Re: [PATCH] The selinux-testsuite does not work out of the box on RHEL4
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
Re: [PATCH] The selinux-testsuite does not work out of the box on RHEL4
by Subrata Modak
::
Rate this Message:
Hi Stephen, Sergei & David,
Can you kindly provide review comments for this LTP-SELinux patch from Ramon. Regards-- Subrata -------- Forwarded Message -------- From: Ramon de Carvalho Valle <rcvalle@...> Reply-To: rcvalle@... To: ltp-list@... Subject: [LTP] [PATCH] The selinux-testsuite does not work out of the box on RHEL4 Date: Mon, 07 Jul 2008 16:38:24 -0300 The attached patch fixes the following issues: The LTP selinux-testsuite does not work out of the box on Red Hat Enterprise Linux 4. The testscripts/test_selinux.sh script does not detect if refpolicy should be used or not. The LTP selinux-testsuite test policy uses the can_setcon macro which is not defined in global macros of Red Hat Enterprise Linux 4 selinux policy targeted sources. Some Makefile needs minor fixes and enhancements. Best regards, -- Ramon de Carvalho Valle Software Engineer IBM Linux Technology Center E-Mail: rcvalle@... Mobile: +55-21-78987602 ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list [selinux-testsuite-rhel4.patch] diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/Makefile ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/Makefile --- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/Makefile 2005-04-20 13:09:04.000000000 -0300 +++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/Makefile 2008-07-07 11:43:59.000000000 -0300 @@ -1,18 +1,18 @@ -# for FC3 include /etc/selinux/config -POLICYSRC = /etc/selinux/$(SELINUXTYPE)/src/policy +SELINUX_SRC=/etc/selinux/$(SELINUXTYPE)/src/policy -# for FC2 -#POLICYSRC = /etc/security/selinux/src/policy +# for Fedora Core 2 +# SELINUX_SRC=/etc/security/selinux/src/policy load: - @if [ -d $(POLICYSRC) ]; then \ - install test_*.te $(POLICYSRC)/domains/misc; \ - $(MAKE) -C $(POLICYSRC) clean load; \ + @if [ -d $(SELINUX_SRC) ]; then \ + cp test_* $(SELINUX_SRC)/domains/misc/; \ + $(MAKE) -C $(SELINUX_SRC) -W users load; \ else \ - echo "ERROR: You must have the policy sources installed in $(POLICYSRC)."; \ + echo "ERROR: You must have selinux-policy-targeted-sources installed."; \ fi cleanup: - rm -f $(POLICYSRC)/domains/misc/test_*.te - $(MAKE) -C $(POLICYSRC) clean load + rm -f $(SELINUX_SRC)/domains/misc/test_* + $(MAKE) -C $(SELINUX_SRC) -W users load + diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/test_global.te ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/test_global.te --- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/test_global.te 2008-04-06 07:39:18.000000000 -0300 +++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/test_global.te 2008-07-03 18:13:41.000000000 -0300 @@ -3,6 +3,28 @@ # Rules that apply to most test domains. # +# +# This test policy uses the can_setcon macro which is not defined in global +# macros of Red Hat Enterprise Linux 4 selinux policy targeted sources, so we +# define it here as a workaround. +# + +################################## +# +# can_setcon(domain) +# +# Authorize a domain to set its current context +# (via /proc/pid/attr/current). +# +define(`can_setcon',` +allow $1 self:process setcurrent; +allow $1 proc_t:dir search; +allow $1 proc_t:{ file lnk_file } read; +allow $1 self:dir search; +allow $1 self:file { getattr read write }; +') + + # Note: test_file_t is declared in types/file.te in the example policy. # Authorize sysadm_r and system_r for the test domains. diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/tests/Makefile ltp-full-20080531/testcases/kernel/security/selinux-testsuite/tests/Makefile --- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/tests/Makefile 2005-11-08 14:49:33.000000000 -0200 +++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/tests/Makefile 2008-07-07 14:40:44.000000000 -0300 @@ -1,6 +1,12 @@ -SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys dyntrace dyntrans +REDHAT_RELEASE=$(shell rpm -q redhat-release) -all: +ifeq (redhat-release-4, $(findstring redhat-release-4, $(REDHAT_RELEASE))) + SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys +else + SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys dyntrace dyntrans +endif + +all: @set -e; for i in $(SUBDIRS); do \ $(MAKE) -C $$i all; \ chcon -R -t test_file_t . ; \ diff -urN ltp-full-20080531.original/testscripts/test_selinux.sh ltp-full-20080531/testscripts/test_selinux.sh --- ltp-full-20080531.original/testscripts/test_selinux.sh 2008-04-06 07:39:19.000000000 -0300 +++ ltp-full-20080531/testscripts/test_selinux.sh 2008-07-07 13:50:29.000000000 -0300 @@ -75,6 +75,14 @@ exit fi +SEMODULE="/usr/sbin/semodule" + +if [ -f $SEMODULE ]; then + POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy" +else + POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/policy" +fi + # Update test policy if needed pushd $LTPROOT/testcases/kernel/security/selinux-testsuite/misc sh ./update_refpolicy.sh @@ -86,7 +94,7 @@ # build and install the test policy... echo "building and installing test_policy module..." -cd $LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy +cd $POLICYDIR make load if [ $? != 0 ]; then echo "Failed to build and load test_policy module, aborting test run." @@ -122,7 +130,7 @@ /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin echo "Removing test_policy module..." -cd $LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy +cd $POLICYDIR make cleanup 2>&1 if [ $? != 0 ]; then echo "Failed to remove test_policy module." ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list |
|
|
Re: [PATCH] The selinux-testsuite does not work out of the box on RHEL4
by Stephen Smalley
::
Rate this Message:
On Tue, 2008-07-08 at 17:53 +0530, Subrata Modak wrote: > Hi Stephen, Sergei & David, > > Can you kindly provide review comments for this LTP-SELinux patch from > Ramon. I don't test on RHEL 4, so I can't speak to how well it works there. But it causes no regressions on Fedora 9, and the changes look fine to me. Acked-by: Stephen Smalley <sds@...> > > Regards-- > Subrata > > -------- Forwarded Message -------- > From: Ramon de Carvalho Valle <rcvalle@...> > Reply-To: rcvalle@... > To: ltp-list@... > Subject: [LTP] [PATCH] The selinux-testsuite does not work out of the > box on RHEL4 > Date: Mon, 07 Jul 2008 16:38:24 -0300 > > The attached patch fixes the following issues: > > The LTP selinux-testsuite does not work out of the box on Red Hat > Enterprise > Linux 4. > > The testscripts/test_selinux.sh script does not detect if refpolicy should be > used or not. > > The LTP selinux-testsuite test policy uses the can_setcon macro which is not > defined in global macros of Red Hat Enterprise Linux 4 selinux policy targeted > sources. > > Some Makefile needs minor fixes and enhancements. > > Best regards, > > > -- > Ramon de Carvalho Valle > Software Engineer > IBM Linux Technology Center > E-Mail: rcvalle@... > Mobile: +55-21-78987602 > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list Stephen Smalley National Security Agency ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list |
|
|
Re: [PATCH] The selinux-testsuite does not work out of the box on RHEL4
by Subrata Modak
::
Rate this Message:
On Tue, 2008-07-08 at 09:08 -0400, Stephen Smalley wrote:
