
> >> > /usr/sbin/semodule -r test_policy
> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
> >> > allow_domain_fd_use --> off
> >> > allow_domain_fd_use exists setting
> >> > Done.
> >> >
> >> > Both test_selinux.sh and tests/runtest.sh need to be updated.
> >> >
> >> > --
> >> > Stephen Smalley
> >> > National Security Agency
> >>
> >> Ok, next patch then... Let me know how this goes (I took a quick
> >> look and I didn't see anything suspicious in the test scripts
> >> themselves..).
> >> Thanks,
> >> -Garrett
> >
> > patching file ../../../../testscripts/test_selinux.sh
> > Hunk #2 FAILED at 23.
> > Hunk #3 FAILED at 57.
> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
> >
> > I think it would work better if you just committed all of the patches
> > thus far and I can just re-test cvs head.
> >
> > If you do post any further patches, please make them relative to the top
> > of the tree.
>
> Ugh, I hate CVS diffs too (so I understand)... I was trying to
> avoid committing intermediate work, but as long as this gets fixed
> before the next snapshot, I guess that's fine. Committed the next step
> to CVS.
# cd /opt/ltp
# ./testscripts/test_selinux.sh
Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
/etc/selinux /opt/ltp
/opt/ltp
allow_domain_fd_use --> off
allow_domain_fd_use exists setting
building and installing test_policy module...
make: *** No rule to make target `load'. Stop.
Failed to build and load test_policy module, aborting test run.
/etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
/opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
There is no Makefile
under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy,
only in the source tree.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 19:18 ` Stephen Smalley
@ 2010-01-13 19:37 ` Garrett Cooper
2010-01-13 19:49 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-13 19:37 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote:
>> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
>> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
>> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
>> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
>> >> >> > Make logic):
>> >> >> >
>> >> >> > Index: refpolicy/Makefile
>> >> >> > ===================================================================
>> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> >> >> > retrieving revision 1.12
>> >> >> > diff -u -r1.12 Makefile
>> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
>> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
>> >> >> > @@ -17,7 +17,7 @@
>> >> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
>> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>> >> >> > #
>> >> >> > -# Garrett Cooper, August 2009
>> >> >> > +# Garrett Cooper, January 2010
>> >> >> > #
>> >> >> >
>> >> >> > top_srcdir ?= ../../../../..
>> >> >> > @@ -32,6 +32,7 @@
>> >> >> >
>> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> >> >> >
>> >> >> > +# Avoid empty strings.
>> >> >> > ifeq ($(strip $(DISTRO_VER)),)
>> >> >> > DISTRO_VER := generic
>> >> >> > endif
>> >> >> > @@ -41,10 +42,17 @@
>> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>> >> >> >
>> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
>> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>> >> >> >
>> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >> >> >
>> >> >> > +# Do we have a special set of policies in the SCM to install?
>> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
>> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> >> > +else
>> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> >> > +endif
>> >> >> > +
>> >> >> > .PHONY: all clean cleanup install load
>> >> >> >
>> >> >> > CLEAN_DEPS := cleanup
>> >> >> > @@ -55,34 +63,24 @@
>> >> >> > -$(SEMODULE) -r test_policy
>> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>> >> >> >
>> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
>> >> >> > -MAKE_TARGETS :=
>> >> >> > -
>> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> >> > -
>> >> >> > -# load remains for backwards compatibility...
>> >> >> > -load:
>> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
>> >> >> > -else
>> >> >> > -
>> >> >> > MAKE_TARGETS := test_policy.te
>> >> >> >
>> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> >> > -
>> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
>> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> >> >> > -
>> >> >> > ifneq ($(CHECKPOLICY_VERS),24)
>> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
>> >> >> > endif
>> >> >> >
>> >> >> > +# This is being done to preserve precedence; test_global.te must come first.
>> >> >> > +POLICY_FILES := test_global.te \
>> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard
>> >> >> > $(TEST_POLICY_DIR)/*.te)))
>> >> >> > +
>> >> >> > load:
>> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
>> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
>> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
>> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
>> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
>> >> >> > else \
>> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
>> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> >> >> > false; \
>> >> >> > fi
>> >> >>
>> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
>> >> >> be deleted as well, FYI...
>> >> >
>> >> > Ok. test policy appears to build (on Fedora) when running make by hand
>> >> > from the refpolicy directory, but you still can't run the tests, either
>> >> > from /opt/ltp or from the source tree.
>> >> >
>> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh
>> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> >> > /etc/selinux /opt/ltp
>> >> > /opt/ltp
>> >> > allow_domain_fd_use --> off
>> >> > allow_domain_fd_use exists setting
>> >> > building and installing test_policy module...
>> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
>> >> > make: *** No rule to make target `load'. Stop.
>> >> > Failed to build and load test_policy module, aborting test run.
>> >> > /etc/selinux /opt/ltp
>> >> > /opt/ltp
>> >> >
>> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
>> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> >> > /etc/selinux /home/sds/ltp
>> >> > /home/sds/ltp
>> >> > allow_domain_fd_use --> off
>> >> > allow_domain_fd_use exists setting
>> >> > building and installing test_policy module...
>> >> > make[1]: Entering directory `/usr/share/selinux/devel'
>> >> > rm -fR tmp
>> >> > rm -f *.pp
>> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> >> > make[1]: Entering directory `/usr/share/selinux/devel'
>> >> > Compiling targeted test_policy module
>> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
>> >> > /usr/bin/checkmodule: policy configuration loaded
>> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
>> >> > Creating targeted test_policy.pp policy package
>> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
>> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> >> > Successfully built and loaded test_policy module.
>> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> >> > Running the SELinux testsuite...
>> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
>> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
>> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
>> >> > /usr/bin/chcon: missing operand
>> >> > Try `/usr/bin/chcon --help' for more information.
>> >> > Removing test_policy module...
>> >> > /usr/sbin/semodule -r test_policy
>> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
>> >> > allow_domain_fd_use --> off
>> >> > allow_domain_fd_use exists setting
>> >> > Done.
>> >> >
>> >> > Both test_selinux.sh and tests/runtest.sh need to be updated.
>> >> >
>> >> > --
>> >> > Stephen Smalley
>> >> > National Security Agency
>> >>
>> >> Ok, next patch then... Let me know how this goes (I took a quick
>> >> look and I didn't see anything suspicious in the test scripts
>> >> themselves..).
>> >> Thanks,
>> >> -Garrett
>> >
>> > patching file ../../../../testscripts/test_selinux.sh
>> > Hunk #2 FAILED at 23.
>> > Hunk #3 FAILED at 57.
>> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
>> >
>> > I think it would work better if you just committed all of the patches
>> > thus far and I can just re-test cvs head.
>> >
>> > If you do post any further patches, please make them relative to the top
>> > of the tree.
>>
>> Ugh, I hate CVS diffs too (so I understand)... I was trying to
>> avoid committing intermediate work, but as long as this gets fixed
>> before the next snapshot, I guess that's fine. Committed the next step
>> to CVS.
>
> # cd /opt/ltp
> # ./testscripts/test_selinux.sh
> Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> /etc/selinux /opt/ltp
> /opt/ltp
> allow_domain_fd_use --> off
> allow_domain_fd_use exists setting
> building and installing test_policy module...
> make: *** No rule to make target `load'. Stop.
> Failed to build and load test_policy module, aborting test run.
> /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>
> There is no Makefile
> under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy,
> only in the source tree.
Yeah, you're right. I was trying to beat around this bush by not
copying these over, but it's better to have the test running and be
improperly designed than it is for regressions to leak by today, until
the day comes where these items are fixed.
1. So, Makefile is now copied over by default.
2. load is no longer done as part of all / install (test_selinux.sh
was performing that function).
So once the tests have been written to make and install independent of
selinux-devel, etc... we'll be in good shape and I will switch these
back to all / install dependent targets. I was trying to do it that
way to avoid requiring make on the target under test, but I need to
better understand the subject matter under test before we get to that
point.
Thanks,
-Garrett
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 19:37 ` Garrett Cooper
@ 2010-01-13 19:49 ` Stephen Smalley
2010-01-13 21:58 ` Garrett Cooper
2010-01-13 22:00 ` Serge E. Hallyn
0 siblings, 2 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-13 19:49 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote:
> On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote:
> >> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
> >> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
> >> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
> >> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
> >> >> >> > Make logic):
> >> >> >> >
> >> >> >> > Index: refpolicy/Makefile
> >> >> >> > ===================================================================
> >> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> >> >> >> > retrieving revision 1.12
> >> >> >> > diff -u -r1.12 Makefile
> >> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
> >> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
> >> >> >> > @@ -17,7 +17,7 @@
> >> >> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
> >> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> >> >> >> > #
> >> >> >> > -# Garrett Cooper, August 2009
> >> >> >> > +# Garrett Cooper, January 2010
> >> >> >> > #
> >> >> >> >
> >> >> >> > top_srcdir ?= ../../../../..
> >> >> >> > @@ -32,6 +32,7 @@
> >> >> >> >
> >> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
> >> >> >> >
> >> >> >> > +# Avoid empty strings.
> >> >> >> > ifeq ($(strip $(DISTRO_VER)),)
> >> >> >> > DISTRO_VER := generic
> >> >> >> > endif
> >> >> >> > @@ -41,10 +42,17 @@
> >> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> >> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
> >> >> >> >
> >> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
> >> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
> >> >> >> >
> >> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> >> >> >> >
> >> >> >> > +# Do we have a special set of policies in the SCM to install?
> >> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
> >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> >> >> >> > +else
> >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> >> >> >> > +endif
> >> >> >> > +
> >> >> >> > .PHONY: all clean cleanup install load
> >> >> >> >
> >> >> >> > CLEAN_DEPS := cleanup
> >> >> >> > @@ -55,34 +63,24 @@
> >> >> >> > -$(SEMODULE) -r test_policy
> >> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
> >> >> >> >
> >> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
> >> >> >> > -MAKE_TARGETS :=
> >> >> >> > -
> >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
> >> >> >> > -
> >> >> >> > -# load remains for backwards compatibility...
> >> >> >> > -load:
> >> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
> >> >> >> > -else
> >> >> >> > -
> >> >> >> > MAKE_TARGETS := test_policy.te
> >> >> >> >
> >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
> >> >> >> > -
> >> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
> >> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
> >> >> >> > -
> >> >> >> > ifneq ($(CHECKPOLICY_VERS),24)
> >> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
> >> >> >> > endif
> >> >> >> >
> >> >> >> > +# This is being done to preserve precedence; test_global.te must come first.
> >> >> >> > +POLICY_FILES := test_global.te \
> >> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard
> >> >> >> > $(TEST_POLICY_DIR)/*.te)))
> >> >> >> > +
> >> >> >> > load:
> >> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
> >> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
> >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
> >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
> >> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
> >> >> >> > else \
> >> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
> >> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> >> >> >> > false; \
> >> >> >> > fi
> >> >> >>
> >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
> >> >> >> be deleted as well, FYI...
> >> >> >
> >> >> > Ok. test policy appears to build (on Fedora) when running make by hand
> >> >> > from the refpolicy directory, but you still can't run the tests, either
> >> >> > from /opt/ltp or from the source tree.
> >> >> >
> >> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh
> >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >> >> > /etc/selinux /opt/ltp
> >> >> > /opt/ltp
> >> >> > allow_domain_fd_use --> off
> >> >> > allow_domain_fd_use exists setting
> >> >> > building and installing test_policy module...
> >> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
> >> >> > make: *** No rule to make target `load'. Stop.
> >> >> > Failed to build and load test_policy module, aborting test run.
> >> >> > /etc/selinux /opt/ltp
> >> >> > /opt/ltp
> >> >> >
> >> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
> >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >> >> > /etc/selinux /home/sds/ltp
> >> >> > /home/sds/ltp
> >> >> > allow_domain_fd_use --> off
> >> >> > allow_domain_fd_use exists setting
> >> >> > building and installing test_policy module...
> >> >> > make[1]: Entering directory `/usr/share/selinux/devel'
> >> >> > rm -fR tmp
> >> >> > rm -f *.pp
> >> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
> >> >> > make[1]: Entering directory `/usr/share/selinux/devel'
> >> >> > Compiling targeted test_policy module
> >> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
> >> >> > /usr/bin/checkmodule: policy configuration loaded
> >> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
> >> >> > Creating targeted test_policy.pp policy package
> >> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
> >> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
> >> >> > Successfully built and loaded test_policy module.
> >> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >> >> > Running the SELinux testsuite...
> >> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
> >> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
> >> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
> >> >> > /usr/bin/chcon: missing operand
> >> >> > Try `/usr/bin/chcon --help' for more information.
> >> >> > Removing test_policy module...
> >> >> > /usr/sbin/semodule -r test_policy
> >> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
> >> >> > allow_domain_fd_use --> off
> >> >> > allow_domain_fd_use exists setting
> >> >> > Done.
> >> >> >
> >> >> > Both test_selinux.sh and tests/runtest.sh need to be updated.
> >> >> >
> >> >> > --
> >> >> > Stephen Smalley
> >> >> > National Security Agency
> >> >>
> >> >> Ok, next patch then... Let me know how this goes (I took a quick
> >> >> look and I didn't see anything suspicious in the test scripts
> >> >> themselves..).
> >> >> Thanks,
> >> >> -Garrett
> >> >
> >> > patching file ../../../../testscripts/test_selinux.sh
> >> > Hunk #2 FAILED at 23.
> >> > Hunk #3 FAILED at 57.
> >> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
> >> >
> >> > I think it would work better if you just committed all of the patches
> >> > thus far and I can just re-test cvs head.
> >> >
> >> > If you do post any further patches, please make them relative to the top
> >> > of the tree.
> >>
> >> Ugh, I hate CVS diffs too (so I understand)... I was trying to
> >> avoid committing intermediate work, but as long as this gets fixed
> >> before the next snapshot, I guess that's fine. Committed the next step
> >> to CVS.
> >
> > # cd /opt/ltp
> > # ./testscripts/test_selinux.sh
> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > /etc/selinux /opt/ltp
> > /opt/ltp
> > allow_domain_fd_use --> off
> > allow_domain_fd_use exists setting
> > building and installing test_policy module...
> > make: *** No rule to make target `load'. Stop.
> > Failed to build and load test_policy module, aborting test run.
> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >
> > There is no Makefile
> > under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy,
> > only in the source tree.
>
> Yeah, you're right. I was trying to beat around this bush by not
> copying these over, but it's better to have the test running and be
> improperly designed than it is for regressions to leak by today, until
> the day comes where these items are fixed.
>
> 1. So, Makefile is now copied over by default.
> 2. load is no longer done as part of all / install (test_selinux.sh
> was performing that function).
>
> So once the tests have been written to make and install independent of
> selinux-devel, etc... we'll be in good shape and I will switch these
> back to all / install dependent targets. I was trying to do it that
> way to avoid requiring make on the target under test, but I need to
> better understand the subject matter under test before we get to that
> point.
Unfortunately, as the Makefile now includes other .mk files and those
are not copied over, it still doesn't work.
Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory
make: ../../../../../scripts/detect_distro.sh: Command not found
Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory
make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop.
Failed to build and load test_policy module, aborting test run.
/etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
/opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
I suppose you could perform the make load as part of all/install
(preferably install as we really shouldn't need to be root to run make
all - although that no longer seems to be the case for the main ltp
either), and drop it from test_selinux.sh. But then they will need to
know/remember to remove the test policy when finished testing.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 19:49 ` Stephen Smalley
@ 2010-01-13 21:58 ` Garrett Cooper
2010-01-13 22:00 ` Serge E. Hallyn
1 sibling, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-13 21:58 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Wed, Jan 13, 2010 at 11:49 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote:
>> On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> > On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote:
>> >> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> >> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote:
>> >> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> >> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote:
>> >> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd
>> >> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
>> >> >> >> > Make logic):
>> >> >> >> >
>> >> >> >> > Index: refpolicy/Makefile
>> >> >> >> > ===================================================================
>> >> >> >> > RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> >> >> >> > retrieving revision 1.12
>> >> >> >> > diff -u -r1.12 Makefile
>> >> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
>> >> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
>> >> >> >> > @@ -17,7 +17,7 @@
>> >> >> >> > # with this program; if not, write to the Free Software Foundation, Inc.,
>> >> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>> >> >> >> > #
>> >> >> >> > -# Garrett Cooper, August 2009
>> >> >> >> > +# Garrett Cooper, January 2010
>> >> >> >> > #
>> >> >> >> >
>> >> >> >> > top_srcdir ?= ../../../../..
>> >> >> >> > @@ -32,6 +32,7 @@
>> >> >> >> >
>> >> >> >> > DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS))
>> >> >> >> >
>> >> >> >> > +# Avoid empty strings.
>> >> >> >> > ifeq ($(strip $(DISTRO_VER)),)
>> >> >> >> > DISTRO_VER := generic
>> >> >> >> > endif
>> >> >> >> > @@ -41,10 +42,17 @@
>> >> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> >> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
>> >> >> >> >
>> >> >> >> > -INSTALL_DIR := testcases/kernel/security/selinux-testsuite
>> >> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy
>> >> >> >> >
>> >> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >> >> >> >
>> >> >> >> > +# Do we have a special set of policies in the SCM to install?
>> >> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
>> >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> >> >> > +else
>> >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> >> >> > +endif
>> >> >> >> > +
>> >> >> >> > .PHONY: all clean cleanup install load
>> >> >> >> >
>> >> >> >> > CLEAN_DEPS := cleanup
>> >> >> >> > @@ -55,34 +63,24 @@
>> >> >> >> > -$(SEMODULE) -r test_policy
>> >> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
>> >> >> >> >
>> >> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
>> >> >> >> > -MAKE_TARGETS :=
>> >> >> >> > -
>> >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
>> >> >> >> > -
>> >> >> >> > -# load remains for backwards compatibility...
