Re: [LTP] regression: selinux testsuite broken since October
On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. -serge gah, attaching the actual patches this time. -serge 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp hardcoded as LTPROOT. 2. Why is the redhat stuff support to work agnostic to the major and minor version? Thanks, -Garrett -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
On Mon, Jan 11, 2010 at 1:31 PM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. All right well just doing --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.0 -0400 +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.0 -0500 @@ -115,7 +117,7 @@ SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux # cleanup before exiting in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all up to then pass) Again this is on RHEL5.4. -serge Yowch. This was a problem in more than just that script. Apparently PAN was incorrect for test_containers.sh and test_filecaps.sh as well. Fixed. Thanks, -Garrett -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
On Mon, Jan 11, 2010 at 11:55 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Quoting Stephen Smalley (s...@tycho.nsa.gov): On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper yaneg...@gmail.com wrote: On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley s...@tycho.nsa.gov wrote: On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: Thanks for the feedback and details Stephen. Would you be kind enough to try out the version from CVS to see whether or not it resolves your issue? You'll also need to update $LTPROOT/scripts in order to use the new version as I added a distro detection script which opens up /etc/redhat-release (for redhat) as opposed to using rpm to query the release. Thanks, -Garrett The attempt to make the test policy immediately dies with: detect_distro.sh: ERROR: Bad release file: /etc/redhat-release I should note that I'm running it on Fedora, so I wouldn't expect that file to exist. But the script needs to handle it gracefully; we just use the generic test policy files in that situation. What does /etc/redhat-release look like (feel free to reply to me off-list)? On RHEL5, it can look like one of the following: Red Hat Enterprise Linux Server release 5 (Tikanga) Red Hat Enterprise Linux Server release 5.x (Tikanga) Red Hat Enterprise Linux Client release 5 (Tikanga) Red Hat Enterprise Linux Client release 5.x (Tikanga) Interesting. They switched over to more of the Fedora-style branding, maybe?. [garrc...@halflife ~]$ cat /etc/redhat-release Red Hat Enterprise Linux AS release 4 (Nahant Update 6) Could you try again please :)? Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yes, it is (I don't have access to that package I think on my version of Fedora...). Please try the attached patch and let me know how it goes [the comments aren't as important as the `set -e' and `$(TEST_POLICY_DIR)/' removal on the cp(1) call]. Thanks, -Garrett Index: Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile8 Jan 2010 09:39:20 - 1.12 +++ Makefile12 Jan 2010 08:40:23 - @@ -69,15 +69,17 @@ TEST_POLICY_DIR:= $(TEST_POLICY_DIR)/generic -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) +# This is being done to preserve precedence; test_global.te must come first. +POLICY_FILES := test_global.te \ + $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) ifneq ($(CHECKPOLICY_VERS),24) POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) endif load: - @if [ -d $(POLICY_DEVEL_DIR) ]; then \ - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ + @set -e; if [ -d $(POLICY_DEVEL_DIR) ]; then \ + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] Build failure with 2010-01-08 cvs
On Mon, Jan 11, 2010 at 10:54 PM, Mitani mit...@ryobi.co.jp wrote: Hi, I tried to make with 2010-01-08 version cvs in my RHEL5.4 (2.6.18-164.el5) system. But it failed with following message: gcc -g -O2 -g -O2 -fno-strict-aliasing -pipe -Wall -I/home/LTP/ltp-2010-01-08/testcases/kernel/include -I/home/LTP/ltp-2010-01-08/testcases/kernel/syscalls/move_pages/../utils -I../../../../include -I../../../../include -c -o move_pages01.o move_pages01.c In file included from move_pages01.c:58: move_pages_support.h:22:20: error: numaif.h: No such file or directory make[4]: *** [move_pages01.o] Error 1 2010-01-07 version cvs doesn't fail. Perhaps, this error is caused by revision of RHEL4.8's make error, I think. (URL:http://www.mail-archive.com/ltp-list@lists.sourceforge.net/msg09180.htm l) I'm sorry If I mistaked. In above revising, ${LTPROOT/testcases/kernel/syscalls/utils/numaif.h is removed. But move_pages01.c uses this file indirectly. You're correct. It isn't needed anymore in that header, and has since then been removed. Is the plan to delete a definition of nodemask_dump from ${LTPROOT/ testcases/kernel/syscalls/get_mempolicy/../utils/numa_helpers.h file no use? No, I renamed numaif.h and removed all of the duplicate entries (nodemask_dump being one of them), because it was a custom API provided by the crackerjack test suite and because numaif.h was an almost direct copy of a fixed version of numaif.h (instead of being a properly tailored set of feature tests as I later discovered). Thanks, -Garrett -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] make clean has problem?