> On Tue, 2008-07-08 at 17:53 +0530, Subrata Modak wrote: > > Hi Stephen, Sergei & David, > > > > Can you kindly provide review comments for this LTP-SELinux patch from > > Ramon. > > I don't test on RHEL 4, so I can't speak to how well it works there. > But it causes no regressions on Fedora 9, and the changes look fine to > me. > > Acked-by: Stephen Smalley <sds@...> > Ramon, this Patch has been merged. Regards-- Subrata > > > > Regards-- > > Subrata > > > > -------- Forwarded Message -------- > > From: Ramon de Carvalho Valle <rcvalle@...> > > Reply-To: rcvalle@... > > To: ltp-list@... > > Subject: [LTP] [PATCH] The selinux-testsuite does not work out of the > > box on RHEL4 > > Date: Mon, 07 Jul 2008 16:38:24 -0300 > > > > The attached patch fixes the following issues: > > > > The LTP selinux-testsuite does not work out of the box on Red Hat > > Enterprise > > Linux 4. > > > > The testscripts/test_selinux.sh script does not detect if refpolicy should be > > used or not. > > > > The LTP selinux-testsuite test policy uses the can_setcon macro which is not > > defined in global macros of Red Hat Enterprise Linux 4 selinux policy targeted > > sources. > > > > Some Makefile needs minor fixes and enhancements. > > > > Best regards, > > > > > > -- > > Ramon de Carvalho Valle > > Software Engineer > > IBM Linux Technology Center > > E-Mail: rcvalle@... > > Mobile: +55-21-78987602 > > > > ------------------------------------------------------------------------- > > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > > Studies have shown that voting for your favorite open source project, > > along with a healthy diet, reduces your potential for chronic lameness > > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > > _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list |
|
|
Re: [PATCH] The selinux-testsuite does not work out of the box on RHEL4
by Ramon de Carvalho Valle
::
Rate this Message:
Hi,
Thanks Stephen and Subrata. Best regards, On Fri, 2008-07-11 at 12:42 +0530, Subrata Modak wrote: > On Tue, 2008-07-08 at 09:08 -0400, Stephen Smalley wrote: > > On Tue, 2008-07-08 at 17:53 +0530, Subrata Modak wrote: > > > Hi Stephen, Sergei & David, > > > > > > Can you kindly provide review comments for this LTP-SELinux patch from > > > Ramon. > > > > I don't test on RHEL 4, so I can't speak to how well it works there. > > But it causes no regressions on Fedora 9, and the changes look fine to > > me. > > > > Acked-by: Stephen Smalley <sds@...> > > > Thanks Stephen. > > Ramon, this Patch has been merged. > > Regards-- > Subrata > > > > > > > Regards-- > > > Subrata > > > > > > -------- Forwarded Message -------- > > > From: Ramon de Carvalho Valle <rcvalle@...> > > > Reply-To: rcvalle@... > > > To: ltp-list@... > > > Subject: [LTP] [PATCH] The selinux-testsuite does not work out of the > > > box on RHEL4 > > > Date: Mon, 07 Jul 2008 16:38:24 -0300 > > > > > > The attached patch fixes the following issues: > > > > > > The LTP selinux-testsuite does not work out of the box on Red Hat > > > Enterprise > > > Linux 4. > > > > > > The testscripts/test_selinux.sh script does not detect if refpolicy should be > > > used or not. > > > > > > The LTP selinux-testsuite test policy uses the can_setcon macro which is not > > > defined in global macros of Red Hat Enterprise Linux 4 selinux policy targeted > > > sources. > > > > > > Some Makefile needs minor fixes and enhancements. > > > > > > Best regards, > > > > > > > > > -- > > > Ramon de Carvalho Valle > > > Software Engineer > > > IBM Linux Technology Center > > > E-Mail: rcvalle@... > > > Mobile: +55-21-78987602 > > > > > > ------------------------------------------------------------------------- > > > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > > > Studies have shown that voting for your favorite open source project, > > > along with a healthy diet, reduces your potential for chronic lameness > > > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > > > _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list Ltp-list@... https://lists.sourceforge.net/lists/listinfo/ltp-list |
| Free Forum Powered by Nabble | Forum Help |