>> >> >> >> > -load:
>> >> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR)
>> >> >> >> > -else
>> >> >> >> > -
>> >> >> >> > MAKE_TARGETS := test_policy.te
>> >> >> >> >
>> >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
>> >> >> >> > -
>> >> >> >> > -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
>> >> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> >> >> >> > -
>> >> >> >> > ifneq ($(CHECKPOLICY_VERS),24)
>> >> >> >> > POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
>> >> >> >> > endif
>> >> >> >> >
>> >> >> >> > +# This is being done to preserve precedence; test_global.te must come first.
>> >> >> >> > +POLICY_FILES := test_global.te \
>> >> >> >> > + $(filter-out test_global.te,$(notdir $(wildcard
>> >> >> >> > $(TEST_POLICY_DIR)/*.te)))
>> >> >> >> > +
>> >> >> >> > load:
>> >> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
>> >> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \
>> >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
>> >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
>> >> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
>> >> >> >> > else \
>> >> >> >> > - echo "ERROR: You must have selinux-policy-devel installed."; \
>> >> >> >> > + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> >> >> >> > false; \
>> >> >> >> > fi
>> >> >> >>
>> >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to
>> >> >> >> be deleted as well, FYI...
>> >> >> >
>> >> >> > Ok. test policy appears to build (on Fedora) when running make by hand
>> >> >> > from the refpolicy directory, but you still can't run the tests, either
>> >> >> > from /opt/ltp or from the source tree.
>> >> >> >
>> >> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh
>> >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> >> >> > /etc/selinux /opt/ltp
>> >> >> > /opt/ltp
>> >> >> > allow_domain_fd_use --> off
>> >> >> > allow_domain_fd_use exists setting
>> >> >> > building and installing test_policy module...
>> >> >> > ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory
>> >> >> > make: *** No rule to make target `load'. Stop.
>> >> >> > Failed to build and load test_policy module, aborting test run.
>> >> >> > /etc/selinux /opt/ltp
>> >> >> > /opt/ltp
>> >> >> >
>> >> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh
>> >> >> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> >> >> > /etc/selinux /home/sds/ltp
>> >> >> > /home/sds/ltp
>> >> >> > allow_domain_fd_use --> off
>> >> >> > allow_domain_fd_use exists setting
>> >> >> > building and installing test_policy module...
>> >> >> > make[1]: Entering directory `/usr/share/selinux/devel'
>> >> >> > rm -fR tmp
>> >> >> > rm -f *.pp
>> >> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> >> >> > make[1]: Entering directory `/usr/share/selinux/devel'
>> >> >> > Compiling targeted test_policy module
>> >> >> > /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp
>> >> >> > /usr/bin/checkmodule: policy configuration loaded
>> >> >> > /usr/bin/checkmodule: writing binary representation (version 10) to tmp/test_policy.mod
>> >> >> > Creating targeted test_policy.pp policy package
>> >> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc
>> >> >> > make[1]: Leaving directory `/usr/share/selinux/devel'
>> >> >> > Successfully built and loaded test_policy module.
>> >> >> > /etc/selinux /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> >> >> > Running the SELinux testsuite...
>> >> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory
>> >> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such file or directory
>> >> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or directory
>> >> >> > /usr/bin/chcon: missing operand
>> >> >> > Try `/usr/bin/chcon --help' for more information.
>> >> >> > Removing test_policy module...
>> >> >> > /usr/sbin/semodule -r test_policy
>> >> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te
>> >> >> > allow_domain_fd_use --> off
>> >> >> > allow_domain_fd_use exists setting
>> >> >> > Done.
>> >> >> >
>> >> >> > Both test_selinux.sh and tests/runtest.sh need to be updated.
>> >> >> >
>> >> >> > --
>> >> >> > Stephen Smalley
>> >> >> > National Security Agency
>> >> >>
>> >> >> Ok, next patch then... Let me know how this goes (I took a quick
>> >> >> look and I didn't see anything suspicious in the test scripts
>> >> >> themselves..).
>> >> >> Thanks,
>> >> >> -Garrett
>> >> >
>> >> > patching file ../../../../testscripts/test_selinux.sh
>> >> > Hunk #2 FAILED at 23.
>> >> > Hunk #3 FAILED at 57.
>> >> > 2 out of 5 hunks FAILED -- saving rejects to file ../../../../testscripts/test_selinux.sh.rej
>> >> >
>> >> > I think it would work better if you just committed all of the patches
>> >> > thus far and I can just re-test cvs head.
>> >> >
>> >> > If you do post any further patches, please make them relative to the top
>> >> > of the tree.
>> >>
>> >> Ugh, I hate CVS diffs too (so I understand)... I was trying to
>> >> avoid committing intermediate work, but as long as this gets fixed
>> >> before the next snapshot, I guess that's fine. Committed the next step
>> >> to CVS.
>> >
>> > # cd /opt/ltp
>> > # ./testscripts/test_selinux.sh
>> > Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>> > /etc/selinux /opt/ltp
>> > /opt/ltp
>> > allow_domain_fd_use --> off
>> > allow_domain_fd_use exists setting
>> > building and installing test_policy module...
>> > make: *** No rule to make target `load'. Stop.
>> > Failed to build and load test_policy module, aborting test run.
>> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> >
>> > There is no Makefile
>> > under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy,
>> > only in the source tree.
>>
>> Yeah, you're right. I was trying to beat around this bush by not
>> copying these over, but it's better to have the test running and be
>> improperly designed than it is for regressions to leak by today, until
>> the day comes where these items are fixed.
>>
>> 1. So, Makefile is now copied over by default.
>> 2. load is no longer done as part of all / install (test_selinux.sh
>> was performing that function).
>>
>> So once the tests have been written to make and install independent of
>> selinux-devel, etc... we'll be in good shape and I will switch these
>> back to all / install dependent targets. I was trying to do it that
>> way to avoid requiring make on the target under test, but I need to
>> better understand the subject matter under test before we get to that
>> point.
>
> Unfortunately, as the Makefile now includes other .mk files and those
> are not copied over, it still doesn't work.
>
> Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory
> make: ../../../../../scripts/detect_distro.sh: Command not found
> Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory
> make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop.
> Failed to build and load test_policy module, aborting test run.
> /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>
> I suppose you could perform the make load as part of all/install
> (preferably install as we really shouldn't need to be root to run make
> all - although that no longer seems to be the case for the main ltp
> either), and drop it from test_selinux.sh. But then they will need to
> know/remember to remove the test policy when finished testing.
Actually, there's a way to work around this... move the logic required
for load into a separate Makefile, include that Makefile from the
current one, and then install that copy / modify the script so that it
can call load on the machine. This is still going to need to be
cleaned up so load's entire operation is done as part of
test_selinux.sh, but that's something that's going to be more time
consuming to complete.
I'll do this when I get back home which means you'll see a new version
sometime tomorrow morning for test.
Thanks!
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 19:49 ` Stephen Smalley
2010-01-13 21:58 ` Garrett Cooper
@ 2010-01-13 22:00 ` Serge E. Hallyn
2010-01-13 22:03 ` Stephen Smalley
1 sibling, 1 reply; 69+ messages in thread
From: Serge E. Hallyn @ 2010-01-13 22:00 UTC (permalink / raw)
To: Stephen Smalley; +Cc: ltp-list, James Morris, Eric Paris
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote:
> > Yeah, you're right. I was trying to beat around this bush by not
> > copying these over, but it's better to have the test running and be
> > improperly designed than it is for regressions to leak by today, until
> > the day comes where these items are fixed.
> >
> > 1. So, Makefile is now copied over by default.
> > 2. load is no longer done as part of all / install (test_selinux.sh
> > was performing that function).
> >
> > So once the tests have been written to make and install independent of
> > selinux-devel, etc... we'll be in good shape and I will switch these
> > back to all / install dependent targets. I was trying to do it that
> > way to avoid requiring make on the target under test, but I need to
> > better understand the subject matter under test before we get to that
> > point.
>
> Unfortunately, as the Makefile now includes other .mk files and those
> are not copied over, it still doesn't work.
>
> Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory
> make: ../../../../../scripts/detect_distro.sh: Command not found
> Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory
> make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop.
> Failed to build and load test_policy module, aborting test run.
> /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>
> I suppose you could perform the make load as part of all/install
> (preferably install as we really shouldn't need to be root to run make
> all - although that no longer seems to be the case for the main ltp
> either), and drop it from test_selinux.sh. But then they will need to
> know/remember to remove the test policy when finished testing.
But really the compile stage should just create test_policy.pp,
which the testsuite can load and unload, right?
-serge
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 22:00 ` Serge E. Hallyn
@ 2010-01-13 22:03 ` Stephen Smalley
2010-01-13 22:49 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-13 22:03 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, James Morris, Eric Paris
On Wed, 2010-01-13 at 16:00 -0600, Serge E. Hallyn wrote:
> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote:
> > > Yeah, you're right. I was trying to beat around this bush by not
> > > copying these over, but it's better to have the test running and be
> > > improperly designed than it is for regressions to leak by today, until
> > > the day comes where these items are fixed.
> > >
> > > 1. So, Makefile is now copied over by default.
> > > 2. load is no longer done as part of all / install (test_selinux.sh
> > > was performing that function).
> > >
> > > So once the tests have been written to make and install independent of
> > > selinux-devel, etc... we'll be in good shape and I will switch these
> > > back to all / install dependent targets. I was trying to do it that
> > > way to avoid requiring make on the target under test, but I need to
> > > better understand the subject matter under test before we get to that
> > > point.
> >
> > Unfortunately, as the Makefile now includes other .mk files and those
> > are not copied over, it still doesn't work.
> >
> > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory
> > make: ../../../../../scripts/detect_distro.sh: Command not found
> > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory
> > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop.
> > Failed to build and load test_policy module, aborting test run.
> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >
> > I suppose you could perform the make load as part of all/install
> > (preferably install as we really shouldn't need to be root to run make
> > all - although that no longer seems to be the case for the main ltp
> > either), and drop it from test_selinux.sh. But then they will need to
> > know/remember to remove the test policy when finished testing.
>
> But really the compile stage should just create test_policy.pp,
> which the testsuite can load and unload, right?
Yes, that should work.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 22:03 ` Stephen Smalley
@ 2010-01-13 22:49 ` Garrett Cooper
2010-01-14 14:07 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-13 22:49 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Wed, Jan 13, 2010 at 2:03 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Wed, 2010-01-13 at 16:00 -0600, Serge E. Hallyn wrote:
>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote:
>> > > Yeah, you're right. I was trying to beat around this bush by not
>> > > copying these over, but it's better to have the test running and be
>> > > improperly designed than it is for regressions to leak by today, until
>> > > the day comes where these items are fixed.
>> > >
>> > > 1. So, Makefile is now copied over by default.
>> > > 2. load is no longer done as part of all / install (test_selinux.sh
>> > > was performing that function).
>> > >
>> > > So once the tests have been written to make and install independent of
>> > > selinux-devel, etc... we'll be in good shape and I will switch these
>> > > back to all / install dependent targets. I was trying to do it that
>> > > way to avoid requiring make on the target under test, but I need to
>> > > better understand the subject matter under test before we get to that
>> > > point.
>> >
>> > Unfortunately, as the Makefile now includes other .mk files and those
>> > are not copied over, it still doesn't work.
>> >
>> > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory
>> > make: ../../../../../scripts/detect_distro.sh: Command not found
>> > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory
>> > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop.
>> > Failed to build and load test_policy module, aborting test run.
>> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
>> >
>> > I suppose you could perform the make load as part of all/install
>> > (preferably install as we really shouldn't need to be root to run make
>> > all - although that no longer seems to be the case for the main ltp
>> > either), and drop it from test_selinux.sh. But then they will need to
>> > know/remember to remove the test policy when finished testing.
>>
>> But really the compile stage should just create test_policy.pp,
>> which the testsuite can load and unload, right?
>
> Yes, that should work.
Which is what it's doing now, but the original author of the test
wrote the load logic and unload logic so that it used make instead of
using a bourne shell script, etc.
The other thing that's kind of amusing is that its setup / teardown
isn't very robust -- I could send a signal, or the process could get
terminated leaving the test policy files hanging around the system
under test. That's a side issue but it's also another good reason to
migrate away from this make paradigm for setup / teardown -_-...
Thanks,
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-13 22:49 ` Garrett Cooper
@ 2010-01-14 14:07 ` Stephen Smalley
2010-01-14 20:10 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-14 14:07 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Wed, 2010-01-13 at 14:49 -0800, Garrett Cooper wrote:
> On Wed, Jan 13, 2010 at 2:03 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Wed, 2010-01-13 at 16:00 -0600, Serge E. Hallyn wrote:
> >> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >> > On Wed, 2010-01-13 at 11:37 -0800, Garrett Cooper wrote:
> >> > > Yeah, you're right. I was trying to beat around this bush by not
> >> > > copying these over, but it's better to have the test running and be
> >> > > improperly designed than it is for regressions to leak by today, until
> >> > > the day comes where these items are fixed.
> >> > >
> >> > > 1. So, Makefile is now copied over by default.
> >> > > 2. load is no longer done as part of all / install (test_selinux.sh
> >> > > was performing that function).
> >> > >
> >> > > So once the tests have been written to make and install independent of
> >> > > selinux-devel, etc... we'll be in good shape and I will switch these
> >> > > back to all / install dependent targets. I was trying to do it that
> >> > > way to avoid requiring make on the target under test, but I need to
> >> > > better understand the subject matter under test before we get to that
> >> > > point.
> >> >
> >> > Unfortunately, as the Makefile now includes other .mk files and those
> >> > are not copied over, it still doesn't work.
> >> >
> >> > Makefile:25: ../../../../../include/mk/env_pre.mk: No such file or directory
> >> > make: ../../../../../scripts/detect_distro.sh: Command not found
> >> > Makefile:90: ../../../../../include/mk/generic_leaf_target.mk: No such file or directory
> >> > make: *** No rule to make target `../../../../../include/mk/generic_leaf_target.mk'. Stop.
> >> > Failed to build and load test_policy module, aborting test run.
> >> > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy
> >> >
> >> > I suppose you could perform the make load as part of all/install
> >> > (preferably install as we really shouldn't need to be root to run make
> >> > all - although that no longer seems to be the case for the main ltp
> >> > either), and drop it from test_selinux.sh. But then they will need to
> >> > know/remember to remove the test policy when finished testing.
> >>
> >> But really the compile stage should just create test_policy.pp,
> >> which the testsuite can load and unload, right?
> >
> > Yes, that should work.
>
> Which is what it's doing now, but the original author of the test
> wrote the load logic and unload logic so that it used make instead of
> using a bourne shell script, etc.
To clarify, there are two things happening under that load target
presently, one of which is properly handled at build time and one of
which is properly handled at test execution time. The first part is
building test_policy.pp. The latter is running semodule -i
test_policy.pp. So we could split up the Makefile so that the first
part is done by the make all/install, and test_selinux.sh merely runs
semodule -i test_policy.pp before the test and semodule -r test_policy
after the test. One other item I notice is that the current logic
copies test_policy* to $POLICY_DEVEL_DIR and runs make there, which
isn't necessary - you could just leave them in the refpolicy directory
and run make -f $POLICY_DEVEL_DIR/Makefile test_policy.pp.
> The other thing that's kind of amusing is that its setup / teardown
> isn't very robust -- I could send a signal, or the process could get
> terminated leaving the test policy files hanging around the system
> under test. That's a side issue but it's also another good reason to
> migrate away from this make paradigm for setup / teardown -_-...
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 14:07 ` Stephen Smalley
@ 2010-01-14 20:10 ` Garrett Cooper
2010-01-14 20:35 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-14 20:10 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list
On Thu, Jan 14, 2010 at 6:07 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Wed, 2010-01-13 at 14:49 -0800, Garrett Cooper wrote:
>> Which is what it's doing now, but the original author of the test
>> wrote the load logic and unload logic so that it used make instead of
>> using a bourne shell script, etc.
>
> To clarify, there are two things happening under that load target
> presently, one of which is properly handled at build time and one of
> which is properly handled at test execution time. The first part is
> building test_policy.pp. The latter is running semodule -i
> test_policy.pp. So we could split up the Makefile so that the first
> part is done by the make all/install, and test_selinux.sh merely runs
> semodule -i test_policy.pp before the test and semodule -r test_policy
> after the test. One other item I notice is that the current logic
> copies test_policy* to $POLICY_DEVEL_DIR and runs make there, which
> isn't necessary - you could just leave them in the refpolicy directory
> and run make -f $POLICY_DEVEL_DIR/Makefile test_policy.pp.
Ok, this is interesting. So -- is there any particular reason why
clean (which in this case just called cleanup) should be called before
load?
So at the end of the day, all of the junk done as part of `load' could
in fact be done in test_selinux.sh // runtests.sh (I assume the only
step that couldn't be done is semodule -i? I don't have any hard
feelings for not putting that logic in those scripts...
>> The other thing that's kind of amusing is that its setup / teardown
>> isn't very robust -- I could send a signal, or the process could get
>> terminated leaving the test policy files hanging around the system
>> under test. That's a side issue but it's also another good reason to
>> migrate away from this make paradigm for setup / teardown -_-...
Thanks!
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 20:10 ` Garrett Cooper
@ 2010-01-14 20:35 ` Stephen Smalley
2010-01-14 20:44 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-14 20:35 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Thu, 2010-01-14 at 12:10 -0800, Garrett Cooper wrote:
> On Thu, Jan 14, 2010 at 6:07 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Wed, 2010-01-13 at 14:49 -0800, Garrett Cooper wrote:
> >> Which is what it's doing now, but the original author of the test
> >> wrote the load logic and unload logic so that it used make instead of
> >> using a bourne shell script, etc.