On Mon, Jan 11, 2010 at 10:49 PM, Garrett Cooper yaneg...@gmail.com wrote: On Mon, Jan 11, 2010 at 6:08 PM, Mitani mit...@ryobi.co.jp wrote: Hi, There is a problem about make clean(./Makefile), I think. Before the following fix added at 12/11/2009, /opt/ltp/ directory was deleted by make clean: http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/Makefile?r1=1.53r2=1.54 But after this fix, make clean could not remove /opt/ltp/ directory. If we test new release cvs and there are fixes about permissions in new cvs, we can't do the test correctly. Because, if /opt/ltp/ directory remained and new cvs's file has same time-stamp and different permissions from old cvs's file, the install ended with make: Nothing to be done for `install'. message and this new file can't be installed. Then test cases that fixed about permissions ended in FAIL. In recent cvs, To test correctly, we must remove /opt/ltp/ directory by manual operation before trying make install. I think that it is right specification to remove /opt/ltp/ directory when make clean is executed. This problem occurred because INSTALL_IN_BUILD_TREE := 1 is defined in ./include/mk/env_pre.mk included in ${LTPROOT}/Makefile, I think. $(prefix) of a judgment of ifeq ($(strip $(DESTDIR)$(prefix)),) doesn't have value, therefor the result of the judgment becomes true, and INSTALL_IN_BUILD_TREE := 1 was defined. So, it is neccessary to define $(prefix) by including ./include/mk/ config.mk before including ./include/mk/env_pre.mk, isn't it? The following patch can fix this problem: --- Makefile.orig 2010-01-09 17:37:04.0 +0900 +++ Makefile 2010-01-12 09:49:29.0 +0900 @@ -27,6 +27,7 @@ top_srcdir ?= $(CURDIR) +include $(top_srcdir)/include/mk/config.mk include $(top_srcdir)/include/mk/env_pre.mk include $(top_srcdir)/include/mk/automake.mk Thank you-- -Tomonori Mitani -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list ltp-l...@lists.so Ugh... good point, wrong file (env_pre.mk): 94 ifneq ($(abs_builddir),$(abs_srcdir)) 95 OUT_OF_BUILD_TREE := 1 96 else 97 # Stub support for installing directly in the build tree; the support is not 98 # there yet, but the variable itself has its own uses... 99 ifeq ($(strip $(DESTDIR)$(prefix)),) 100 INSTALL_IN_BUILD_TREE := 1 101 endif 102 endif 103 104 # We can piece together where we're located in the source and object trees with 105 # just these two vars and $(CURDIR). 106 export abs_top_srcdir abs_top_builddir 107 108 -include $(top_builddir)/include/mk/config.mk 109 110 .DEFAULT_GOAL := all I'll fix this in 1 hour. Thanks, Fixed -- thanks! -Garrett -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] libevent01 test failure with ltp-2009-12-10 cvs
On Mon, Jan 11, 2010 at 10:41 AM, Lucio Correia l...@br.ibm.com wrote: Hi Garrett, I'm still running into this issue with LTP-20091231 Hi Lucio, What's the error message and how are you trying to run the test? Thanks, -Garrett On Fri, 2009-12-11 at 01:56 -0800, Garrett Cooper wrote: On Dec 10, 2009, at 3:57 PM, Mitani wrote: Hi, I got following message when I ran test of libevent01 with ltp-2009-12-10 cvs. sh: run_libevent.sh: command not found This occured because run_libevent.sh was not installed under the /opt/ltp directory, I think. Certainly, this test successed when I copied ${LTPROOT}/testcases/kernel/syscalls/libevent/run_libevent.sh file to the /opt/ltp/testcases/bin directory. So, I want to suggest the following revision: 1. Install run_libevent.sh to under the /opt/ltp/testcases/bin directory by default. (I don't know how to revise Makefile etc.) 2. Apply the following patch to run_libevent.sh. --- run_libevent.sh 2009-11-20 04:08:36.0 +0900 +++ run_libevent.sh.new 2009-12-10 16:44:02.0 +0900 @@ -31,7 +31,7 @@ tst_resm TCONF You need to be root to run these tests TST_EXIT=0 else - $LTPROOT/testcases/bin/tests/test-libevent.sh + $LTPROOT/testcases/bin/libevent/test/test-libevent.sh TST_EXIT=$? fi tst_cleanup Done -- thanks! -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] Tests of iogen01 et al. fail with ltp-2009-12-10 cvs
