From: Dan Noland <dan@starlab.io>
To: Ondrej Mosnacek <omosnace@redhat.com>
Cc: "selinux@vger.kernel.org" <selinux@vger.kernel.org>
Subject: Re: Possible regression test failure?
Date: Mon, 6 May 2019 17:14:59 +0000 [thread overview]
Message-ID: <20190506171456.GA31691@starlab.io> (raw)
In-Reply-To: <CAFqZXNt0abLcRxbOVdvybZ4fntN95zZyce4XK0z0tLftW19Tmw@mail.gmail.com>
The 05/04/2019 20:00, Ondrej Mosnacek wrote:
> Hi Dan,
>
> On Sat, May 4, 2019 at 5:42 AM Dan Noland <dan@starlab.io> wrote:
> > - Hello -
> >
> > I am running a CentOS (7.6.1810 Core) base system with a 4.19.0-x
> > kernel. I have a fresh clone of the selinux-testsuite from
> > github. Before invoking "make -C policy load" I am running only the
> > targeted policy in the enforcing mode. I am consistently seeing a
> > single failure in the mmap regression tests:
> >
> > not ok 27
> > # Failed test 27 in ./mmap/test at line 143
> > # ./mmap/test line 143 is: ok($result);
> >
> >
> > Any wisdom on how I should understand and address this failure would
> > be gratefully received.
>
> RHEL (and likely also CentOS) 7.6 has the domain_can_mmap_files
> SELinux boolean set to "on" by default [1], which basically means that
> map permissions are not checked, which logically leads to the failure
> of the test that checks that map permission is denied when it was not
> allowed by the test policy. When running the testsuite on CentOS/RHEL
> 7.6, you need to turn off the domain_can_mmap_files boolean during
> test execution:
>
> # setsebool domain_can_mmap_files off
> (run the testsuite)
> # setsebool domain_can_mmap_files on
>
> [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.6_release_notes/index#BZ1460322
>
- Ondrej -
That was exactly the problem. Thank you.
--
TY,
Dan Noland
prev parent reply other threads:[~2019-05-06 17:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-04 3:42 Possible regression test failure? Dan Noland
2019-05-04 18:00 ` Ondrej Mosnacek
2019-05-06 17:14 ` Dan Noland [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190506171456.GA31691@starlab.io \
--to=dan@starlab.io \
--cc=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).