* [PATCH testsuite] Deactivate userfaultfd test policy if no xperm support
@ 2021-04-06 11:10 Ondrej Mosnacek
[not found] ` <CA+EESO6p+KuHC+6v3BjsWPNPqNBSmCFBz+T_eG5wLtDXZOKpbw@mail.gmail.com>
0 siblings, 1 reply; 2+ messages in thread
From: Ondrej Mosnacek @ 2021-04-06 11:10 UTC (permalink / raw)
To: selinux; +Cc: Lokesh Gidra
The userfaultfd test policy uses also extended permissions, so only
enable the test or its policy if these are supported. This makes the
testsuite runnable on certain old distros again.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
policy/Makefile | 9 +++++++--
tests/Makefile | 2 ++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/policy/Makefile b/policy/Makefile
index b092bb3..91364d5 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -29,14 +29,19 @@ TARGETS = \
test_task_getsid.te test_task_setpgid.te test_task_setsched.te \
test_transition.te test_unix_socket.te \
test_mmap.te test_overlayfs.te test_mqueue.te \
- test_ibpkey.te test_atsecure.te test_cgroupfs.te test_userfaultfd.te
+ test_ibpkey.te test_atsecure.te test_cgroupfs.te
ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6))
SUPPORTS_CIL = n
endif
ifeq ($(SUPPORTS_CIL),y)
-CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil
+CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil
+# userfaultfd test policy uses also xperms
+ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true)
+CIL_TARGETS += test_userfaultfd.cil
+TARGETS += test_userfaultfd.te
+endif
ifeq ($(shell [ $(MAX_KERNEL_POLICY) -ge 32 ] && echo true),true)
ifeq ($(shell [ $(POL_VERS) -ge 32 ] && echo true),true)
# If other MLS tests get written this can be moved outside of the glblub test
diff --git a/tests/Makefile b/tests/Makefile
index c19fcd7..7d4e39b 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -135,9 +135,11 @@ SUBDIRS += watchkey
endif
endif
+ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true)
ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true)
SUBDIRS += userfaultfd
endif
+endif
ifeq ($(DISTRO),RHEL4)
SUBDIRS:=$(filter-out bounds dyntrace dyntrans inet_socket mmap nnp_nosuid overlay unix_socket, $(SUBDIRS))
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH testsuite] Deactivate userfaultfd test policy if no xperm support
[not found] ` <CA+EESO6p+KuHC+6v3BjsWPNPqNBSmCFBz+T_eG5wLtDXZOKpbw@mail.gmail.com>
@ 2021-04-08 10:00 ` Ondrej Mosnacek
0 siblings, 0 replies; 2+ messages in thread
From: Ondrej Mosnacek @ 2021-04-08 10:00 UTC (permalink / raw)
To: Lokesh Gidra; +Cc: SElinux list
On Tue, Apr 6, 2021 at 6:16 PM Lokesh Gidra <lokeshgidra@google.com> wrote:
>
>
>
> On Tue, Apr 6, 2021 at 4:40 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>>
>> The userfaultfd test policy uses also extended permissions, so only
>> enable the test or its policy if these are supported. This makes the
>> testsuite runnable on certain old distros again.
>>
>> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
>
>
> Reviewed-by: Lokesh Gidra <lokeshgidra@google.com>
Thanks, I just merged the patch:
https://github.com/SELinuxProject/selinux-testsuite/commit/1defa850ae71bc27c9dd101d19f543a42abc9537
BTW, for some reason your message didn't end up on the mailing list...
it seems the vger lists are acting up again :/
>>
>> ---
>> policy/Makefile | 9 +++++++--
>> tests/Makefile | 2 ++
>> 2 files changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/policy/Makefile b/policy/Makefile
>> index b092bb3..91364d5 100644
>> --- a/policy/Makefile
>> +++ b/policy/Makefile
>> @@ -29,14 +29,19 @@ TARGETS = \
>> test_task_getsid.te test_task_setpgid.te test_task_setsched.te \
>> test_transition.te test_unix_socket.te \
>> test_mmap.te test_overlayfs.te test_mqueue.te \
>> - test_ibpkey.te test_atsecure.te test_cgroupfs.te test_userfaultfd.te
>> + test_ibpkey.te test_atsecure.te test_cgroupfs.te
>>
>> ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6))
>> SUPPORTS_CIL = n
>> endif
>>
>> ifeq ($(SUPPORTS_CIL),y)
>> -CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil
>> +CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil
>> +# userfaultfd test policy uses also xperms
>> +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true)
>> +CIL_TARGETS += test_userfaultfd.cil
>> +TARGETS += test_userfaultfd.te
>> +endif
>> ifeq ($(shell [ $(MAX_KERNEL_POLICY) -ge 32 ] && echo true),true)
>> ifeq ($(shell [ $(POL_VERS) -ge 32 ] && echo true),true)
>> # If other MLS tests get written this can be moved outside of the glblub test
>> diff --git a/tests/Makefile b/tests/Makefile
>> index c19fcd7..7d4e39b 100644
>> --- a/tests/Makefile
>> +++ b/tests/Makefile
>> @@ -135,9 +135,11 @@ SUBDIRS += watchkey
>> endif
>> endif
>>
>> +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true)
>> ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true)
>> SUBDIRS += userfaultfd
>> endif
>> +endif
>>
>> ifeq ($(DISTRO),RHEL4)
>> SUBDIRS:=$(filter-out bounds dyntrace dyntrans inet_socket mmap nnp_nosuid overlay unix_socket, $(SUBDIRS))
>> --
>> 2.30.2
>>
--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-08 10:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-06 11:10 [PATCH testsuite] Deactivate userfaultfd test policy if no xperm support Ondrej Mosnacek
[not found] ` <CA+EESO6p+KuHC+6v3BjsWPNPqNBSmCFBz+T_eG5wLtDXZOKpbw@mail.gmail.com>
2021-04-08 10:00 ` Ondrej Mosnacek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.