On Mon, Jan 11, 2010 at 10:29 AM, Lucio Correia l...@br.ibm.com wrote: Hi Garrett, I'm still seeing this issue with LTP-20091231. Hi Lucio, What's the error message and how are you trying to run the test (the files checked in are correct as well as the runtest file itself which was out of sync before)? Thanks, -Garrett On Fri, 2009-12-11 at 01:52 -0800, Garrett Cooper wrote: On Dec 10, 2009, at 3:57 PM, Mitani wrote: Hi, In the following thread, rwtest has been renamed to rwtest.sh is written. http://www.mail-archive.com/ltp-list@lists.sourceforge.net/msg08896.html But, I got following message when I ran tests of rwtest{01...05} and iogen01 in my system with ltp-2009-12-10 cvs. sh: rwtest.sh: command not found I think that rwtest.sh has been renamed to rwtest at about 2009/11/14. Here is a patch that reverts the previous patch applied to runtest/fs. After applied this patch, rwtest{01...05} and iogen01 passed in my system. --- fs 2009-12-10 10:23:21.0 +0900 +++ fs.new 2009-12-10 11:23:53.0 +0900 @@ -29,15 +29,15 @@ gf28 growfiles -W gf28 -b -D 0 -w -g 16b -C 1 -b -i 1000 -u gfsparse-2-$$ -d $TMPDIR gf29 growfiles -W gf29 -b -D 0 -r 1-4096 -R 0-33554432 -i 0 -L 60 -C 1 -u gfsparse-3-$$ -d $TMPDIR gf30 growfiles -W gf30 -D 0 -b -i 0 -L 60 -u -B 1000b -e 1 -o O_RDWR,O_CREAT,O_SYNC -g 20480 -T 10 -t 20480 gf-sync-$$ -d $TMPDIR -rwtest01 export LTPROOT; rwtest.sh -N rwtest01 -c -q -i 60s -f sync 10%25000:$TMPDIR/rw-sync-$$ -rwtest02 export LTPROOT; rwtest.sh -N rwtest02 -c -q -i 60s -f buffered 10%25000:$TMPDIR/rw-buffered-$$ -rwtest03 export LTPROOT; rwtest.sh -N rwtest03 -c -q -i 60s -n 2 -f buffered -s mmread,mmwrite -m random -Dv 10%25000:$TMPDIR/mm-buff-$$ -rwtest04 export LTPROOT; rwtest.sh -N rwtest04 -c -q -i 60s -n 2 -f sync -s mmread,mmwrite -m random -Dv 10%25000:$TMPDIR/mm-sync-$$ -rwtest05 export LTPROOT; rwtest.sh -N rwtest05 -c -q -i 50 -T 64b 500b:$TMPDIR/rwtest01%f +rwtest01 export LTPROOT; rwtest -N rwtest01 -c -q -i 60s -f sync 10%25000:$TMPDIR/rw-sync-$$ +rwtest02 export LTPROOT; rwtest -N rwtest02 -c -q -i 60s -f buffered 10%25000:$TMPDIR/rw-buffered-$$ +rwtest03 export LTPROOT; rwtest -N rwtest03 -c -q -i 60s -n 2 -f buffered -s mmread,mmwrite -m random -Dv 10%25000:$TMPDIR/mm-buff-$$ +rwtest04 export LTPROOT; rwtest -N rwtest04 -c -q -i 60s -n 2 -f sync -s mmread,mmwrite -m random -Dv 10%25000:$TMPDIR/mm-sync-$$ +rwtest05 export LTPROOT; rwtest -N rwtest05 -c -q -i 50 -T 64b 500b:$TMPDIR/rwtest01%f #must be run as root #iogen01 iogen -i 120s -s read,write 500b:doio.f1.$$ 1000b:doio.f2.$$ | doio -akv -n 2 -iogen01 export LTPROOT; rwtest.sh -N iogen01 -i 120s -s read,write -Da -Dv -n 2 500b:doio.f1.$$ 1000b:doio.f2.$$ +iogen01 export LTPROOT; rwtest -N iogen01 -i 120s -s read,write -Da -Dv -n 2 500b:doio.f1.$$ 1000b:doio.f2.$$ fs_inod01 fs_inod $TMP 10 10 10 linker01 linktest.sh 1000 1000 Done -- thanks! -Garrett -- Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
On Tue, 2010-01-12 at 00:29 -0800, Garrett Cooper wrote: On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. -serge gah, attaching the actual patches this time. -serge 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp hardcoded as LTPROOT. 2. Why is the redhat stuff support to work agnostic to the major and minor version? We haven't yet had to fork the test policy based on minor version, only based on major version. So we presently have a fork of the test policy for rhel5, and will likely create one for rhel6 when it is released, while generic will continue to track latest fedora. -- Stephen Smalley National Security Agency -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
Quoting Garrett Cooper (yaneg...@gmail.com): On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. -serge gah, attaching the actual patches this time. -serge 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp hardcoded as LTPROOT. I said 'not to be applied'. You're not rejecting. 2. Why is the redhat stuff support to work agnostic to the major and minor version? It's not agnostic to the major version. Only the minor version. And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) i suppose we can just get rid of rhel4 support selinux-testsuite. Or pull it out altogether. -serge -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
On Tue, Jan 12, 2010 at 7:38 AM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Garrett Cooper (yaneg...@gmail.com): On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. -serge gah, attaching the actual patches this time. -serge 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp hardcoded as LTPROOT. I said 'not to be applied'. You're not rejecting. 2. Why is the redhat stuff support to work agnostic to the major and minor version? It's not agnostic to the major version. Only the minor version. And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) i suppose we can just get rid of rhel4 support selinux-testsuite. Or pull it out altogether. Ok... sorry for the misunderstanding (looks around sheepishly :\). -Garrett -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper yaneg...