> >
> > To clarify, there are two things happening under that load target
> > presently, one of which is properly handled at build time and one of
> > which is properly handled at test execution time. The first part is
> > building test_policy.pp. The latter is running semodule -i
> > test_policy.pp. So we could split up the Makefile so that the first
> > part is done by the make all/install, and test_selinux.sh merely runs
> > semodule -i test_policy.pp before the test and semodule -r test_policy
> > after the test. One other item I notice is that the current logic
> > copies test_policy* to $POLICY_DEVEL_DIR and runs make there, which
> > isn't necessary - you could just leave them in the refpolicy directory
> > and run make -f $POLICY_DEVEL_DIR/Makefile test_policy.pp.
>
> Ok, this is interesting. So -- is there any particular reason why
> clean (which in this case just called cleanup) should be called before
> load?
>
> So at the end of the day, all of the junk done as part of `load' could
> in fact be done in test_selinux.sh // runtests.sh (I assume the only
> step that couldn't be done is semodule -i? I don't have any hard
> feelings for not putting that logic in those scripts...
I guess I'm not being clear. Most of the work presently done by 'load'
can be done during make all/install. In particular, everything except
for running semodule -i can be done during make all, and then make
install should just copy test_policy.pp (the output of make all) to
the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
-i /path/to/test_policy.pp before the tests and semodule -r test_policy
afterward. We can also avoid copying test_policy.te to the system
policy devel directory altogether. Something like this patch (and
Makefile.selinux can then be removed altogether):
Index: testscripts/test_selinux.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
retrieving revision 1.15
diff -u -r1.15 test_selinux.sh
--- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
+++ testscripts/test_selinux.sh 14 Jan 2010 20:32:35 -0000
@@ -89,11 +89,10 @@
config_allow_domain_fd_use 0
# build and install the test policy...
-echo "building and installing test_policy module..."
-cd $POLICYDIR
-make load
+echo "installing test_policy module..."
+$(SEMODULE) -i $POLICYDIR/test_policy.pp
if [ $? != 0 ]; then
- echo "Failed to build and load test_policy module, aborting test run."
+ echo "Failed to install load test_policy module, aborting test run."
config_unset_expandcheck
exit 1
else
@@ -126,8 +125,7 @@
/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
echo "Removing test_policy module..."
-cd $POLICYDIR
-make cleanup 2>&1
+$(SEMODULE) -r test_policy
if [ $? != 0 ]; then
echo "Failed to remove test_policy module."
exit 1
Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
+++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:32:35 -0000
@@ -39,10 +39,11 @@
CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
+POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
-INSTALL_TARGETS := Makefile.selinux
+INSTALL_TARGETS := test_policy.pp
TEST_POLICY_DIR := $(abs_srcdir)/policy_files
@@ -63,8 +64,17 @@
POLICY_FILES := test_global.te \
$(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
+all: test_policy.pp
+
+test_policy.pp: test_policy.te
+ @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
+ $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
+ else \
+ echo "ERROR: You must have selinux-policy?-devel? installed."; \
+ false; \
+ fi
+
test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
(cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
include $(top_srcdir)/include/mk/generic_leaf_target.mk
-include $(abs_srcdir)/Makefile.selinux
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 20:35 ` Stephen Smalley
@ 2010-01-14 20:44 ` Stephen Smalley
2010-01-14 21:29 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-14 20:44 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
> I guess I'm not being clear. Most of the work presently done by 'load'
> can be done during make all/install. In particular, everything except
> for running semodule -i can be done during make all, and then make
> install should just copy test_policy.pp (the output of make all) to
> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
> afterward. We can also avoid copying test_policy.te to the system
> policy devel directory altogether. Something like this patch (and
> Makefile.selinux can then be removed altogether):
Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
patch is below. This one actually runs ;)
Index: testscripts/test_selinux.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
retrieving revision 1.15
diff -u -r1.15 test_selinux.sh
--- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
+++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
@@ -89,11 +89,10 @@
config_allow_domain_fd_use 0
# build and install the test policy...
-echo "building and installing test_policy module..."
-cd $POLICYDIR
-make load
+echo "installing test_policy module..."
+$SEMODULE -i $POLICYDIR/test_policy.pp
if [ $? != 0 ]; then
- echo "Failed to build and load test_policy module, aborting test run."
+ echo "Failed to install load test_policy module, aborting test run."
config_unset_expandcheck
exit 1
else
@@ -126,8 +125,7 @@
/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
echo "Removing test_policy module..."
-cd $POLICYDIR
-make cleanup 2>&1
+$SEMODULE -r test_policy
if [ $? != 0 ]; then
echo "Failed to remove test_policy module."
exit 1
Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
+++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
@@ -39,10 +39,11 @@
CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
+POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
-INSTALL_TARGETS := Makefile.selinux
+INSTALL_TARGETS := test_policy.pp
TEST_POLICY_DIR := $(abs_srcdir)/policy_files
@@ -63,8 +64,17 @@
POLICY_FILES := test_global.te \
$(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
+all: test_policy.pp
+
+test_policy.pp: test_policy.te
+ @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
+ $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
+ else \
+ echo "ERROR: You must have selinux-policy?-devel? installed."; \
+ false; \
+ fi
+
test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
(cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
include $(top_srcdir)/include/mk/generic_leaf_target.mk
-include $(abs_srcdir)/Makefile.selinux
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 20:44 ` Stephen Smalley
@ 2010-01-14 21:29 ` Garrett Cooper
2010-01-14 21:32 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-14 21:29 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list
On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
>> I guess I'm not being clear. Most of the work presently done by 'load'
>> can be done during make all/install. In particular, everything except
>> for running semodule -i can be done during make all, and then make
>> install should just copy test_policy.pp (the output of make all) to
>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
>> afterward. We can also avoid copying test_policy.te to the system
>> policy devel directory altogether. Something like this patch (and
>> Makefile.selinux can then be removed altogether):
>
> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
> patch is below. This one actually runs ;)
>
> Index: testscripts/test_selinux.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> retrieving revision 1.15
> diff -u -r1.15 test_selinux.sh
> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> @@ -89,11 +89,10 @@
> config_allow_domain_fd_use 0
>
> # build and install the test policy...
> -echo "building and installing test_policy module..."
> -cd $POLICYDIR
> -make load
> +echo "installing test_policy module..."
> +$SEMODULE -i $POLICYDIR/test_policy.pp
> if [ $? != 0 ]; then
> - echo "Failed to build and load test_policy module, aborting test run."
> + echo "Failed to install load test_policy module, aborting test run."
> config_unset_expandcheck
> exit 1
> else
> @@ -126,8 +125,7 @@
> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
>
> echo "Removing test_policy module..."
> -cd $POLICYDIR
> -make cleanup 2>&1
> +$SEMODULE -r test_policy
> if [ $? != 0 ]; then
> echo "Failed to remove test_policy module."
> exit 1
> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> retrieving revision 1.17
> diff -u -r1.17 Makefile
> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
> @@ -39,10 +39,11 @@
>
> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>
> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
>
> -INSTALL_TARGETS := Makefile.selinux
> +INSTALL_TARGETS := test_policy.pp
>
> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>
> @@ -63,8 +64,17 @@
> POLICY_FILES := test_global.te \
> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
>
> +all: test_policy.pp
> +
> +test_policy.pp: test_policy.te
> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
> + else \
> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> + false; \
> + fi
> +
> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
>
> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> -include $(abs_srcdir)/Makefile.selinux
Cool! This is a lot easier than I originally thought it would be.
Everything specified with all should be specified instead with the
MAKE_TARGETS variable. This is because it adds everything in
MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
handle it appropriately via clean and install.
All I have to do after this is resolve the (semodule?) security bit
enabling for the tests, and we'll be in good shape for all build,
install, and test scenarios with selinux.
Thanks!
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 21:29 ` Garrett Cooper
@ 2010-01-14 21:32 ` Garrett Cooper
2010-01-14 21:59 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-14 21:32 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list
On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
>>> I guess I'm not being clear. Most of the work presently done by 'load'
>>> can be done during make all/install. In particular, everything except
>>> for running semodule -i can be done during make all, and then make
>>> install should just copy test_policy.pp (the output of make all) to
>>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
>>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
>>> afterward. We can also avoid copying test_policy.te to the system
>>> policy devel directory altogether. Something like this patch (and
>>> Makefile.selinux can then be removed altogether):
>>
>> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
>> patch is below. This one actually runs ;)
>>
>> Index: testscripts/test_selinux.sh
>> ===================================================================
>> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
>> retrieving revision 1.15
>> diff -u -r1.15 test_selinux.sh
>> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
>> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
>> @@ -89,11 +89,10 @@
>> config_allow_domain_fd_use 0
>>
>> # build and install the test policy...
>> -echo "building and installing test_policy module..."
>> -cd $POLICYDIR
>> -make load
>> +echo "installing test_policy module..."
>> +$SEMODULE -i $POLICYDIR/test_policy.pp
>> if [ $? != 0 ]; then
>> - echo "Failed to build and load test_policy module, aborting test run."
>> + echo "Failed to install load test_policy module, aborting test run."
>> config_unset_expandcheck
>> exit 1
>> else
>> @@ -126,8 +125,7 @@
>> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
>>
>> echo "Removing test_policy module..."
>> -cd $POLICYDIR
>> -make cleanup 2>&1
>> +$SEMODULE -r test_policy
>> if [ $? != 0 ]; then
>> echo "Failed to remove test_policy module."
>> exit 1
>> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
>> ===================================================================
>> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> retrieving revision 1.17
>> diff -u -r1.17 Makefile
>> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
>> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
>> @@ -39,10 +39,11 @@
>>
>> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
>> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
>> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>>
>> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
>>
>> -INSTALL_TARGETS := Makefile.selinux
>> +INSTALL_TARGETS := test_policy.pp
>>
>> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>>
>> @@ -63,8 +64,17 @@
>> POLICY_FILES := test_global.te \
>> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
>>
>> +all: test_policy.pp
>> +
>> +test_policy.pp: test_policy.te
>> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
>> + else \
>> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> + false; \
>> + fi
>> +
>> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
>> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
>>
>> include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> -include $(abs_srcdir)/Makefile.selinux
>
> Cool! This is a lot easier than I originally thought it would be.
>
> Everything specified with all should be specified instead with the
s/Everything specified with all/All dependencies of all/
MAKE_TARGETS variable. This is because it adds everything in
> MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
> handle it appropriately via clean and install.
>
> All I have to do after this is resolve the (semodule?) security bit
> enabling for the tests, and we'll be in good shape for all build,
> install, and test scenarios with selinux.
Thanks!
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 21:32 ` Garrett Cooper
@ 2010-01-14 21:59 ` Stephen Smalley
2010-01-14 22:31 ` Stephen Smalley
` (2 more replies)
0 siblings, 3 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-14 21:59 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote:
> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
> >>> I guess I'm not being clear. Most of the work presently done by 'load'
> >>> can be done during make all/install. In particular, everything except
> >>> for running semodule -i can be done during make all, and then make
> >>> install should just copy test_policy.pp (the output of make all) to
> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
> >>> afterward. We can also avoid copying test_policy.te to the system
> >>> policy devel directory altogether. Something like this patch (and
> >>> Makefile.selinux can then be removed altogether):
> >>
> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
> >> patch is below. This one actually runs ;)
> >>
> >> Index: testscripts/test_selinux.sh
> >> ===================================================================
> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> >> retrieving revision 1.15
> >> diff -u -r1.15 test_selinux.sh
> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> >> @@ -89,11 +89,10 @@
> >> config_allow_domain_fd_use 0
> >>
> >> # build and install the test policy...
> >> -echo "building and installing test_policy module..."
> >> -cd $POLICYDIR
> >> -make load
> >> +echo "installing test_policy module..."
> >> +$SEMODULE -i $POLICYDIR/test_policy.pp
> >> if [ $? != 0 ]; then
> >> - echo "Failed to build and load test_policy module, aborting test run."
> >> + echo "Failed to install load test_policy module, aborting test run."
> >> config_unset_expandcheck
> >> exit 1
> >> else
> >> @@ -126,8 +125,7 @@
> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> >>
> >> echo "Removing test_policy module..."
> >> -cd $POLICYDIR
> >> -make cleanup 2>&1
> >> +$SEMODULE -r test_policy
> >> if [ $? != 0 ]; then
> >> echo "Failed to remove test_policy module."
> >> exit 1
> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> >> ===================================================================
> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> >> retrieving revision 1.17
> >> diff -u -r1.17 Makefile
> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
> >> @@ -39,10 +39,11 @@
> >>
> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> >>
> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
> >>
> >> -INSTALL_TARGETS := Makefile.selinux
> >> +INSTALL_TARGETS := test_policy.pp
> >>
> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> >>
> >> @@ -63,8 +64,17 @@
> >> POLICY_FILES := test_global.te \
> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
> >>
> >> +all: test_policy.pp
> >> +
> >> +test_policy.pp: test_policy.te
> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
> >> + else \
> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> >> + false; \
> >> + fi
> >> +
> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
> >>
> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> >> -include $(abs_srcdir)/Makefile.selinux
> >
> > Cool! This is a lot easier than I originally thought it would be.
> >
> > Everything specified with all should be specified instead with the
>
> s/Everything specified with all/All dependencies of all/
>
> MAKE_TARGETS variable. This is because it adds everything in
> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
> > handle it appropriately via clean and install.
> >
> > All I have to do after this is resolve the (semodule?) security bit
> > enabling for the tests, and we'll be in good shape for all build,
> > install, and test scenarios with selinux.
Further diff on top of the prior one to resolve a few remaining issues
in getting the tests to pass. With these two patches, all tests appear
to pass on Fedora 12.
Things that remain unresolved:
- RHEL4 support. Is RHEL4 to be supported still by ltp, given
dependencies? RHEL4 has been using the test policy under policy/ and
has a different build/load process.
- Running individual tests manually. As described in the
selinux-testsuite README, it used to be possible to run individual tests
via tests/runtest.sh in order to more easily hunt down specific failures
and get more verbose output than we get from any of the results/* files.
diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh
--- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
+++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000
@@ -113,7 +113,7 @@
# The ../testcases/bin directory needs to have the test_file_t type.
# Save and restore later.
SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
-/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
+/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
@@ -122,7 +122,7 @@
rm -rf $TMP/selinux
# Restore type of .../testcases/bin directory
-/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
+/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
echo "Removing test_policy module..."
$SEMODULE -r test_policy
only in patch2:
unchanged:
--- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7
+++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000
@@ -193,7 +193,7 @@
fi
# return to $LTPROOT directory
- cd ${PWD}
+ cd ${SAVEPWD}
return $RC
}
only in patch2:
unchanged:
--- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2
+++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000
@@ -25,8 +25,6 @@
include $(top_srcdir)/include/mk/env_pre.mk
include $(abs_srcdir)/../Makefile.inc
-LDFLAGS += -static
-
LDLIBS += -lselinux
include $(top_srcdir)/include/mk/generic_leaf_target.mk
only in patch2:
unchanged:
--- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4
+++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000
@@ -25,6 +25,7 @@
# run tests in $LTPROOT/testcases/bin directory
SAVEPWD=${PWD}
+ LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
cd ${LTPBIN}
CURRENTDIR="."
}
@@ -39,7 +40,7 @@
# the test_file from test_inherit_parent_t.
# Should fail on fd use permission.
- runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1
+ runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1
RC=$?
if [ $RC -ne 0 ]
then
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 21:59 ` Stephen Smalley
@ 2010-01-14 22:31 ` Stephen Smalley
2010-01-15 4:22 ` Garrett Cooper
2010-01-15 4:44 ` Garrett Cooper
2 siblings, 0 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-14 22:31 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Thu, 2010-01-14 at 16:59 -0500, Stephen Smalley wrote:
> On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote:
> > On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
> > >>> I guess I'm not being clear. Most of the work presently done by 'load'
> > >>> can be done during make all/install. In particular, everything except
> > >>> for running semodule -i can be done during make all, and then make
> > >>> install should just copy test_policy.pp (the output of make all) to
> > >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
> > >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
> > >>> afterward. We can also avoid copying test_policy.te to the system
> > >>> policy devel directory altogether. Something like this patch (and
> > >>> Makefile.selinux can then be removed altogether):
> > >>
> > >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
> > >> patch is below. This one actually runs ;)
> > >>
> > >> Index: testscripts/test_selinux.sh
> > >> ===================================================================
> > >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> > >> retrieving revision 1.15
> > >> diff -u -r1.15 test_selinux.sh
> > >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
> > >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> > >> @@ -89,11 +89,10 @@
> > >> config_allow_domain_fd_use 0
> > >>
> > >> # build and install the test policy...
> > >> -echo "building and installing test_policy module..."
> > >> -cd $POLICYDIR
> > >> -make load
> > >> +echo "installing test_policy module..."
> > >> +$SEMODULE -i $POLICYDIR/test_policy.pp
> > >> if [ $? != 0 ]; then
> > >> - echo "Failed to build and load test_policy module, aborting test run."
> > >> + echo "Failed to install load test_policy module, aborting test run."
> > >> config_unset_expandcheck
> > >> exit 1
> > >> else
> > >> @@ -126,8 +125,7 @@
> > >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> > >>
> > >> echo "Removing test_policy module..."
> > >> -cd $POLICYDIR
> > >> -make cleanup 2>&1
> > >> +$SEMODULE -r test_policy
> > >> if [ $? != 0 ]; then
> > >> echo "Failed to remove test_policy module."
