Software
 » 
SourceForge
 » 
Linux Test Project
 » 
ltp-list

[PATCH] The selinux-testsuite does not work out of the box on RHEL4

View: New views
1 Messages — Rating Filter:   Alert me  

[PATCH] The selinux-testsuite does not work out of the box on RHEL4

by Ramon de Carvalho Valle :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

The attached patch fixes the following issues:

The LTP selinux-testsuite does not work out of the box on Red Hat
Enterprise
Linux 4.

The testscripts/test_selinux.sh script does not detect if refpolicy should be
used or not.

The LTP selinux-testsuite test policy uses the can_setcon macro which is not
defined in global macros of Red Hat Enterprise Linux 4 selinux policy targeted
sources.

Some Makefile needs minor fixes and enhancements.

Best regards,


--
Ramon de Carvalho Valle
Software Engineer
IBM Linux Technology Center
E-Mail: rcvalle@...
Mobile: +55-21-78987602


[selinux-testsuite-rhel4.patch]
diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/Makefile ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/Makefile
--- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/Makefile 2005-04-20 13:09:04.000000000 -0300
+++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/Makefile 2008-07-07 11:43:59.000000000 -0300
@@ -1,18 +1,18 @@
-# for FC3
 include /etc/selinux/config
-POLICYSRC = /etc/selinux/$(SELINUXTYPE)/src/policy
+SELINUX_SRC=/etc/selinux/$(SELINUXTYPE)/src/policy
 
-# for FC2
-#POLICYSRC = /etc/security/selinux/src/policy
+# for Fedora Core 2
+# SELINUX_SRC=/etc/security/selinux/src/policy
 
 load:
- @if [ -d $(POLICYSRC) ]; then \
- install test_*.te $(POLICYSRC)/domains/misc; \
- $(MAKE) -C $(POLICYSRC) clean load; \
+ @if [ -d $(SELINUX_SRC) ]; then \
+ cp test_* $(SELINUX_SRC)/domains/misc/; \
+ $(MAKE) -C $(SELINUX_SRC) -W users load; \
  else \
- echo "ERROR: You must have the policy sources installed in $(POLICYSRC)."; \
+ echo "ERROR: You must have selinux-policy-targeted-sources installed."; \
  fi
 
 cleanup:
- rm -f $(POLICYSRC)/domains/misc/test_*.te
- $(MAKE) -C $(POLICYSRC) clean load
+ rm -f $(SELINUX_SRC)/domains/misc/test_*
+ $(MAKE) -C $(SELINUX_SRC) -W users load
+
diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/test_global.te ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/test_global.te
--- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/test_global.te 2008-04-06 07:39:18.000000000 -0300
+++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/test_global.te 2008-07-03 18:13:41.000000000 -0300
@@ -3,6 +3,28 @@
 # Rules that apply to most test domains.
 #
 
+#
+# This test policy uses the can_setcon macro which is not defined in global
+# macros of Red Hat Enterprise Linux 4 selinux policy targeted sources, so we
+# define it here as a workaround.
+#
+
+##################################
+#
+# can_setcon(domain)
+#
+# Authorize a domain to set its current context
+# (via /proc/pid/attr/current).
+#
+define(`can_setcon',`
+allow $1 self:process setcurrent;
+allow $1 proc_t:dir search;
+allow $1 proc_t:{ file lnk_file } read;
+allow $1 self:dir search;
+allow $1 self:file { getattr read write };
+')
+
+
 # Note:  test_file_t is declared in types/file.te in the example policy.
 
 # Authorize sysadm_r and system_r for the test domains.
diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/tests/Makefile ltp-full-20080531/testcases/kernel/security/selinux-testsuite/tests/Makefile
--- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/tests/Makefile 2005-11-08 14:49:33.000000000 -0200
+++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/tests/Makefile 2008-07-07 14:40:44.000000000 -0300
@@ -1,6 +1,12 @@
-SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys dyntrace dyntrans
+REDHAT_RELEASE=$(shell rpm -q redhat-release)
 
-all:  
+ifeq (redhat-release-4, $(findstring redhat-release-4, $(REDHAT_RELEASE)))
+    SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys
+else
+    SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys dyntrace dyntrans
+endif
+
+all:
  @set -e; for i in $(SUBDIRS); do \
  $(MAKE) -C $$i  all; \
  chcon -R -t test_file_t . ; \
diff -urN ltp-full-20080531.original/testscripts/test_selinux.sh ltp-full-20080531/testscripts/test_selinux.sh
--- ltp-full-20080531.original/testscripts/test_selinux.sh 2008-04-06 07:39:19.000000000 -0300
+++ ltp-full-20080531/testscripts/test_selinux.sh 2008-07-07 13:50:29.000000000 -0300
@@ -75,6 +75,14 @@
  exit
 fi
 
+SEMODULE="/usr/sbin/semodule"
+
+if [ -f $SEMODULE ]; then
+    POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy"
+else
+    POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/policy"
+fi
+
 # Update test policy if needed
 pushd $LTPROOT/testcases/kernel/security/selinux-testsuite/misc
 sh ./update_refpolicy.sh
@@ -86,7 +94,7 @@
 
 # build and install the test policy...
 echo "building and installing test_policy module..."
-cd $LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy
+cd $POLICYDIR
 make load
 if [ $? != 0 ]; then
  echo "Failed to build and load test_policy module, aborting test run."
@@ -122,7 +130,7 @@
 /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
 
 echo "Removing test_policy module..."
-cd $LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy
+cd $POLICYDIR
 make cleanup 2>&1
 if [ $? != 0 ]; then
  echo "Failed to remove test_policy module."

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Ltp-list mailing list
Ltp-list@...
https://lists.sourceforge.net/lists/listinfo/ltp-list
Free Forum Powered by Nabble Forum Help