Stephen Smalley wrote: > On Tue, 2008-02-26 at 08:48 -0500, Jeff Burke wrote: >> Subrata Modak wrote: >>> On Mon, 2008-02-25 at 09:08 -0500, Stephen Smalley wrote: >>>> On Mon, 2008-02-25 at 18:56 +0530, Subrata Modak wrote: >>>>> Stephen, >>>>> >>>>> Any new Patches for LTP-Selinux ? >>>> I don't have any updates, no. >>>> >>>> I have noticed that on x86_64, there are a number of FAILs that are not >>>> present on x86, in particular in the System V IPC tests (msg, sem, shm). >>>> I don't know if that has always been the case or not, as the tests were >>>> all originally written and tested on x86 only. >>> Turing this on to Jeff and Sergei, who used these test cases a lot on >>> their machines. >> Subrata, >> Currently I don't have any patches. But I am still running the >> ltp-full-20071231 release. I am primarily focusing on RHEL so we still >> may have issues the selinux test and Fedora. At the current time we are >> in a "lock down" mode for the release of RHEL5.2 so I can't change the >> baseline tests that are being used. >> >> One thing that I did discover is that with the release of SELinux that >> is in 5.2 and they way the test is run we have to set a boolean for the >> test to pass. If the boolean exists >> /usr/sbin/setsebool allow_domain_fd_use=0 We may want to add that to the >> README. > > Ok, that's due to a policy change by Dan in the base policy. > >> Here is what I think still needs to be done. Currently there is no way >> to put the system back into the state it was before the test ran. This >> should be handled as part of the testcase. At this point in time we make >> sure that this is the last test that gets run on that system. > > Not sure what you mean - the test_selinux.sh script removes the test > policy module after running the tests. Also, Serge submitted patches to > automatically save, modify, and restore semanage.conf in test_selinux.sh > so that it doesn't require manual modification. test_selinux.sh could > also handle the setting and restoring of that boolean, although it needs > to gracefully proceed if that boolean happens to not exist in the > particular system being tested. Stephen, Not sure when Serge added that stuff to the test_selinux.sh. But I am currently behind (ltp-full-20071231) in my baseline. So I may not have those changes you have mentioned. I will compare it with what is currently in CVS.
If in fact they are the same, I will send out the information on what problems I am seeing. I will also send along a patch for the boolean change in test_selinux.sh Thanks, Jeff > >> Comment or questions? >> Jeff >>> --Subrata >>>>> Regards-- >>>>> Subrata >>>>> >>>>> On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote: >>>>>> On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote: >>>>>>> Here is a patch against this morning's ltp cvs snapshot to implement >>>>>>> Stephen's suggestion of setting expand-check=0 for the duration of >>>>>>> the policy load. This allowed me to get rid of the hack >>>>>>> ++domain_type(test_create_no_t) in refpolicy/test_task_create.te, also >>>>>>> done in this patch. >>>>>>> >>>>>>> (I think it also inlines a patch Stephen sent on jan 23 which >>>>>>> wasn't yet in ltp cvs) >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.net email is sponsored by: Microsoft >>>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>>>> _______________________________________________ >>>>> Ltp-list mailing list >>>>> Ltp-list@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/ltp-list >>> ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list