> > >> exit 1
> > >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> > >> ===================================================================
> > >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> > >> retrieving revision 1.17
> > >> diff -u -r1.17 Makefile
> > >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
> > >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
> > >> @@ -39,10 +39,11 @@
> > >>
> > >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
> > >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> > >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> > >>
> > >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
> > >>
> > >> -INSTALL_TARGETS := Makefile.selinux
> > >> +INSTALL_TARGETS := test_policy.pp
> > >>
> > >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> > >>
> > >> @@ -63,8 +64,17 @@
> > >> POLICY_FILES := test_global.te \
> > >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
> > >>
> > >> +all: test_policy.pp
> > >> +
> > >> +test_policy.pp: test_policy.te
> > >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> > >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
> > >> + else \
> > >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> > >> + false; \
> > >> + fi
> > >> +
> > >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
> > >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
> > >>
> > >> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> > >> -include $(abs_srcdir)/Makefile.selinux
> > >
> > > Cool! This is a lot easier than I originally thought it would be.
> > >
> > > Everything specified with all should be specified instead with the
> >
> > s/Everything specified with all/All dependencies of all/
> >
> > MAKE_TARGETS variable. This is because it adds everything in
> > > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
> > > handle it appropriately via clean and install.
> > >
> > > All I have to do after this is resolve the (semodule?) security bit
> > > enabling for the tests, and we'll be in good shape for all build,
> > > install, and test scenarios with selinux.
>
> Further diff on top of the prior one to resolve a few remaining issues
> in getting the tests to pass. With these two patches, all tests appear
> to pass on Fedora 12.
>
> Things that remain unresolved:
> - RHEL4 support. Is RHEL4 to be supported still by ltp, given
> dependencies? RHEL4 has been using the test policy under policy/ and
> has a different build/load process.
> - Running individual tests manually. As described in the
> selinux-testsuite README, it used to be possible to run individual tests
> via tests/runtest.sh in order to more easily hunt down specific failures
> and get more verbose output than we get from any of the results/* files.
Possibly we should just extend test_selinux.sh to handle the individual
test execution case as well, since it already has the setup and cleanup
logic. If the caller passes a specific test on the command line to it,
it can just execute that one outside of pan. That would avoid
duplication with runtest.sh.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 21:59 ` Stephen Smalley
2010-01-14 22:31 ` Stephen Smalley
@ 2010-01-15 4:22 ` Garrett Cooper
2010-01-15 4:44 ` Garrett Cooper
2 siblings, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-15 4:22 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list
On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote:
>> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
>> >>> I guess I'm not being clear. Most of the work presently done by 'load'
>> >>> can be done during make all/install. In particular, everything except
>> >>> for running semodule -i can be done during make all, and then make
>> >>> install should just copy test_policy.pp (the output of make all) to
>> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
>> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
>> >>> afterward. We can also avoid copying test_policy.te to the system
>> >>> policy devel directory altogether. Something like this patch (and
>> >>> Makefile.selinux can then be removed altogether):
>> >>
>> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
>> >> patch is below. This one actually runs ;)
>> >>
>> >> Index: testscripts/test_selinux.sh
>> >> ===================================================================
>> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
>> >> retrieving revision 1.15
>> >> diff -u -r1.15 test_selinux.sh
>> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
>> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
>> >> @@ -89,11 +89,10 @@
>> >> config_allow_domain_fd_use 0
>> >>
>> >> # build and install the test policy...
>> >> -echo "building and installing test_policy module..."
>> >> -cd $POLICYDIR
>> >> -make load
>> >> +echo "installing test_policy module..."
>> >> +$SEMODULE -i $POLICYDIR/test_policy.pp
>> >> if [ $? != 0 ]; then
>> >> - echo "Failed to build and load test_policy module, aborting test run."
>> >> + echo "Failed to install load test_policy module, aborting test run."
>> >> config_unset_expandcheck
>> >> exit 1
>> >> else
>> >> @@ -126,8 +125,7 @@
>> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
>> >>
>> >> echo "Removing test_policy module..."
>> >> -cd $POLICYDIR
>> >> -make cleanup 2>&1
>> >> +$SEMODULE -r test_policy
>> >> if [ $? != 0 ]; then
>> >> echo "Failed to remove test_policy module."
>> >> exit 1
>> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
>> >> ===================================================================
>> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> >> retrieving revision 1.17
>> >> diff -u -r1.17 Makefile
>> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
>> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
>> >> @@ -39,10 +39,11 @@
>> >>
>> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
>> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
>> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> >>
>> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
>> >>
>> >> -INSTALL_TARGETS := Makefile.selinux
>> >> +INSTALL_TARGETS := test_policy.pp
>> >>
>> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >>
>> >> @@ -63,8 +64,17 @@
>> >> POLICY_FILES := test_global.te \
>> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> >>
>> >> +all: test_policy.pp
>> >> +
>> >> +test_policy.pp: test_policy.te
>> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
>> >> + else \
>> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> >> + false; \
>> >> + fi
>> >> +
>> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
>> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
>> >>
>> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> >> -include $(abs_srcdir)/Makefile.selinux
>> >
>> > Cool! This is a lot easier than I originally thought it would be.
>> >
>> > Everything specified with all should be specified instead with the
>>
>> s/Everything specified with all/All dependencies of all/
>>
>> MAKE_TARGETS variable. This is because it adds everything in
>> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
>> > handle it appropriately via clean and install.
>> >
>> > All I have to do after this is resolve the (semodule?) security bit
>> > enabling for the tests, and we'll be in good shape for all build,
>> > install, and test scenarios with selinux.
>
> Further diff on top of the prior one to resolve a few remaining issues
> in getting the tests to pass. With these two patches, all tests appear
> to pass on Fedora 12.
>
> Things that remain unresolved:
> - RHEL4 support. Is RHEL4 to be supported still by ltp, given
> dependencies? RHEL4 has been using the test policy under policy/ and
> has a different build/load process.
> - Running individual tests manually. As described in the
> selinux-testsuite README, it used to be possible to run individual tests
> via tests/runtest.sh in order to more easily hunt down specific failures
> and get more verbose output than we get from any of the results/* files.
>
> diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh
> --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000
> @@ -113,7 +113,7 @@
> # The ../testcases/bin directory needs to have the test_file_t type.
> # Save and restore later.
> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
> +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
>
> $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>
> @@ -122,7 +122,7 @@
> rm -rf $TMP/selinux
>
> # Restore type of .../testcases/bin directory
> -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
>
> echo "Removing test_policy module..."
> $SEMODULE -r test_policy
> only in patch2:
> unchanged:
> --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7
> +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000
> @@ -193,7 +193,7 @@
> fi
>
> # return to $LTPROOT directory
> - cd ${PWD}
> + cd ${SAVEPWD}
>
> return $RC
> }
> only in patch2:
> unchanged:
> --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2
> +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000
> @@ -25,8 +25,6 @@
> include $(top_srcdir)/include/mk/env_pre.mk
> include $(abs_srcdir)/../Makefile.inc
>
> -LDFLAGS += -static
> -
> LDLIBS += -lselinux
>
> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> only in patch2:
> unchanged:
> --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000
> @@ -25,6 +25,7 @@
>
> # run tests in $LTPROOT/testcases/bin directory
> SAVEPWD=${PWD}
> + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
> cd ${LTPBIN}
> CURRENTDIR="."
> }
> @@ -39,7 +40,7 @@
> # the test_file from test_inherit_parent_t.
> # Should fail on fd use permission.
>
> - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1
> + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1
> RC=$?
> if [ $RC -ne 0 ]
> then
Thanks -- committed.
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-14 21:59 ` Stephen Smalley
2010-01-14 22:31 ` Stephen Smalley
2010-01-15 4:22 ` Garrett Cooper
@ 2010-01-15 4:44 ` Garrett Cooper
2010-01-15 14:11 ` Stephen Smalley
2 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-15 4:44 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Eric Paris, James Morris, ltp-list
On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote:
>> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
>> >>> I guess I'm not being clear. Most of the work presently done by 'load'
>> >>> can be done during make all/install. In particular, everything except
>> >>> for running semodule -i can be done during make all, and then make
>> >>> install should just copy test_policy.pp (the output of make all) to
>> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
>> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
>> >>> afterward. We can also avoid copying test_policy.te to the system
>> >>> policy devel directory altogether. Something like this patch (and
>> >>> Makefile.selinux can then be removed altogether):
>> >>
>> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
>> >> patch is below. This one actually runs ;)
>> >>
>> >> Index: testscripts/test_selinux.sh
>> >> ===================================================================
>> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
>> >> retrieving revision 1.15
>> >> diff -u -r1.15 test_selinux.sh
>> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
>> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
>> >> @@ -89,11 +89,10 @@
>> >> config_allow_domain_fd_use 0
>> >>
>> >> # build and install the test policy...
>> >> -echo "building and installing test_policy module..."
>> >> -cd $POLICYDIR
>> >> -make load
>> >> +echo "installing test_policy module..."
>> >> +$SEMODULE -i $POLICYDIR/test_policy.pp
>> >> if [ $? != 0 ]; then
>> >> - echo "Failed to build and load test_policy module, aborting test run."
>> >> + echo "Failed to install load test_policy module, aborting test run."
>> >> config_unset_expandcheck
>> >> exit 1
>> >> else
>> >> @@ -126,8 +125,7 @@
>> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
>> >>
>> >> echo "Removing test_policy module..."
>> >> -cd $POLICYDIR
>> >> -make cleanup 2>&1
>> >> +$SEMODULE -r test_policy
>> >> if [ $? != 0 ]; then
>> >> echo "Failed to remove test_policy module."
>> >> exit 1
>> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
>> >> ===================================================================
>> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
>> >> retrieving revision 1.17
>> >> diff -u -r1.17 Makefile
>> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
>> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
>> >> @@ -39,10 +39,11 @@
>> >>
>> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
>> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
>> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
>> >>
>> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
>> >>
>> >> -INSTALL_TARGETS := Makefile.selinux
>> >> +INSTALL_TARGETS := test_policy.pp
>> >>
>> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
>> >>
>> >> @@ -63,8 +64,17 @@
>> >> POLICY_FILES := test_global.te \
>> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
>> >>
>> >> +all: test_policy.pp
>> >> +
>> >> +test_policy.pp: test_policy.te
>> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
>> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
>> >> + else \
>> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
>> >> + false; \
>> >> + fi
>> >> +
>> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
>> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
>> >>
>> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> >> -include $(abs_srcdir)/Makefile.selinux
>> >
>> > Cool! This is a lot easier than I originally thought it would be.
>> >
>> > Everything specified with all should be specified instead with the
>>
>> s/Everything specified with all/All dependencies of all/
>>
>> MAKE_TARGETS variable. This is because it adds everything in
>> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
>> > handle it appropriately via clean and install.
>> >
>> > All I have to do after this is resolve the (semodule?) security bit
>> > enabling for the tests, and we'll be in good shape for all build,
>> > install, and test scenarios with selinux.
>
> Further diff on top of the prior one to resolve a few remaining issues
> in getting the tests to pass. With these two patches, all tests appear
> to pass on Fedora 12.
>
> Things that remain unresolved:
> - RHEL4 support. Is RHEL4 to be supported still by ltp, given
> dependencies? RHEL4 has been using the test policy under policy/ and
> has a different build/load process.
> - Running individual tests manually. As described in the
> selinux-testsuite README, it used to be possible to run individual tests
> via tests/runtest.sh in order to more easily hunt down specific failures
> and get more verbose output than we get from any of the results/* files.
>
> diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh
> --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000
> @@ -113,7 +113,7 @@
> # The ../testcases/bin directory needs to have the test_file_t type.
> # Save and restore later.
> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
> +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
>
> $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
>
> @@ -122,7 +122,7 @@
> rm -rf $TMP/selinux
>
> # Restore type of .../testcases/bin directory
> -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
>
> echo "Removing test_policy module..."
> $SEMODULE -r test_policy
> only in patch2:
> unchanged:
> --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7
> +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000
> @@ -193,7 +193,7 @@
> fi
>
> # return to $LTPROOT directory
> - cd ${PWD}
> + cd ${SAVEPWD}
>
> return $RC
> }
> only in patch2:
> unchanged:
> --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2
> +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000
> @@ -25,8 +25,6 @@
> include $(top_srcdir)/include/mk/env_pre.mk
> include $(abs_srcdir)/../Makefile.inc
>
> -LDFLAGS += -static
> -
> LDLIBS += -lselinux
>
> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> only in patch2:
> unchanged:
> --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000
> @@ -25,6 +25,7 @@
>
> # run tests in $LTPROOT/testcases/bin directory
> SAVEPWD=${PWD}
> + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
> cd ${LTPBIN}
> CURRENTDIR="."
> }
> @@ -39,7 +40,7 @@
> # the test_file from test_inherit_parent_t.
> # Should fail on fd use permission.
>
> - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1
> + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1
> RC=$?
> if [ $RC -ne 0 ]
> then
Ok -- the rest of this has been committed -- please let me know
how everything goes tomorrow!
Thanks,
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-15 4:44 ` Garrett Cooper
@ 2010-01-15 14:11 ` Stephen Smalley
2010-01-15 14:17 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-15 14:11 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Thu, 2010-01-14 at 20:44 -0800, Garrett Cooper wrote:
> On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote:
> >> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> >> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
> >> >>> I guess I'm not being clear. Most of the work presently done by 'load'
> >> >>> can be done during make all/install. In particular, everything except
> >> >>> for running semodule -i can be done during make all, and then make
> >> >>> install should just copy test_policy.pp (the output of make all) to
> >> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
> >> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
> >> >>> afterward. We can also avoid copying test_policy.te to the system
> >> >>> policy devel directory altogether. Something like this patch (and
> >> >>> Makefile.selinux can then be removed altogether):
> >> >>
> >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
> >> >> patch is below. This one actually runs ;)
> >> >>
> >> >> Index: testscripts/test_selinux.sh
> >> >> ===================================================================
> >> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> >> >> retrieving revision 1.15
> >> >> diff -u -r1.15 test_selinux.sh
> >> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
> >> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> >> >> @@ -89,11 +89,10 @@
> >> >> config_allow_domain_fd_use 0
> >> >>
> >> >> # build and install the test policy...
> >> >> -echo "building and installing test_policy module..."
> >> >> -cd $POLICYDIR
> >> >> -make load
> >> >> +echo "installing test_policy module..."
> >> >> +$SEMODULE -i $POLICYDIR/test_policy.pp
> >> >> if [ $? != 0 ]; then
> >> >> - echo "Failed to build and load test_policy module, aborting test run."
> >> >> + echo "Failed to install load test_policy module, aborting test run."
> >> >> config_unset_expandcheck
> >> >> exit 1
> >> >> else
> >> >> @@ -126,8 +125,7 @@
> >> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> >> >>
> >> >> echo "Removing test_policy module..."
> >> >> -cd $POLICYDIR
> >> >> -make cleanup 2>&1
> >> >> +$SEMODULE -r test_policy
> >> >> if [ $? != 0 ]; then
> >> >> echo "Failed to remove test_policy module."
> >> >> exit 1
> >> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> >> >> ===================================================================
> >> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> >> >> retrieving revision 1.17
> >> >> diff -u -r1.17 Makefile
> >> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
> >> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
> >> >> @@ -39,10 +39,11 @@
> >> >>
> >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
> >> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> >> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> >> >>
> >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
> >> >>
> >> >> -INSTALL_TARGETS := Makefile.selinux
> >> >> +INSTALL_TARGETS := test_policy.pp
> >> >>
> >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> >> >>
> >> >> @@ -63,8 +64,17 @@
> >> >> POLICY_FILES := test_global.te \
> >> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
> >> >>
> >> >> +all: test_policy.pp
> >> >> +
> >> >> +test_policy.pp: test_policy.te
> >> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> >> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
> >> >> + else \
> >> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> >> >> + false; \
> >> >> + fi
> >> >> +
> >> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
> >> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
> >> >>
> >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> >> >> -include $(abs_srcdir)/Makefile.selinux
> >> >
> >> > Cool! This is a lot easier than I originally thought it would be.
> >> >
> >> > Everything specified with all should be specified instead with the
> >>
> >> s/Everything specified with all/All dependencies of all/
> >>
> >> MAKE_TARGETS variable. This is because it adds everything in
> >> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
> >> > handle it appropriately via clean and install.
> >> >
> >> > All I have to do after this is resolve the (semodule?) security bit
> >> > enabling for the tests, and we'll be in good shape for all build,
> >> > install, and test scenarios with selinux.
> >
> > Further diff on top of the prior one to resolve a few remaining issues
> > in getting the tests to pass. With these two patches, all tests appear
> > to pass on Fedora 12.
> >
> > Things that remain unresolved:
> > - RHEL4 support. Is RHEL4 to be supported still by ltp, given
> > dependencies? RHEL4 has been using the test policy under policy/ and
> > has a different build/load process.
> > - Running individual tests manually. As described in the
> > selinux-testsuite README, it used to be possible to run individual tests
> > via tests/runtest.sh in order to more easily hunt down specific failures
> > and get more verbose output than we get from any of the results/* files.
> >
> > diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh
> > --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> > +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000
> > @@ -113,7 +113,7 @@
> > # The ../testcases/bin directory needs to have the test_file_t type.
> > # Save and restore later.
> > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
> > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
> >
> > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
> >
> > @@ -122,7 +122,7 @@
> > rm -rf $TMP/selinux
> >
> > # Restore type of .../testcases/bin directory
> > -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> > +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
> >
> > echo "Removing test_policy module..."
