Stephen Smalley wrote:
> On Tue, 2008-02-26 at 08:48 -0500, Jeff Burke wrote:
>> Subrata Modak wrote:
>>> On Mon, 2008-02-25 at 09:08 -0500, Stephen Smalley wrote:
>>>> On Mon, 2008-02-25 at 18:56 +0530, Subrata Modak wrote:
>>>>> Stephen,
>>>>>
>>>>> Any new Patches for LTP-Selinux ?
>>>> I don't have any updates, no.
>>>>
>>>> I have noticed that on x86_64, there are a number of FAILs that are not
>>>> present on x86, in particular in the System V IPC tests (msg, sem, shm).
>>>> I don't know if that has always been the case or not, as the tests were
>>>> all originally written and tested on x86 only.
>>> Turing this on to Jeff and Sergei, who used these test cases a lot on
>>> their machines.
>> Subrata,
>> Currently I don't have any patches. But I am still running the
>> ltp-full-20071231 release. I am primarily focusing on RHEL so we still
>> may have issues the selinux test and Fedora. At the current time we are
>> in a "lock down" mode for the release of RHEL5.2 so I can't change the
>> baseline tests that are being used.
>>
>> One thing that I did discover is that with the release of SELinux that
>> is in 5.2 and they way the test is run we have to set a boolean for the
>> test to pass. If the boolean exists
>> /usr/sbin/setsebool allow_domain_fd_use=0 We may want to add that to the
>> README.
>
> Ok, that's due to a policy change by Dan in the base policy.
>
>> Here is what I think still needs to be done. Currently there is no way
>> to put the system back into the state it was before the test ran. This
>> should be handled as part of the testcase. At this point in time we make
>> sure that this is the last test that gets run on that system.
>
> Not sure what you mean - the test_selinux.sh script removes the test
> policy module after running the tests. Also, Serge submitted patches to
> automatically save, modify, and restore semanage.conf in test_selinux.sh
> so that it doesn't require manual modification. test_selinux.sh could
> also handle the setting and restoring of that boolean, although it needs
> to gracefully proceed if that boolean happens to not exist in the
> particular system being tested.
Stephen,
Not sure when Serge added that stuff to the test_selinux.sh. But I am
currently behind (ltp-full-20071231) in my baseline. So I may not have
those changes you have mentioned. I will compare it with what is
currently in CVS.
If in fact they are the same, I will send out the information on what
problems I am seeing. I will also send along a patch for the boolean
change in test_selinux.sh
Thanks,
Jeff
>
>> Comment or questions?
>> Jeff
>>> --Subrata
>>>>> Regards--
>>>>> Subrata
>>>>>
>>>>> On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote:
>>>>>> On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote:
>>>>>>> Here is a patch against this morning's ltp cvs snapshot to implement
>>>>>>> Stephen's suggestion of setting expand-check=0 for the duration of
>>>>>>> the policy load. This allowed me to get rid of the hack
>>>>>>> ++domain_type(test_create_no_t) in refpolicy/test_task_create.te, also
>>>>>>> done in this patch.
>>>>>>>
>>>>>>> (I think it also inlines a patch Stephen sent on jan 23 which
>>>>>>> wasn't yet in ltp cvs)
>>>>>
>>>>> -------------------------------------------------------------------------
>>>>> This SF.net email is sponsored by: Microsoft
>>>>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>>> _______________________________________________
>>>>> Ltp-list mailing list
>>>>> Ltp-list@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/ltp-list
>>>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