@gmail.com wrote: On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. All right well just doing --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.0 -0400 +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.0 -0500 @@ -115,7 +117,7 @@ SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux # cleanup before exiting in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all up to then pass) Again this is on RHEL5.4. test39 isn't supposed to be run on RHEL5.4. The old tests/Makefile had conditional logic to exclude certain tests on RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. Something that fell through the cracks because I didn't take the time to actually determine _what_ the requirements were for the tests so they would report configuration failure instead of failure. Please try this (I properly pasted it this time instead of using my xterm window and paste): Index: tests/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- tests/Makefile 9 Oct 2009 17:55:51 - 1.7 +++ tests/Makefile 12 Jan 2010 16:53:57 - @@ -24,11 +24,26 @@ include $(top_srcdir)/include/mk/env_pre.mk -RECURSIVE_TARGETS := install +ARGS = -m +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. +ifneq ($(strip $(DESTDIR)),) +ARGS += -d $(DESTDIR) +endif -include $(top_srcdir)/include/mk/generic_trunk_target.mk +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) + +# +# Certain tests should be excluded on RHEL [45].x as their kernels don't +# support the tests. +# +# XXX (garrcoop): actually complete the work to add proper checks to the tests +# to report TCONF on configuration failure. +# +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) +FILTER_OUT_DIRS += dyntrace dyntrans +endif +ifeq (redhat-4,$(DISTRO_VER)) +FILTER_OUT_DIRS += bounds +endif -all: - @set -e; for i in $(SUBDIRS); do \ - $(MAKE) -C $$i $@; \ - done +include $(top_srcdir)/include/mk/generic_trunk_target.mk The conditional checks didn't make sense with what Stephen mentioned above to you Serge, so I respun the diff: Index: tests/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- tests/Makefile 9
Re: [LTP] regression: selinux testsuite broken since October
On Tue, Jan 12, 2010 at 9:19 AM, Garrett Cooper yaneg...@gmail.com wrote: On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper yaneg...@gmail.com wrote: On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. All right well just doing --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.0 -0400 +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.0 -0500 @@ -115,7 +117,7 @@ SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux # cleanup before exiting in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all up to then pass) Again this is on RHEL5.4. test39 isn't supposed to be run on RHEL5.4. The old tests/Makefile had conditional logic to exclude certain tests on RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. Something that fell through the cracks because I didn't take the time to actually determine _what_ the requirements were for the tests so they would report configuration failure instead of failure. Please try this (I properly pasted it this time instead of using my xterm window and paste): Index: tests/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- tests/Makefile 9 Oct 2009 17:55:51 - 1.7 +++ tests/Makefile 12 Jan 2010 16:53:57 - @@ -24,11 +24,26 @@ include $(top_srcdir)/include/mk/env_pre.mk -RECURSIVE_TARGETS := install +ARGS = -m +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. +ifneq ($(strip $(DESTDIR)),) +ARGS += -d $(DESTDIR) +endif -include $(top_srcdir)/include/mk/generic_trunk_target.mk +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) + +# +# Certain tests should be excluded on RHEL [45].x as their kernels don't +# support the tests. +# +# XXX (garrcoop): actually complete the work to add proper checks to the tests +# to report TCONF on configuration failure. +# +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) +FILTER_OUT_DIRS += dyntrace dyntrans +endif +ifeq (redhat-4,$(DISTRO_VER)) +FILTER_OUT_DIRS += bounds +endif -all: - @set -e; for i in $(SUBDIRS); do \ - $(MAKE) -C $$i $@; \ - done +include $(top_srcdir)/include/mk/generic_trunk_target.mk The conditional checks didn't make sense with what Stephen mentioned above to you Serge, so I respun the diff: Index: tests/Makefile === RCS file:
Re: [LTP] regression: selinux testsuite broken since October