> > $SEMODULE -r test_policy
> > only in patch2:
> > unchanged:
> > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7
> > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000
> > @@ -193,7 +193,7 @@
> > fi
> >
> > # return to $LTPROOT directory
> > - cd ${PWD}
> > + cd ${SAVEPWD}
> >
> > return $RC
> > }
> > only in patch2:
> > unchanged:
> > --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2
> > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000
> > @@ -25,8 +25,6 @@
> > include $(top_srcdir)/include/mk/env_pre.mk
> > include $(abs_srcdir)/../Makefile.inc
> >
> > -LDFLAGS += -static
> > -
> > LDLIBS += -lselinux
> >
> > include $(top_srcdir)/include/mk/generic_leaf_target.mk
> > only in patch2:
> > unchanged:
> > --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4
> > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000
> > @@ -25,6 +25,7 @@
> >
> > # run tests in $LTPROOT/testcases/bin directory
> > SAVEPWD=${PWD}
> > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
> > cd ${LTPBIN}
> > CURRENTDIR="."
> > }
> > @@ -39,7 +40,7 @@
> > # the test_file from test_inherit_parent_t.
> > # Should fail on fd use permission.
> >
> > - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1
> > + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1
> > RC=$?
> > if [ $RC -ne 0 ]
> > then
>
> Ok -- the rest of this has been committed -- please let me know
> how everything goes tomorrow!
It seems rather broken. Specifically:
- policy/Makefile and refpolicy/Makefile still contain references to
Makefile.selinux.
- test_selinux.sh seems to have a wrong notion of LTPROOT and/or to be
running in the wrong cwd and thus cannot execute pan and friends. It
also cannot both cd to $POLICYDIR and still use $POLICYDIR in the path
to test_policy.pp.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-15 14:11 ` Stephen Smalley
@ 2010-01-15 14:17 ` Stephen Smalley
0 siblings, 0 replies; 69+ messages in thread
From: Stephen Smalley @ 2010-01-15 14:17 UTC (permalink / raw)
To: Garrett Cooper; +Cc: Eric Paris, James Morris, ltp-list
On Fri, 2010-01-15 at 09:11 -0500, Stephen Smalley wrote:
> On Thu, 2010-01-14 at 20:44 -0800, Garrett Cooper wrote:
> > On Thu, Jan 14, 2010 at 1:59 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > > On Thu, 2010-01-14 at 13:32 -0800, Garrett Cooper wrote:
> > >> On Thu, Jan 14, 2010 at 1:29 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > >> > On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > >> >> On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
> > >> >>> I guess I'm not being clear. Most of the work presently done by 'load'
> > >> >>> can be done during make all/install. In particular, everything except
> > >> >>> for running semodule -i can be done during make all, and then make
> > >> >>> install should just copy test_policy.pp (the output of make all) to
> > >> >>> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
> > >> >>> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
> > >> >>> afterward. We can also avoid copying test_policy.te to the system
> > >> >>> policy devel directory altogether. Something like this patch (and
> > >> >>> Makefile.selinux can then be removed altogether):
> > >> >>
> > >> >> Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
> > >> >> patch is below. This one actually runs ;)
> > >> >>
> > >> >> Index: testscripts/test_selinux.sh
> > >> >> ===================================================================
> > >> >> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> > >> >> retrieving revision 1.15
> > >> >> diff -u -r1.15 test_selinux.sh
> > >> >> --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
> > >> >> +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> > >> >> @@ -89,11 +89,10 @@
> > >> >> config_allow_domain_fd_use 0
> > >> >>
> > >> >> # build and install the test policy...
> > >> >> -echo "building and installing test_policy module..."
> > >> >> -cd $POLICYDIR
> > >> >> -make load
> > >> >> +echo "installing test_policy module..."
> > >> >> +$SEMODULE -i $POLICYDIR/test_policy.pp
> > >> >> if [ $? != 0 ]; then
> > >> >> - echo "Failed to build and load test_policy module, aborting test run."
> > >> >> + echo "Failed to install load test_policy module, aborting test run."
> > >> >> config_unset_expandcheck
> > >> >> exit 1
> > >> >> else
> > >> >> @@ -126,8 +125,7 @@
> > >> >> /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> > >> >>
> > >> >> echo "Removing test_policy module..."
> > >> >> -cd $POLICYDIR
> > >> >> -make cleanup 2>&1
> > >> >> +$SEMODULE -r test_policy
> > >> >> if [ $? != 0 ]; then
> > >> >> echo "Failed to remove test_policy module."
> > >> >> exit 1
> > >> >> Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> > >> >> ===================================================================
> > >> >> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
> > >> >> retrieving revision 1.17
> > >> >> diff -u -r1.17 Makefile
> > >> >> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 12:40:58 -0000 1.17
> > >> >> +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan 2010 20:41:22 -0000
> > >> >> @@ -39,10 +39,11 @@
> > >> >>
> > >> >> CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
> > >> >> CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> > >> >> +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
> > >> >>
> > >> >> INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
> > >> >>
> > >> >> -INSTALL_TARGETS := Makefile.selinux
> > >> >> +INSTALL_TARGETS := test_policy.pp
> > >> >>
> > >> >> TEST_POLICY_DIR := $(abs_srcdir)/policy_files
> > >> >>
> > >> >> @@ -63,8 +64,17 @@
> > >> >> POLICY_FILES := test_global.te \
> > >> >> $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te)))
> > >> >>
> > >> >> +all: test_policy.pp
> > >> >> +
> > >> >> +test_policy.pp: test_policy.te
> > >> >> + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
> > >> >> + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
> > >> >> + else \
> > >> >> + echo "ERROR: You must have selinux-policy?-devel? installed."; \
> > >> >> + false; \
> > >> >> + fi
> > >> >> +
> > >> >> test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
> > >> >> (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
> > >> >>
> > >> >> include $(top_srcdir)/include/mk/generic_leaf_target.mk
> > >> >> -include $(abs_srcdir)/Makefile.selinux
> > >> >
> > >> > Cool! This is a lot easier than I originally thought it would be.
> > >> >
> > >> > Everything specified with all should be specified instead with the
> > >>
> > >> s/Everything specified with all/All dependencies of all/
> > >>
> > >> MAKE_TARGETS variable. This is because it adds everything in
> > >> > MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then
> > >> > handle it appropriately via clean and install.
> > >> >
> > >> > All I have to do after this is resolve the (semodule?) security bit
> > >> > enabling for the tests, and we'll be in good shape for all build,
> > >> > install, and test scenarios with selinux.
> > >
> > > Further diff on top of the prior one to resolve a few remaining issues
> > > in getting the tests to pass. With these two patches, all tests appear
> > > to pass on Fedora 12.
> > >
> > > Things that remain unresolved:
> > > - RHEL4 support. Is RHEL4 to be supported still by ltp, given
> > > dependencies? RHEL4 has been using the test policy under policy/ and
> > > has a different build/load process.
> > > - Running individual tests manually. As described in the
> > > selinux-testsuite README, it used to be possible to run individual tests
> > > via tests/runtest.sh in order to more easily hunt down specific failures
> > > and get more verbose output than we get from any of the results/* files.
> > >
> > > diff -u testscripts/test_selinux.sh testscripts/test_selinux.sh
> > > --- testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
> > > +++ testscripts/test_selinux.sh 14 Jan 2010 21:48:15 -0000
> > > @@ -113,7 +113,7 @@
> > > # The ../testcases/bin directory needs to have the test_file_t type.
> > > # Save and restore later.
> > > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> > > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
> > > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
> > >
> > > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux
> > >
> > > @@ -122,7 +122,7 @@
> > > rm -rf $TMP/selinux
> > >
> > > # Restore type of .../testcases/bin directory
> > > -/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
> > > +/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
> > >
> > > echo "Removing test_policy module..."
> > > $SEMODULE -r test_policy
> > > only in patch2:
> > > unchanged:
> > > --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 11 May 2009 06:39:46 -0000 1.7
> > > +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 14 Jan 2010 21:48:15 -0000
> > > @@ -193,7 +193,7 @@
> > > fi
> > >
> > > # return to $LTPROOT directory
> > > - cd ${PWD}
> > > + cd ${SAVEPWD}
> > >
> > > return $RC
> > > }
> > > only in patch2:
> > > unchanged:
> > > --- testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 9 Oct 2009 17:55:51 -0000 1.2
> > > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/Makefile 14 Jan 2010 21:48:15 -0000
> > > @@ -25,8 +25,6 @@
> > > include $(top_srcdir)/include/mk/env_pre.mk
> > > include $(abs_srcdir)/../Makefile.inc
> > >
> > > -LDFLAGS += -static
> > > -
> > > LDLIBS += -lselinux
> > >
> > > include $(top_srcdir)/include/mk/generic_leaf_target.mk
> > > only in patch2:
> > > unchanged:
> > > --- testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 21 Apr 2009 09:39:58 -0000 1.4
> > > +++ testcases/kernel/security/selinux-testsuite/tests/inherit/selinux_inherit.sh 14 Jan 2010 21:48:15 -0000
> > > @@ -25,6 +25,7 @@
> > >
> > > # run tests in $LTPROOT/testcases/bin directory
> > > SAVEPWD=${PWD}
> > > + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
> > > cd ${LTPBIN}
> > > CURRENTDIR="."
> > > }
> > > @@ -39,7 +40,7 @@
> > > # the test_file from test_inherit_parent_t.
> > > # Should fail on fd use permission.
> > >
> > > - runcon -t test_inherit_parent_t -- selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file selinux_inherit_child 2>&1
> > > + runcon -t test_inherit_parent_t -- $CURRENTDIR/selinux_inherit_parent test_inherit_nouse_t $SELINUXTMPDIR/test_file $CURRENTDIR/selinux_inherit_child 2>&1
> > > RC=$?
> > > if [ $RC -ne 0 ]
> > > then
> >
> > Ok -- the rest of this has been committed -- please let me know
> > how everything goes tomorrow!
>
> It seems rather broken. Specifically:
> - policy/Makefile and refpolicy/Makefile still contain references to
> Makefile.selinux.
> - test_selinux.sh seems to have a wrong notion of LTPROOT and/or to be
> running in the wrong cwd and thus cannot execute pan and friends. It
> also cannot both cd to $POLICYDIR and still use $POLICYDIR in the path
> to test_policy.pp.
If you have a working Fedora VM, you really ought to be able to run this
yourself there without any special setup - SELinux is enabled by default
in Fedora and should work out of the box.
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-12 15:38 ` Serge E. Hallyn
2010-01-12 16:56 ` Garrett Cooper
2010-01-12 18:51 ` Stephen Smalley
@ 2010-01-15 17:48 ` Garrett Cooper
2010-01-26 8:31 ` Garrett Cooper
2 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-15 17:48 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> Quoting Garrett Cooper (yanegomi@gmail.com):
>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>> >> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> >> > > > > Fails with:
>> >> > > > > cp: cannot stat
>> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>> >> > > >
>> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>> >> > > >
>> >> > > > I think we are supposed to actually be running
>> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> >> > > > testscript? Or should the policy sources be copied into /opt?
>> >> > >
>> >> > > Ok, but regardless: the refpolicy Makefile is still broken.
>> >> >
>> >> > Yup.
>> >>
>> >> All right, baby-steps.
>> >>
>> >> The attached test_selinux.diff is not to be applied, but something
>> >> like it is needed. Should we have the ltp 'make install' fill in
>> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>> >> that is the issue I was saying is shared between test_selinux.sh
>> >> and some others including test_robind.sh. That's why I'm not just
>> >> sending a patch to make it work, bc i think we need more general
>> >> guidance.
>> >>
>> >> The second match makes the 'make load' part of test_selinux.sh
>> >> succeed on rhel5.4. Stephen, how does it do on fedora?
>> >>
>> >> After loading policy it fails to execute ltp-pan, but I figure let's
>> >> get policy loading working first.
>> >>
>> >> -serge
>> >
>> > gah, attaching the actual patches this time.
>> >
>> > -serge
>>
>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
>> hardcoded as LTPROOT.
>
> I said 'not to be applied'. You're not rejecting.
>
>> 2. Why is the redhat stuff support to work
>> agnostic to the major and minor version?
>
> It's not agnostic to the major version. Only the minor version.
>
> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
> i suppose we can just get rid of rhel4 support selinux-testsuite.
No. 1. Compiling make 3.81 today and installing it is trivial, so it
shouldn't be removed today. 2. I've finally decided that I'm going to
look outside of the box into providing equivalent functionality via
shell functions using purely built-in commands [and test(1)] to fill
in the feature gaps for make 3.80. I've gotten to the point where I
just gave up trying to ride out what I possibly can in make 3.80, so
it's time to pull in some external pieces to get the job done.
Thanks,
-Garrett
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-15 17:48 ` Garrett Cooper
@ 2010-01-26 8:31 ` Garrett Cooper
2010-01-26 14:30 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-26 8:31 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: ltp-list, Stephen Smalley, James Morris, Eric Paris
On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>> Quoting Garrett Cooper (yanegomi@gmail.com):
>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> >> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
>>> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>> >> > > > > Fails with:
>>> >> > > > > cp: cannot stat
>>> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>> >> > > >
>>> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>> >> > > >
>>> >> > > > I think we are supposed to actually be running
>>> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>>> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>>> >> > > > testscript? Or should the policy sources be copied into /opt?
>>> >> > >
>>> >> > > Ok, but regardless: the refpolicy Makefile is still broken.
>>> >> >
>>> >> > Yup.
>>> >>
>>> >> All right, baby-steps.
>>> >>
>>> >> The attached test_selinux.diff is not to be applied, but something
>>> >> like it is needed. Should we have the ltp 'make install' fill in
>>> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>> >> that is the issue I was saying is shared between test_selinux.sh
>>> >> and some others including test_robind.sh. That's why I'm not just
>>> >> sending a patch to make it work, bc i think we need more general
>>> >> guidance.
>>> >>
>>> >> The second match makes the 'make load' part of test_selinux.sh
>>> >> succeed on rhel5.4. Stephen, how does it do on fedora?
>>> >>
>>> >> After loading policy it fails to execute ltp-pan, but I figure let's
>>> >> get policy loading working first.
>>> >>
>>> >> -serge
>>> >
>>> > gah, attaching the actual patches this time.
>>> >
>>> > -serge
>>>
>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
>>> hardcoded as LTPROOT.
>>
>> I said 'not to be applied'. You're not rejecting.
>>
>>> 2. Why is the redhat stuff support to work
>>> agnostic to the major and minor version?
>>
>> It's not agnostic to the major version. Only the minor version.
>>
>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
>> i suppose we can just get rid of rhel4 support selinux-testsuite.
>
> No. 1. Compiling make 3.81 today and installing it is trivial, so it
> shouldn't be removed today. 2. I've finally decided that I'm going to
> look outside of the box into providing equivalent functionality via
> shell functions using purely built-in commands [and test(1)] to fill
> in the feature gaps for make 3.80. I've gotten to the point where I
> just gave up trying to ride out what I possibly can in make 3.80, so
> it's time to pull in some external pieces to get the job done.
All of the install junk works now, but the modes need fixing, or
some such fun. Please analyze the test_selinux.sh script and tell me
what to commit next to fix everything.
Thanks,
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-26 8:31 ` Garrett Cooper
@ 2010-01-26 14:30 ` Stephen Smalley
2010-01-27 6:34 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-26 14:30 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote:
> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> >> Quoting Garrett Cooper (yanegomi@gmail.com):
> >>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> >>> > Quoting Serge E. Hallyn (serue@us.ibm.com):
> >>> >> Quoting Serge E. Hallyn (serue@us.ibm.com):
> >>> >> > Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >>> >> > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> >>> >> > > > > Fails with:
> >>> >> > > > > cp: cannot stat
> >>> >> > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> >>> >> > > >
> >>> >> > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> >>> >> > > >
> >>> >> > > > I think we are supposed to actually be running
> >>> >> > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> >>> >> > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> >>> >> > > > testscript? Or should the policy sources be copied into /opt?
> >>> >> > >
> >>> >> > > Ok, but regardless: the refpolicy Makefile is still broken.
> >>> >> >
> >>> >> > Yup.
> >>> >>
> >>> >> All right, baby-steps.
> >>> >>
> >>> >> The attached test_selinux.diff is not to be applied, but something
> >>> >> like it is needed. Should we have the ltp 'make install' fill in
> >>> >> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> >>> >> that is the issue I was saying is shared between test_selinux.sh
> >>> >> and some others including test_robind.sh. That's why I'm not just
> >>> >> sending a patch to make it work, bc i think we need more general
> >>> >> guidance.
> >>> >>
> >>> >> The second match makes the 'make load' part of test_selinux.sh
> >>> >> succeed on rhel5.4. Stephen, how does it do on fedora?
> >>> >>
> >>> >> After loading policy it fails to execute ltp-pan, but I figure let's
> >>> >> get policy loading working first.
> >>> >>
> >>> >> -serge
> >>> >
> >>> > gah, attaching the actual patches this time.
> >>> >
> >>> > -serge
> >>>
> >>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
> >>> hardcoded as LTPROOT.
> >>
> >> I said 'not to be applied'. You're not rejecting.
> >>
> >>> 2. Why is the redhat stuff support to work
> >>> agnostic to the major and minor version?
> >>
> >> It's not agnostic to the major version. Only the minor version.
> >>
> >> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
> >> i suppose we can just get rid of rhel4 support selinux-testsuite.
> >
> > No. 1. Compiling make 3.81 today and installing it is trivial, so it
> > shouldn't be removed today. 2. I've finally decided that I'm going to
> > look outside of the box into providing equivalent functionality via
> > shell functions using purely built-in commands [and test(1)] to fill
> > in the feature gaps for make 3.80. I've gotten to the point where I
> > just gave up trying to ride out what I possibly can in make 3.80, so
> > it's time to pull in some external pieces to get the job done.
>
> All of the install junk works now, but the modes need fixing, or
> some such fun. Please analyze the test_selinux.sh script and tell me
> what to commit next to fix everything.
Hi Garrett,
I needed to apply the patch below to make test_selinux.sh run
successfully on Fedora 12. The problems were:
- The setting of LTPROOT in test_selinux.sh was incorrect, leading to
problems with invoking everything else. Note that I invoke it by doing:
cd /opt/ltp && ./testscripts/test_selinux.sh
and thus $0 is a relative path, whereas we want an absolute one.
- You don't need to cd to $POLICYDIR at all since you specify
$POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on
the installed policy module.
- The attempt to extract paths from runtest/selinux and invoke chcon on
them wasn't working as $LTPROOT wasn't being expanded; easier to just do
a chcon -R there as before.
- runtest/selinux had the wrong paths to the test programs (or
alternatively, they aren't being installed to the right location - they
all get installed directly to $LTPROOT/testcases/bin.
Index: testscripts/test_selinux.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
retrieving revision 1.20
diff -u -r1.20 test_selinux.sh
--- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20
+++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000
@@ -37,15 +37,14 @@
fi
# set the LTPROOT directory
-LTPROOT=${LTPROOT:=${0%/*}}
-cd "$LTPROOT"
+LTPROOT=`pwd`
export TMP=${TMP:-/tmp}
-# If we're in the testscripts directory, go down a dir..
+# If we're in the testscripts directory, go up a dir..
LTPROOT_TMP=${LTPROOT%/testscripts}
if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
then
cd ..
- LTPROOT=$LTPROOT_TMP
+ LTPROOT=`pwd`
fi
export LTPROOT
unset LTPROOT_TMP
@@ -89,7 +88,6 @@
# install the test policy...
echo "Installing test_policy module..."
-cd $POLICYDIR
if ! semodule -i $POLICYDIR/test_policy.pp; then
echo "Failed to install test_policy module, aborting test run."
config_unset_expandcheck
@@ -100,9 +98,6 @@
config_unset_expandcheck
-# go back to test's root directory
-cd $LTPROOT
-
echo "Running the SELinux testsuite..."
mkdir $TMP/selinux > /dev/null 2>&1
@@ -112,8 +107,7 @@
# The ../testcases/bin directory needs to have the test_file_t type.
# Save and restore later.
SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
-/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \
- $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux")
+/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \
-l $LTPROOT/results/selinux.logfile \
@@ -127,7 +121,6 @@
/usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
echo "Removing test_policy module..."
-cd $POLICYDIR
if ! semodule -r test_policy; then
echo "Failed to remove test_policy module."
exit 1
Index: runtest/selinux
===================================================================
RCS file: /cvsroot/ltp/ltp/runtest/selinux,v
retrieving revision 1.4
diff -u -r1.4 selinux
--- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4
+++ runtest/selinux 26 Jan 2010 14:20:40 -0000
@@ -1,40 +1,40 @@
#DESCRIPTION:Security-Enhanced Linux
-SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh
-SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh
-SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh
-SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh
-SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh
-SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh
-SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh
-SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh
-SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh
-SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh
-SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh
-SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh
-SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh
-SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh
-SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh
-SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh
-SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh
-SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh
-SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh
-SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh
-SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh
-SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh
-SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh
-SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh
-SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh
-SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh
-SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh
-SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh
-SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh
-SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh
-SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh
-SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh
-SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh
-SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh
-SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh
-SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh
-SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh
-SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh
-SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh
+SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh
+SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh
+SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh
+SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh
+SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh
+SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh
+SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh
+SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh
+SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh
+SELinux10 $LTPROOT/testcases/bin/selinux_file.sh
+SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh
+SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh
+SELinux13 $LTPROOT/testcases/bin/selinux_link.sh
+SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh
+SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh
+SELinux16 $LTPROOT/testcases/bin/selinux_open.sh
+SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh
+SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh
+SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh
+SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh
+SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh
+SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh
+SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh
+SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh
+SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh
+SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh
+SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh
+SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh
+SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh
+SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh
+SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh
+SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh
+SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh
+SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh
+SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh
+SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh
+SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh
+SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh
+SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-26 14:30 ` Stephen Smalley
@ 2010-01-27 6:34 ` Garrett Cooper
2010-01-27 19:12 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-27 6:34 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote:
> On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote:
>> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
>>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>>>> Quoting Garrett Cooper (yanegomi@gmail.com):
>>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>>>>>>>>>> Fails with:
>>>>>>>>>>> cp: cannot stat
>>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>>>>>>>>>
>>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>>>>>>>>>
>>>>>>>>>> I think we are supposed to actually be running
>>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>>>>>>>>>> testscript? Or should the policy sources be copied into /opt?
>>>>>>>>>
>>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken.
>>>>>>>>
>>>>>>>> Yup.
>>>>>>>
>>>>>>> All right, baby-steps.
>>>>>>>
>>>>>>> The attached test_selinux.diff is not to be applied, but something
>>>>>>> like it is needed. Should we have the ltp 'make install' fill in
>>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>>>>>> that is the issue I was saying is shared between test_selinux.sh
>>>>>>> and some others including test_robind.sh. That's why I'm not just
>>>>>>> sending a patch to make it work, bc i think we need more general
>>>>>>> guidance.
>>>>>>>
>>>>>>> The second match makes the 'make load' part of test_selinux.sh
>>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora?
>>>>>>>
>>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's
>>>>>>> get policy loading working first.
>>>>>>>
>>>>>>> -serge
>>>>>>
>>>>>> gah, attaching the actual patches this time.
>>>>>>
>>>>>> -serge
>>>>>
>>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
>>>>> hardcoded as LTPROOT.
>>>>
>>>> I said 'not to be applied'. You're not rejecting.
>>>>
>>>>> 2. Why is the redhat stuff support to work
>>>>> agnostic to the major and minor version?
>>>>
>>>> It's not agnostic to the major version. Only the minor version.
>>>>
>>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
>>>> i suppose we can just get rid of rhel4 support selinux-testsuite.
>>>
>>> No. 1. Compiling make 3.81 today and installing it is trivial, so it
>>> shouldn't be removed today. 2. I've finally decided that I'm going to
>>> look outside of the box into providing equivalent functionality via
>>> shell functions using purely built-in commands [and test(1)] to fill
>>> in the feature gaps for make 3.80. I've gotten to the point where I
>>> just gave up trying to ride out what I possibly can in make 3.80, so
>>> it's time to pull in some external pieces to get the job done.
>>
>> All of the install junk works now, but the modes need fixing, or
>> some such fun. Please analyze the test_selinux.sh script and tell me
>> what to commit next to fix everything.
>
> Hi Garrett,
>
> I needed to apply the patch below to make test_selinux.sh run
> successfully on Fedora 12. The problems were:
> - The setting of LTPROOT in test_selinux.sh was incorrect, leading to
> problems with invoking everything else. Note that I invoke it by doing:
> cd /opt/ltp && ./testscripts/test_selinux.sh
> and thus $0 is a relative path, whereas we want an absolute one.
> - You don't need to cd to $POLICYDIR at all since you specify
> $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on
> the installed policy module.
> - The attempt to extract paths from runtest/selinux and invoke chcon on
> them wasn't working as $LTPROOT wasn't being expanded; easier to just do
> a chcon -R there as before.
> - runtest/selinux had the wrong paths to the test programs (or
> alternatively, they aren't being installed to the right location - they
> all get installed directly to $LTPROOT/testcases/bin.
>
> Index: testscripts/test_selinux.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> retrieving revision 1.20
> diff -u -r1.20 test_selinux.sh
> --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20
> +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000
> @@ -37,15 +37,14 @@
> fi
>
> # set the LTPROOT directory
> -LTPROOT=${LTPROOT:=${0%/*}}
> -cd "$LTPROOT"
> +LTPROOT=`pwd`
> export TMP=${TMP:-/tmp}
> -# If we're in the testscripts directory, go down a dir..
> +# If we're in the testscripts directory, go up a dir..
> LTPROOT_TMP=${LTPROOT%/testscripts}
> if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
> then
> cd ..
> - LTPROOT=$LTPROOT_TMP
> + LTPROOT=`pwd`
> fi
> export LTPROOT
> unset LTPROOT_TMP
> @@ -89,7 +88,6 @@
>
> # install the test policy...
> echo "Installing test_policy module..."
> -cd $POLICYDIR
> if ! semodule -i $POLICYDIR/test_policy.pp; then
> echo "Failed to install test_policy module, aborting test run."
> config_unset_expandcheck
> @@ -100,9 +98,6 @@
>
> config_unset_expandcheck
>
> -# go back to test's root directory
> -cd $LTPROOT
> -
> echo "Running the SELinux testsuite..."
>
> mkdir $TMP/selinux > /dev/null 2>&1
> @@ -112,8 +107,7 @@
> # The ../testcases/bin directory needs to have the test_file_t type.
> # Save and restore later.
> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \
> - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux")
> +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
>
> $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \
> -l $LTPROOT/results/selinux.logfile \
> @@ -127,7 +121,6 @@
> /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
>
> echo "Removing test_policy module..."
> -cd $POLICYDIR
> if ! semodule -r test_policy; then
> echo "Failed to remove test_policy module."
> exit 1
> Index: runtest/selinux
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/runtest/selinux,v
> retrieving revision 1.4
> diff -u -r1.4 selinux
> --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4
> +++ runtest/selinux 26 Jan 2010 14:20:40 -0000
> @@ -1,40 +1,40 @@
> #DESCRIPTION:Security-Enhanced Linux
> -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh
> -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh
> -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh
> -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh
> -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh
> -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh
> -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh
> -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh
> -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh
> -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh
> -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh
> -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh
> -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh
> -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh
> -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh
> -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh
> -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh
> -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh
> -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh
> -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh
> -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh
> -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh
> -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh
> -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh
> -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh
> -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh
> -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh
> -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh
> -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh
> -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh
> -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh
> -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh
> -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh
> -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh
> -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh
> -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh
> -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh
> -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh
> -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh
> +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh
> +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh
> +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh
> +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh
> +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh
> +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh
> +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh
> +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh
> +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh
> +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh
> +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh
> +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh
> +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh
> +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh
> +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh
> +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh
> +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh
> +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh
> +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh
> +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh
> +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh
> +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh
> +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh
> +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh
> +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh
> +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh
> +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh
> +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh
> +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh
> +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh
> +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh
> +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh
> +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh
> +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh
> +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh
> +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh
> +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh
> +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh
> +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh
Ok -- I think that we just resolved the last of the selinux test suite saga by properly
The difference between your suggested patch above and what I committed was the line were it determined LTPROOT. Assuming that LTPROOT is the directory where the script was run isn't a smart idea, and I'm pretty sure that you were doing this purely because test_selinux.sh was in your path.
After the above items were committed, this is the end result:
Total Tests: 39
Total Failures: 0
Kernel Version: 2.6.31.9-174.fc12.i686.PAE
Machine Architecture: i686
Hostname: localhost.localdomain
I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...?
Thanks,
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-27 6:34 ` Garrett Cooper
@ 2010-01-27 19:12 ` Stephen Smalley
2010-01-27 22:37 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-27 19:12 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Tue, 2010-01-26 at 22:34 -0800, Garrett Cooper wrote:
> On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote:
>
> > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote:
> >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
> >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> >>>> Quoting Garrett Cooper (yanegomi@gmail.com):
> >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
> >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
> >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
> >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
> >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
> >>>>>>>>>>> Fails with:
> >>>>>>>>>>> cp: cannot stat
> >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
> >>>>>>>>>>
> >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
> >>>>>>>>>>
> >>>>>>>>>> I think we are supposed to actually be running
> >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
> >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
> >>>>>>>>>> testscript? Or should the policy sources be copied into /opt?
> >>>>>>>>>
> >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken.
> >>>>>>>>
> >>>>>>>> Yup.
> >>>>>>>
> >>>>>>> All right, baby-steps.
> >>>>>>>
> >>>>>>> The attached test_selinux.diff is not to be applied, but something
> >>>>>>> like it is needed. Should we have the ltp 'make install' fill in
> >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
> >>>>>>> that is the issue I was saying is shared between test_selinux.sh
> >>>>>>> and some others including test_robind.sh. That's why I'm not just
> >>>>>>> sending a patch to make it work, bc i think we need more general
> >>>>>>> guidance.
> >>>>>>>
> >>>>>>> The second match makes the 'make load' part of test_selinux.sh
> >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora?
> >>>>>>>
> >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's
> >>>>>>> get policy loading working first.
> >>>>>>>
> >>>>>>> -serge
> >>>>>>
> >>>>>> gah, attaching the actual patches this time.
> >>>>>>
> >>>>>> -serge
> >>>>>
> >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
> >>>>> hardcoded as LTPROOT.
> >>>>
> >>>> I said 'not to be applied'. You're not rejecting.
> >>>>
> >>>>> 2. Why is the redhat stuff support to work
> >>>>> agnostic to the major and minor version?
> >>>>
> >>>> It's not agnostic to the major version. Only the minor version.
> >>>>
> >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
> >>>> i suppose we can just get rid of rhel4 support selinux-testsuite.
> >>>
> >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it
> >>> shouldn't be removed today. 2. I've finally decided that I'm going to
> >>> look outside of the box into providing equivalent functionality via
> >>> shell functions using purely built-in commands [and test(1)] to fill
> >>> in the feature gaps for make 3.80. I've gotten to the point where I
> >>> just gave up trying to ride out what I possibly can in make 3.80, so
> >>> it's time to pull in some external pieces to get the job done.
> >>
> >> All of the install junk works now, but the modes need fixing, or
> >> some such fun. Please analyze the test_selinux.sh script and tell me
> >> what to commit next to fix everything.
> >
> > Hi Garrett,
> >
> > I needed to apply the patch below to make test_selinux.sh run
> > successfully on Fedora 12. The problems were:
> > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to
> > problems with invoking everything else. Note that I invoke it by doing:
> > cd /opt/ltp && ./testscripts/test_selinux.sh
> > and thus $0 is a relative path, whereas we want an absolute one.
> > - You don't need to cd to $POLICYDIR at all since you specify
> > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on
> > the installed policy module.
> > - The attempt to extract paths from runtest/selinux and invoke chcon on
> > them wasn't working as $LTPROOT wasn't being expanded; easier to just do
> > a chcon -R there as before.
> > - runtest/selinux had the wrong paths to the test programs (or
> > alternatively, they aren't being installed to the right location - they
> > all get installed directly to $LTPROOT/testcases/bin.
> >
> > Index: testscripts/test_selinux.sh
> > ===================================================================
> > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
> > retrieving revision 1.20
> > diff -u -r1.20 test_selinux.sh
> > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20
> > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000
> > @@ -37,15 +37,14 @@
> > fi
> >
> > # set the LTPROOT directory
> > -LTPROOT=${LTPROOT:=${0%/*}}
> > -cd "$LTPROOT"
> > +LTPROOT=`pwd`
> > export TMP=${TMP:-/tmp}
> > -# If we're in the testscripts directory, go down a dir..
> > +# If we're in the testscripts directory, go up a dir..
> > LTPROOT_TMP=${LTPROOT%/testscripts}
> > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
> > then
> > cd ..
> > - LTPROOT=$LTPROOT_TMP
> > + LTPROOT=`pwd`
> > fi
> > export LTPROOT
> > unset LTPROOT_TMP
> > @@ -89,7 +88,6 @@
> >
> > # install the test policy...
> > echo "Installing test_policy module..."
> > -cd $POLICYDIR
> > if ! semodule -i $POLICYDIR/test_policy.pp; then
> > echo "Failed to install test_policy module, aborting test run."
> > config_unset_expandcheck
> > @@ -100,9 +98,6 @@
> >
> > config_unset_expandcheck
> >
> > -# go back to test's root directory
> > -cd $LTPROOT
> > -
> > echo "Running the SELinux testsuite..."
> >
> > mkdir $TMP/selinux > /dev/null 2>&1
> > @@ -112,8 +107,7 @@
> > # The ../testcases/bin directory needs to have the test_file_t type.
> > # Save and restore later.
> > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
> > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \
> > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux")
> > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
> >
> > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \
> > -l $LTPROOT/results/selinux.logfile \
> > @@ -127,7 +121,6 @@
> > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
> >
> > echo "Removing test_policy module..."
> > -cd $POLICYDIR
> > if ! semodule -r test_policy; then
> > echo "Failed to remove test_policy module."
> > exit 1
> > Index: runtest/selinux
> > ===================================================================
> > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v
> > retrieving revision 1.4
> > diff -u -r1.4 selinux
> > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4
> > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000
> > @@ -1,40 +1,40 @@
> > #DESCRIPTION:Security-Enhanced Linux
> > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh
> > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh
> > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh
> > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh
> > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh
> > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh
> > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh
> > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh
> > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh
> > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh
> > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh
> > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh
> > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh
> > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh
> > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh
> > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh
> > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh
> > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh
> > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh
> > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh
> > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh
> > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh
> > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh
> > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh
> > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh
> > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh
> > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh
> > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh
> > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh
> > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh
> > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh
> > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh
> > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh
> > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh
> > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh
> > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh
> > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh
> > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh
> > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh
> > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh
> > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh
> > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh
> > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh
> > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh
> > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh
> > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh
> > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh
> > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh
> > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh
> > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh
> > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh
> > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh
> > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh
> > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh
> > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh
> > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh
> > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh
> > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh
> > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh
> > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh
> > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh
> > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh
> > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh
> > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh
> > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh
> > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh
> > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh
> > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh
> > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh
> > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh
> > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh
> > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh
> > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh
> > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh
> > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh
> > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh
> > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh
> > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh
>
> Ok -- I think that we just resolved the last of the selinux test suite saga by properly
>
> The difference between your suggested patch above and what I committed
> was the line were it determined LTPROOT. Assuming that LTPROOT is the
> directory where the script was run isn't a smart idea, and I'm pretty
> sure that you were doing this purely because test_selinux.sh was in
> your path.
So you require that the test script be invoked by absolute path, ala:
$ /opt/ltp/testscripts/test_selinux.sh
I was invoking the tests via:
$ cd /opt/ltp
$ ./testscripts/test_selinux.sh
The latter won't work with your current LTPROOT definition; it will end
up with a LTPROOT=. and LTPBIN=./testcases/bin, which then won't work
when it gets referenced by the individual test scripts particularly when
they change to a subdirectory for a particular test. This yields a
couple of failures in the .log and 'No such file or directory' errors in
the .outfile.
> After the above items were committed, this is the end result:
>
> Total Tests: 39
> Total Failures: 0
> Kernel Version: 2.6.31.9-174.fc12.i686.PAE
> Machine Architecture: i686
> Hostname: localhost.localdomain
>
> I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...?
When invoked via cd /opt/ltp && ./testscripts/test_selinux.sh I get the
following errors in the .outfile:
chcon: cannot access `selinux_wait_io': No such file or directory
./testcases/bin/selinux_file.sh: line 188: tst_resm: command not found
runcon: selinux_wait_parent: No such file or directory
./testcases/bin/selinux_wait.sh: line 35: tst_resm: command not found
runcon: selinux_wait_parent: No such file or directory
./testcases/bin/selinux_wait.sh: line 51: tst_resm: command not found
The first message actually shows up even when invoked
via /opt/ltp/testscripts/test_selinux.sh, although it doesn't appear to
cause any FAIL in that case. The test_resm messages are odd - is that
not getting defined anywhere?
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-27 19:12 ` Stephen Smalley
@ 2010-01-27 22:37 ` Garrett Cooper
2010-01-28 5:56 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-27 22:37 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Wed, Jan 27, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Tue, 2010-01-26 at 22:34 -0800, Garrett Cooper wrote:
>> On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote:
>>
>> > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote:
>> >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>> >>>> Quoting Garrett Cooper (yanegomi@gmail.com):
>> >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>> >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>> >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>> >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>> >>>>>>>>>>> Fails with:
>> >>>>>>>>>>> cp: cannot stat
>> >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>> >>>>>>>>>>
>> >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>> >>>>>>>>>>
>> >>>>>>>>>> I think we are supposed to actually be running
>> >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>> >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>> >>>>>>>>>> testscript? Or should the policy sources be copied into /opt?
>> >>>>>>>>>
>> >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken.
>> >>>>>>>>
>> >>>>>>>> Yup.
>> >>>>>>>
>> >>>>>>> All right, baby-steps.
>> >>>>>>>
>> >>>>>>> The attached test_selinux.diff is not to be applied, but something
>> >>>>>>> like it is needed. Should we have the ltp 'make install' fill in
>> >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>> >>>>>>> that is the issue I was saying is shared between test_selinux.sh
>> >>>>>>> and some others including test_robind.sh. That's why I'm not just
>> >>>>>>> sending a patch to make it work, bc i think we need more general
>> >>>>>>> guidance.
>> >>>>>>>
>> >>>>>>> The second match makes the 'make load' part of test_selinux.sh
>> >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora?
>> >>>>>>>
>> >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's
>> >>>>>>> get policy loading working first.
>> >>>>>>>
>> >>>>>>> -serge
>> >>>>>>
>> >>>>>> gah, attaching the actual patches this time.
>> >>>>>>
>> >>>>>> -serge
>> >>>>>
>> >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
>> >>>>> hardcoded as LTPROOT.
>> >>>>
>> >>>> I said 'not to be applied'. You're not rejecting.
>> >>>>
>> >>>>> 2. Why is the redhat stuff support to work
>> >>>>> agnostic to the major and minor version?
>> >>>>
>> >>>> It's not agnostic to the major version. Only the minor version.
>> >>>>
>> >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
>> >>>> i suppose we can just get rid of rhel4 support selinux-testsuite.
>> >>>
>> >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it
>> >>> shouldn't be removed today. 2. I've finally decided that I'm going to
>> >>> look outside of the box into providing equivalent functionality via
>> >>> shell functions using purely built-in commands [and test(1)] to fill
>> >>> in the feature gaps for make 3.80. I've gotten to the point where I
>> >>> just gave up trying to ride out what I possibly can in make 3.80, so
>> >>> it's time to pull in some external pieces to get the job done.
>> >>
>> >> All of the install junk works now, but the modes need fixing, or
>> >> some such fun. Please analyze the test_selinux.sh script and tell me
>> >> what to commit next to fix everything.
>> >
>> > Hi Garrett,
>> >
>> > I needed to apply the patch below to make test_selinux.sh run
>> > successfully on Fedora 12. The problems were:
>> > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to
>> > problems with invoking everything else. Note that I invoke it by doing:
>> > cd /opt/ltp && ./testscripts/test_selinux.sh
>> > and thus $0 is a relative path, whereas we want an absolute one.
>> > - You don't need to cd to $POLICYDIR at all since you specify
>> > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on
>> > the installed policy module.
>> > - The attempt to extract paths from runtest/selinux and invoke chcon on
>> > them wasn't working as $LTPROOT wasn't being expanded; easier to just do
>> > a chcon -R there as before.
>> > - runtest/selinux had the wrong paths to the test programs (or
>> > alternatively, they aren't being installed to the right location - they
>> > all get installed directly to $LTPROOT/testcases/bin.
>> >
>> > Index: testscripts/test_selinux.sh
>> > ===================================================================
>> > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
>> > retrieving revision 1.20
>> > diff -u -r1.20 test_selinux.sh
>> > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20
>> > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000
>> > @@ -37,15 +37,14 @@
>> > fi
>> >
>> > # set the LTPROOT directory
>> > -LTPROOT=${LTPROOT:=${0%/*}}
>> > -cd "$LTPROOT"
>> > +LTPROOT=`pwd`
>> > export TMP=${TMP:-/tmp}
>> > -# If we're in the testscripts directory, go down a dir..
>> > +# If we're in the testscripts directory, go up a dir..
>> > LTPROOT_TMP=${LTPROOT%/testscripts}
>> > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
>> > then
>> > cd ..
>> > - LTPROOT=$LTPROOT_TMP
>> > + LTPROOT=`pwd`
>> > fi
>> > export LTPROOT
>> > unset LTPROOT_TMP
>> > @@ -89,7 +88,6 @@
>> >
>> > # install the test policy...
>> > echo "Installing test_policy module..."
>> > -cd $POLICYDIR
>> > if ! semodule -i $POLICYDIR/test_policy.pp; then
>> > echo "Failed to install test_policy module, aborting test run."
>> > config_unset_expandcheck
>> > @@ -100,9 +98,6 @@
>> >
>> > config_unset_expandcheck
>> >
>> > -# go back to test's root directory
>> > -cd $LTPROOT
>> > -
>> > echo "Running the SELinux testsuite..."
>> >
>> > mkdir $TMP/selinux > /dev/null 2>&1
>> > @@ -112,8 +107,7 @@
>> > # The ../testcases/bin directory needs to have the test_file_t type.
>> > # Save and restore later.
>> > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
>> > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \
>> > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux")
>> > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
>> >
>> > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \
>> > -l $LTPROOT/results/selinux.logfile \
>> > @@ -127,7 +121,6 @@
>> > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
>> >
>> > echo "Removing test_policy module..."
>> > -cd $POLICYDIR
>> > if ! semodule -r test_policy; then
>> > echo "Failed to remove test_policy module."
>> > exit 1
>> > Index: runtest/selinux
>> > ===================================================================
>> > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v
>> > retrieving revision 1.4
>> > diff -u -r1.4 selinux
>> > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4
>> > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000
>> > @@ -1,40 +1,40 @@
>> > #DESCRIPTION:Security-Enhanced Linux
>> > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh
>> > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh
>> > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh
>> > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh
>> > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh
>> > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh
>> > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh
>> > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh
>> > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh
>> > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh
>> > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh
>> > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh
>> > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh
>> > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh
>> > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh
>> > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh
>> > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh
>> > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh
>> > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh
>> > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh
>> > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh
>> > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh
>> > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh
>> > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh
>> > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh
>> > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh
>> > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh
>> > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh
>> > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh
>> > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh
>> > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh
>> > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh
>> > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh
>> > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh
>> > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh
>> > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh
>> > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh
>> > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh
>> > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh
>> > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh
>> > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh
>> > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh
>> > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh
>> > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh
>> > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh
>> > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh
>> > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh
>> > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh
>> > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh
>> > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh
>> > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh
>> > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh
>> > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh
>> > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh
>> > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh
>> > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh
>> > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh
>> > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh
>> > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh
>> > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh
>> > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh
>> > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh
>> > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh
>> > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh
>> > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh
>> > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh
>> > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh
>> > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh
>> > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh
>> > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh
>> > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh
>> > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh
>> > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh
>> > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh
>> > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh
>> > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh
>> > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh
>> > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh
>>
>> Ok -- I think that we just resolved the last of the selinux test suite saga by properly
>>
>> The difference between your suggested patch above and what I committed
>> was the line were it determined LTPROOT. Assuming that LTPROOT is the
>> directory where the script was run isn't a smart idea, and I'm pretty
>> sure that you were doing this purely because test_selinux.sh was in
>> your path.
>
> So you require that the test script be invoked by absolute path, ala:
> $ /opt/ltp/testscripts/test_selinux.sh
>
> I was invoking the tests via:
> $ cd /opt/ltp
> $ ./testscripts/test_selinux.sh
>
> The latter won't work with your current LTPROOT definition; it will end
> up with a LTPROOT=. and LTPBIN=./testcases/bin, which then won't work
> when it gets referenced by the individual test scripts particularly when
> they change to a subdirectory for a particular test. This yields a
> couple of failures in the .log and 'No such file or directory' errors in
> the .outfile.
>
>> After the above items were committed, this is the end result:
>>
>> Total Tests: 39
>> Total Failures: 0
>> Kernel Version: 2.6.31.9-174.fc12.i686.PAE
>> Machine Architecture: i686
>> Hostname: localhost.localdomain
>>
>> I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...?
>
> When invoked via cd /opt/ltp && ./testscripts/test_selinux.sh I get the
> following errors in the .outfile:
>
> chcon: cannot access `selinux_wait_io': No such file or directory
> ./testcases/bin/selinux_file.sh: line 188: tst_resm: command not found
> runcon: selinux_wait_parent: No such file or directory
> ./testcases/bin/selinux_wait.sh: line 35: tst_resm: command not found
> runcon: selinux_wait_parent: No such file or directory
> ./testcases/bin/selinux_wait.sh: line 51: tst_resm: command not found
>
> The first message actually shows up even when invoked
> via /opt/ltp/testscripts/test_selinux.sh, although it doesn't appear to
> cause any FAIL in that case. The test_resm messages are odd - is that
> not getting defined anywhere?
Ok. Send me a patch that does a readlink -f of the LTPPATH and set
your PATH to include $LTPROOT/testcases/bin, and you'll be good to go
-- thanks!
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-27 22:37 ` Garrett Cooper
@ 2010-01-28 5:56 ` Garrett Cooper
2010-01-28 14:02 ` Stephen Smalley
0 siblings, 1 reply; 69+ messages in thread
From: Garrett Cooper @ 2010-01-28 5:56 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Wed, Jan 27, 2010 at 2:37 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> On Wed, Jan 27, 2010 at 11:12 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On Tue, 2010-01-26 at 22:34 -0800, Garrett Cooper wrote:
>>> On Jan 26, 2010, at 6:30 AM, Stephen Smalley wrote:
>>>
>>> > On Tue, 2010-01-26 at 00:31 -0800, Garrett Cooper wrote:
>>> >> On Fri, Jan 15, 2010 at 9:48 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
>>> >>> On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>>> >>>> Quoting Garrett Cooper (yanegomi@gmail.com):
>>> >>>>> On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn <serue@us.ibm.com> wrote:
>>> >>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> >>>>>>> Quoting Serge E. Hallyn (serue@us.ibm.com):
>>> >>>>>>>> Quoting Stephen Smalley (sds@tycho.nsa.gov):
>>> >>>>>>>>> On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>> >>>>>>>>>>> Fails with:
>>> >>>>>>>>>>> cp: cannot stat
>>> >>>>>>>>>>> `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory
>>> >>>>>>>>>>
>>> >>>>>>>>>> You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>> >>>>>>>>>>
>>> >>>>>>>>>> I think we are supposed to actually be running
>>> >>>>>>>>>> /opt/ltp/testscripts/test_selinux.sh. So then the first question for
>>> >>>>>>>>>> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a
>>> >>>>>>>>>> testscript? Or should the policy sources be copied into /opt?
>>> >>>>>>>>>
>>> >>>>>>>>> Ok, but regardless: the refpolicy Makefile is still broken.
>>> >>>>>>>>
>>> >>>>>>>> Yup.
>>> >>>>>>>
>>> >>>>>>> All right, baby-steps.
>>> >>>>>>>
>>> >>>>>>> The attached test_selinux.diff is not to be applied, but something
>>> >>>>>>> like it is needed. Should we have the ltp 'make install' fill in
>>> >>>>>>> TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>> >>>>>>> that is the issue I was saying is shared between test_selinux.sh
>>> >>>>>>> and some others including test_robind.sh. That's why I'm not just
>>> >>>>>>> sending a patch to make it work, bc i think we need more general
>>> >>>>>>> guidance.
>>> >>>>>>>
>>> >>>>>>> The second match makes the 'make load' part of test_selinux.sh
>>> >>>>>>> succeed on rhel5.4. Stephen, how does it do on fedora?
>>> >>>>>>>
>>> >>>>>>> After loading policy it fails to execute ltp-pan, but I figure let's
>>> >>>>>>> get policy loading working first.
>>> >>>>>>>
>>> >>>>>>> -serge
>>> >>>>>>
>>> >>>>>> gah, attaching the actual patches this time.
>>> >>>>>>
>>> >>>>>> -serge
>>> >>>>>
>>> >>>>> 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp
>>> >>>>> hardcoded as LTPROOT.
>>> >>>>
>>> >>>> I said 'not to be applied'. You're not rejecting.
>>> >>>>
>>> >>>>> 2. Why is the redhat stuff support to work
>>> >>>>> agnostic to the major and minor version?
>>> >>>>
>>> >>>> It's not agnostic to the major version. Only the minor version.
>>> >>>>
>>> >>>> And since you've made ltp not compile on rhel4 (requiring make-3.81. feh)
>>> >>>> i suppose we can just get rid of rhel4 support selinux-testsuite.
>>> >>>
>>> >>> No. 1. Compiling make 3.81 today and installing it is trivial, so it
>>> >>> shouldn't be removed today. 2. I've finally decided that I'm going to
>>> >>> look outside of the box into providing equivalent functionality via
>>> >>> shell functions using purely built-in commands [and test(1)] to fill
>>> >>> in the feature gaps for make 3.80. I've gotten to the point where I
>>> >>> just gave up trying to ride out what I possibly can in make 3.80, so
>>> >>> it's time to pull in some external pieces to get the job done.
>>> >>
>>> >> All of the install junk works now, but the modes need fixing, or
>>> >> some such fun. Please analyze the test_selinux.sh script and tell me
>>> >> what to commit next to fix everything.
>>> >
>>> > Hi Garrett,
>>> >
>>> > I needed to apply the patch below to make test_selinux.sh run
>>> > successfully on Fedora 12. The problems were:
>>> > - The setting of LTPROOT in test_selinux.sh was incorrect, leading to
>>> > problems with invoking everything else. Note that I invoke it by doing:
>>> > cd /opt/ltp && ./testscripts/test_selinux.sh
>>> > and thus $0 is a relative path, whereas we want an absolute one.
>>> > - You don't need to cd to $POLICYDIR at all since you specify
>>> > $POLICYDIR/test_policy.pp to semodule -i and semodule -r is acting on
>>> > the installed policy module.
>>> > - The attempt to extract paths from runtest/selinux and invoke chcon on
>>> > them wasn't working as $LTPROOT wasn't being expanded; easier to just do
>>> > a chcon -R there as before.
>>> > - runtest/selinux had the wrong paths to the test programs (or
>>> > alternatively, they aren't being installed to the right location - they
>>> > all get installed directly to $LTPROOT/testcases/bin.
>>> >
>>> > Index: testscripts/test_selinux.sh
>>> > ===================================================================
>>> > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
>>> > retrieving revision 1.20
>>> > diff -u -r1.20 test_selinux.sh
>>> > --- testscripts/test_selinux.sh 26 Jan 2010 07:05:02 -0000 1.20
>>> > +++ testscripts/test_selinux.sh 26 Jan 2010 14:20:40 -0000
>>> > @@ -37,15 +37,14 @@
>>> > fi
>>> >
>>> > # set the LTPROOT directory
>>> > -LTPROOT=${LTPROOT:=${0%/*}}
>>> > -cd "$LTPROOT"
>>> > +LTPROOT=`pwd`
>>> > export TMP=${TMP:-/tmp}
>>> > -# If we're in the testscripts directory, go down a dir..
>>> > +# If we're in the testscripts directory, go up a dir..
>>> > LTPROOT_TMP=${LTPROOT%/testscripts}
>>> > if [ "x${LTPROOT_TMP}" != "x${LTPROOT}" ]
>>> > then
>>> > cd ..
>>> > - LTPROOT=$LTPROOT_TMP
>>> > + LTPROOT=`pwd`
>>> > fi
>>> > export LTPROOT
>>> > unset LTPROOT_TMP
>>> > @@ -89,7 +88,6 @@
>>> >
>>> > # install the test policy...
>>> > echo "Installing test_policy module..."
>>> > -cd $POLICYDIR
>>> > if ! semodule -i $POLICYDIR/test_policy.pp; then
>>> > echo "Failed to install test_policy module, aborting test run."
>>> > config_unset_expandcheck
>>> > @@ -100,9 +98,6 @@
>>> >
>>> > config_unset_expandcheck
>>> >
>>> > -# go back to test's root directory
>>> > -cd $LTPROOT
>>> > -
>>> > echo "Running the SELinux testsuite..."
>>> >
>>> > mkdir $TMP/selinux > /dev/null 2>&1
>>> > @@ -112,8 +107,7 @@
>>> > # The ../testcases/bin directory needs to have the test_file_t type.
>>> > # Save and restore later.
>>> > SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'`
>>> > -/usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin \
>>> > - $(awk '$1 !~ /^#/ { print $2 }' "$LTPROOT/runtest/selinux")
>>> > +/usr/bin/chcon -R -t test_file_t $LTPROOT/testcases/bin
>>> >
>>> > $LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux \
>>> > -l $LTPROOT/results/selinux.logfile \
>>> > @@ -127,7 +121,6 @@
>>> > /usr/bin/chcon -R -t $SAVEBINTYPE $LTPROOT/testcases/bin
>>> >
>>> > echo "Removing test_policy module..."
>>> > -cd $POLICYDIR
>>> > if ! semodule -r test_policy; then
>>> > echo "Failed to remove test_policy module."
>>> > exit 1
>>> > Index: runtest/selinux
>>> > ===================================================================
>>> > RCS file: /cvsroot/ltp/ltp/runtest/selinux,v
>>> > retrieving revision 1.4
>>> > diff -u -r1.4 selinux
>>> > --- runtest/selinux 25 Jan 2010 12:44:59 -0000 1.4
>>> > +++ runtest/selinux 26 Jan 2010 14:20:40 -0000
>>> > @@ -1,40 +1,40 @@
>>> > #DESCRIPTION:Security-Enhanced Linux
>>> > -SELinux01 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_file.sh
>>> > -SELinux02 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_net.sh
>>> > -SELinux03 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_capable_sys.sh
>>> > -SELinux04 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_domain_trans.sh
>>> > -SELinux05 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_entrypoint.sh
>>> > -SELinux06 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execshare.sh
>>> > -SELinux07 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_exectrace.sh
>>> > -SELinux08 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_execute_no_trans.sh
>>> > -SELinux09 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_fdreceive.sh
>>> > -SELinux10 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_file.sh
>>> > -SELinux11 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_inherit.sh
>>> > -SELinux12 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ioctl.sh
>>> > -SELinux13 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_link.sh
>>> > -SELinux14 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_mkdir.sh
>>> > -SELinux15 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_msg.sh
>>> > -SELinux16 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_open.sh
>>> > -SELinux17 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_ptrace.sh
>>> > -SELinux18 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_readlink.sh
>>> > -SELinux19 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_relabel.sh
>>> > -SELinux20 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rename.sh
>>> > -SELinux21 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_rxdir.sh
>>> > -SELinux22 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sem.sh
>>> > -SELinux23 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setattr.sh
>>> > -SELinux24 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_setnice.sh
>>> > -SELinux25 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_shm.sh
>>> > -SELinux26 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sigkill.sh
>>> > -SELinux27 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_stat.sh
>>> > -SELinux28 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_sysctl.sh
>>> > -SELinux29 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_create.sh
>>> > -SELinux30 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getpgid.sh
>>> > -SELinux31 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getscheduler.sh
>>> > -SELinux32 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_getsid.sh
>>> > -SELinux33 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setnice.sh
>>> > -SELinux34 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setpgid.sh
>>> > -SELinux35 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_task_setscheduler.sh
>>> > -SELinux36 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_wait.sh
>>> > -SELinux37 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrace.sh
>>> > -SELinux38 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_dyntrans.sh
>>> > -SELinux39 $LTPROOT/testcases/bin/kernel/security/selinux-testsuite/tests/selinux_bounds.sh
>>> > +SELinux01 $LTPROOT/testcases/bin/selinux_capable_file.sh
>>> > +SELinux02 $LTPROOT/testcases/bin/selinux_capable_net.sh
>>> > +SELinux03 $LTPROOT/testcases/bin/selinux_capable_sys.sh
>>> > +SELinux04 $LTPROOT/testcases/bin/selinux_domain_trans.sh
>>> > +SELinux05 $LTPROOT/testcases/bin/selinux_entrypoint.sh
>>> > +SELinux06 $LTPROOT/testcases/bin/selinux_execshare.sh
>>> > +SELinux07 $LTPROOT/testcases/bin/selinux_exectrace.sh
>>> > +SELinux08 $LTPROOT/testcases/bin/selinux_execute_no_trans.sh
>>> > +SELinux09 $LTPROOT/testcases/bin/selinux_fdreceive.sh
>>> > +SELinux10 $LTPROOT/testcases/bin/selinux_file.sh
>>> > +SELinux11 $LTPROOT/testcases/bin/selinux_inherit.sh
>>> > +SELinux12 $LTPROOT/testcases/bin/selinux_ioctl.sh
>>> > +SELinux13 $LTPROOT/testcases/bin/selinux_link.sh
>>> > +SELinux14 $LTPROOT/testcases/bin/selinux_mkdir.sh
>>> > +SELinux15 $LTPROOT/testcases/bin/selinux_msg.sh
>>> > +SELinux16 $LTPROOT/testcases/bin/selinux_open.sh
>>> > +SELinux17 $LTPROOT/testcases/bin/selinux_ptrace.sh
>>> > +SELinux18 $LTPROOT/testcases/bin/selinux_readlink.sh
>>> > +SELinux19 $LTPROOT/testcases/bin/selinux_relabel.sh
>>> > +SELinux20 $LTPROOT/testcases/bin/selinux_rename.sh
>>> > +SELinux21 $LTPROOT/testcases/bin/selinux_rxdir.sh
>>> > +SELinux22 $LTPROOT/testcases/bin/selinux_sem.sh
>>> > +SELinux23 $LTPROOT/testcases/bin/selinux_setattr.sh
>>> > +SELinux24 $LTPROOT/testcases/bin/selinux_setnice.sh
>>> > +SELinux25 $LTPROOT/testcases/bin/selinux_shm.sh
>>> > +SELinux26 $LTPROOT/testcases/bin/selinux_sigkill.sh
>>> > +SELinux27 $LTPROOT/testcases/bin/selinux_stat.sh
>>> > +SELinux28 $LTPROOT/testcases/bin/selinux_sysctl.sh
>>> > +SELinux29 $LTPROOT/testcases/bin/selinux_task_create.sh
>>> > +SELinux30 $LTPROOT/testcases/bin/selinux_task_getpgid.sh
>>> > +SELinux31 $LTPROOT/testcases/bin/selinux_task_getscheduler.sh
>>> > +SELinux32 $LTPROOT/testcases/bin/selinux_task_getsid.sh
>>> > +SELinux33 $LTPROOT/testcases/bin/selinux_task_setnice.sh
>>> > +SELinux34 $LTPROOT/testcases/bin/selinux_task_setpgid.sh
>>> > +SELinux35 $LTPROOT/testcases/bin/selinux_task_setscheduler.sh
>>> > +SELinux36 $LTPROOT/testcases/bin/selinux_wait.sh
>>> > +SELinux37 $LTPROOT/testcases/bin/selinux_dyntrace.sh
>>> > +SELinux38 $LTPROOT/testcases/bin/selinux_dyntrans.sh
>>> > +SELinux39 $LTPROOT/testcases/bin/selinux_bounds.sh
>>>
>>> Ok -- I think that we just resolved the last of the selinux test suite saga by properly
>>>
>>> The difference between your suggested patch above and what I committed
>>> was the line were it determined LTPROOT. Assuming that LTPROOT is the
>>> directory where the script was run isn't a smart idea, and I'm pretty
>>> sure that you were doing this purely because test_selinux.sh was in
>>> your path.
>>
>> So you require that the test script be invoked by absolute path, ala:
>> $ /opt/ltp/testscripts/test_selinux.sh
>>
>> I was invoking the tests via:
>> $ cd /opt/ltp
>> $ ./testscripts/test_selinux.sh
>>
>> The latter won't work with your current LTPROOT definition; it will end
>> up with a LTPROOT=. and LTPBIN=./testcases/bin, which then won't work
>> when it gets referenced by the individual test scripts particularly when
>> they change to a subdirectory for a particular test. This yields a
>> couple of failures in the .log and 'No such file or directory' errors in
>> the .outfile.
>>
>>> After the above items were committed, this is the end result:
>>>
>>> Total Tests: 39
>>> Total Failures: 0
>>> Kernel Version: 2.6.31.9-174.fc12.i686.PAE
>>> Machine Architecture: i686
>>> Hostname: localhost.localdomain
>>>
>>> I highly encourage others to test this out as well -- maybe we can enable it in the default build after I can get some RHEL4 folks to test the port...?
>>
>> When invoked via cd /opt/ltp && ./testscripts/test_selinux.sh I get the
>> following errors in the .outfile:
>>
>> chcon: cannot access `selinux_wait_io': No such file or directory
>> ./testcases/bin/selinux_file.sh: line 188: tst_resm: command not found
>> runcon: selinux_wait_parent: No such file or directory
>> ./testcases/bin/selinux_wait.sh: line 35: tst_resm: command not found
>> runcon: selinux_wait_parent: No such file or directory
>> ./testcases/bin/selinux_wait.sh: line 51: tst_resm: command not found
>>
>> The first message actually shows up even when invoked
>> via /opt/ltp/testscripts/test_selinux.sh, although it doesn't appear to
>> cause any FAIL in that case. The test_resm messages are odd - is that
>> not getting defined anywhere?
>
> Ok. Send me a patch that does a readlink -f of the LTPPATH and set
> your PATH to include $LTPROOT/testcases/bin, and you'll be good to go
Nevermind. I just committed the change... please retest and
hopefully all goes well for you this time around.
Cheers,
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-28 5:56 ` Garrett Cooper
@ 2010-01-28 14:02 ` Stephen Smalley
2010-01-28 15:10 ` Garrett Cooper
0 siblings, 1 reply; 69+ messages in thread
From: Stephen Smalley @ 2010-01-28 14:02 UTC (permalink / raw)
To: Garrett Cooper; +Cc: James Morris, Eric Paris, ltp-list
On Wed, 2010-01-27 at 21:56 -0800, Garrett Cooper wrote:
> On Wed, Jan 27, 2010 at 2:37 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
> > Ok. Send me a patch that does a readlink -f of the LTPPATH and set
> > your PATH to include $LTPROOT/testcases/bin, and you'll be good to go
>
> Nevermind. I just committed the change... please retest and
> hopefully all goes well for you this time around.
Looks good. Patch below fixes two bugs in the selinux tests, noticed by
examining the selinux.outfile carefully for errors (No such file or
directory, Segmentation fault).
Index: testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh,v
retrieving revision 1.10
diff -u -r1.10 selinux_file.sh
--- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 26 Jan 2010 07:05:02 -0000 1.10
+++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 28 Jan 2010 13:50:31 -0000
@@ -47,7 +47,8 @@
#
# Change the context of the test executable
#
- chcon -t fileop_exec_t selinux_wait_io 2>&1 > /dev/null
+ LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
+ chcon -t fileop_exec_t $LTPBIN/selinux_wait_io 2>&1 > /dev/null
#
# Get the SID of the good file.
Index: testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c,v
retrieving revision 1.4
diff -u -r1.4 selinux_shmat.c
--- testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 13 Jan 2010 08:16:57 -0000 1.4
+++ testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 28 Jan 2010 13:50:31 -0000
@@ -40,7 +40,7 @@
return 1;
buf = shmat(id, 0, 0);
- error = (*buf == -1) ? -1 : 0;
+ error = (buf == (void*)-1) ? -1 : 0;
printf("shmat: buf=%p, returned %d\n", buf, error);
return error;
}
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
* Re: [LTP] regression: selinux testsuite broken since October
2010-01-28 14:02 ` Stephen Smalley
@ 2010-01-28 15:10 ` Garrett Cooper
0 siblings, 0 replies; 69+ messages in thread
From: Garrett Cooper @ 2010-01-28 15:10 UTC (permalink / raw)
To: Stephen Smalley; +Cc: James Morris, Eric Paris, ltp-list
On Thu, Jan 28, 2010 at 6:02 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Wed, 2010-01-27 at 21:56 -0800, Garrett Cooper wrote:
>> On Wed, Jan 27, 2010 at 2:37 PM, Garrett Cooper <yanegomi@gmail.com> wrote:
>> > Ok. Send me a patch that does a readlink -f of the LTPPATH and set
>> > your PATH to include $LTPROOT/testcases/bin, and you'll be good to go
>>
>> Nevermind. I just committed the change... please retest and
>> hopefully all goes well for you this time around.
>
> Looks good. Patch below fixes two bugs in the selinux tests, noticed by
> examining the selinux.outfile carefully for errors (No such file or
> directory, Segmentation fault).
>
> Index: testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh,v
> retrieving revision 1.10
> diff -u -r1.10 selinux_file.sh
> --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 26 Jan 2010 07:05:02 -0000 1.10
> +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh 28 Jan 2010 13:50:31 -0000
> @@ -47,7 +47,8 @@
> #
> # Change the context of the test executable
> #
> - chcon -t fileop_exec_t selinux_wait_io 2>&1 > /dev/null
> + LTPBIN=${LTPBIN:-$LTPROOT/testcases/bin}
> + chcon -t fileop_exec_t $LTPBIN/selinux_wait_io 2>&1 > /dev/null
>
> #
> # Get the SID of the good file.
> Index: testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c,v
> retrieving revision 1.4
> diff -u -r1.4 selinux_shmat.c
> --- testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 13 Jan 2010 08:16:57 -0000 1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/shm/selinux_shmat.c 28 Jan 2010 13:50:31 -0000
> @@ -40,7 +40,7 @@
> return 1;
>
> buf = shmat(id, 0, 0);
> - error = (*buf == -1) ? -1 : 0;
> + error = (buf == (void*)-1) ? -1 : 0;
> printf("shmat: buf=%p, returned %d\n", buf, error);
> return error;
> }
Done -- thanks!
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 69+ messages in thread
end of thread, other threads:[~2010-01-28 15:10 UTC | newest]
Thread overview: 69+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-06 15:25 [LTP] regression: selinux testsuite broken since October Stephen Smalley
2010-01-06 17:18 ` Serge E. Hallyn
2010-01-07 9:04 ` Garrett Cooper
2010-01-06 18:50 ` Serge E. Hallyn
2010-01-07 19:40 ` Stephen Smalley
2010-01-08 18:20 ` Garrett Cooper
2010-01-08 18:45 ` Stephen Smalley
2010-01-08 18:50 ` Stephen Smalley
2010-01-08 21:38 ` Garrett Cooper
2010-01-08 22:00 ` Stephen Smalley
2010-01-08 22:08 ` Garrett Cooper
2010-01-09 7:27 ` Garrett Cooper
2010-01-11 19:12 ` Stephen Smalley
2010-01-11 19:50 ` Serge E. Hallyn
2010-01-11 19:55 ` Stephen Smalley
2010-01-11 20:19 ` Serge E. Hallyn
2010-01-11 20:58 ` Serge E. Hallyn
2010-01-11 21:00 ` Serge E. Hallyn
2010-01-11 21:31 ` Serge E. Hallyn
2010-01-12 8:36 ` Garrett Cooper
2010-01-12 13:16 ` Stephen Smalley
2010-01-12 16:55 ` Garrett Cooper
2010-01-12 17:19 ` Garrett Cooper
2010-01-12 17:24 ` Garrett Cooper
2010-01-12 17:26 ` Garrett Cooper
2010-01-12 19:12 ` Stephen Smalley
2010-01-13 6:51 ` Garrett Cooper
2010-01-13 6:54 ` Garrett Cooper
2010-01-13 13:43 ` Stephen Smalley
2010-01-13 18:52 ` Garrett Cooper
2010-01-13 19:18 ` Stephen Smalley
2010-01-13 19:37 ` Garrett Cooper
2010-01-13 19:49 ` Stephen Smalley
2010-01-13 21:58 ` Garrett Cooper
2010-01-13 22:00 ` Serge E. Hallyn
2010-01-13 22:03 ` Stephen Smalley
2010-01-13 22:49 ` Garrett Cooper
2010-01-14 14:07 ` Stephen Smalley
2010-01-14 20:10 ` Garrett Cooper
2010-01-14 20:35 ` Stephen Smalley
2010-01-14 20:44 ` Stephen Smalley
2010-01-14 21:29 ` Garrett Cooper
2010-01-14 21:32 ` Garrett Cooper
2010-01-14 21:59 ` Stephen Smalley
2010-01-14 22:31 ` Stephen Smalley
2010-01-15 4:22 ` Garrett Cooper
2010-01-15 4:44 ` Garrett Cooper
2010-01-15 14:11 ` Stephen Smalley
2010-01-15 14:17 ` Stephen Smalley
2010-01-12 8:29 ` Garrett Cooper
2010-01-12 13:00 ` Stephen Smalley
2010-01-12 15:38 ` Serge E. Hallyn
2010-01-12 16:56 ` Garrett Cooper
2010-01-12 18:51 ` Stephen Smalley
2010-01-15 17:48 ` Garrett Cooper
2010-01-26 8:31 ` Garrett Cooper
2010-01-26 14:30 ` Stephen Smalley
2010-01-27 6:34 ` Garrett Cooper
2010-01-27 19:12 ` Stephen Smalley
2010-01-27 22:37 ` Garrett Cooper
2010-01-28 5:56 ` Garrett Cooper
2010-01-28 14:02 ` Stephen Smalley
2010-01-28 15:10 ` Garrett Cooper
2010-01-12 8:43 ` Garrett Cooper
2010-01-12 13:08 ` Stephen Smalley
2010-01-06 18:58 ` Serge E. Hallyn
2010-01-07 9:05 ` Garrett Cooper
2010-01-07 19:23 ` Stephen Smalley
2010-01-07 9:18 ` Garrett Cooper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.