On Tue, Jan 12, 2010 at 9:19 AM, Garrett Cooper yaneg...@gmail.com wrote: On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper yaneg...@gmail.com wrote: On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. All right well just doing --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19 05:39:11.0 -0400 +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.0 -0500 @@ -115,7 +117,7 @@ SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F: '{ print $3 }'` /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f $LTPROOT/runtest/selinux # cleanup before exiting in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all up to then pass) Again this is on RHEL5.4. test39 isn't supposed to be run on RHEL5.4. The old tests/Makefile had conditional logic to exclude certain tests on RHEL4 and on RHEL5, as their kernels wouldn't support newer tests. Something that fell through the cracks because I didn't take the time to actually determine _what_ the requirements were for the tests so they would report configuration failure instead of failure. Please try this (I properly pasted it this time instead of using my xterm window and paste): Index: tests/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- tests/Makefile 9 Oct 2009 17:55:51 - 1.7 +++ tests/Makefile 12 Jan 2010 16:53:57 - @@ -24,11 +24,26 @@ include $(top_srcdir)/include/mk/env_pre.mk -RECURSIVE_TARGETS := install +ARGS = -m +# Don't want to pass the -d option unless DESTDIR is a non-zero length string. +ifneq ($(strip $(DESTDIR)),) +ARGS += -d $(DESTDIR) +endif -include $(top_srcdir)/include/mk/generic_trunk_target.mk +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) + +# +# Certain tests should be excluded on RHEL [45].x as their kernels don't +# support the tests. +# +# XXX (garrcoop): actually complete the work to add proper checks to the tests +# to report TCONF on configuration failure. +# +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),) +FILTER_OUT_DIRS += dyntrace dyntrans +endif +ifeq (redhat-4,$(DISTRO_VER)) +FILTER_OUT_DIRS += bounds +endif -all: - @set -e; for i in $(SUBDIRS); do \ - $(MAKE) -C $$i $@; \ - done +include $(top_srcdir)/include/mk/generic_trunk_target.mk The conditional checks didn't make sense with what Stephen mentioned above to you Serge, so I respun the diff: Index: tests/Makefile === RCS file:
Re: [LTP] regression: selinux testsuite broken since October
On Tue, 2010-01-12 at 09:38 -0600, Serge E. Hallyn wrote: Quoting Garrett Cooper (yaneg...@gmail.com): On Mon, Jan 11, 2010 at 1:00 PM, Serge E. Hallyn se...@us.ibm.com wrote: Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Serge E. Hallyn (se...@us.ibm.com): Quoting Stephen Smalley (s...@tycho.nsa.gov): On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: Fails with: cp: cannot stat `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': No such file or directory You ran /home/sds/ltp/testscripts/test_selinux.sh, right? I think we are supposed to actually be running /opt/ltp/testscripts/test_selinux.sh. So then the first question for Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a testscript? Or should the policy sources be copied into /opt? Ok, but regardless: the refpolicy Makefile is still broken. Yup. All right, baby-steps. The attached test_selinux.diff is not to be applied, but something like it is needed. Should we have the ltp 'make install' fill in TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett, that is the issue I was saying is shared between test_selinux.sh and some others including test_robind.sh. That's why I'm not just sending a patch to make it work, bc i think we need more general guidance. The second match makes the 'make load' part of test_selinux.sh succeed on rhel5.4. Stephen, how does it do on fedora? After loading policy it fails to execute ltp-pan, but I figure let's get policy loading working first. -serge gah, attaching the actual patches this time. -serge 1. I'm rejecting the test_selinux.diff solely because it has /root/ltp hardcoded as LTPROOT. I said 'not to be applied'. You're not rejecting. 2. Why is the redhat stuff support to work agnostic to the major and minor version? It's not agnostic to the major version. Only the minor version. And since you've made ltp not compile on rhel4 (requiring make-3.81. feh) i suppose we can just get rid of rhel4 support selinux-testsuite. Or pull it out altogether. Hmm...doesn't Red Hat still use ltp (both main and selinux-testsuite) for regression testing of RHEL4.x releases? -- Stephen Smalley National Security Agency -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list
Re: [LTP] regression: selinux testsuite broken since October
On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: Also, if you guys can try out this patch for refpolicy/Makefile, I'd prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy Make logic): Index: refpolicy/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- refpolicy/Makefile 8 Jan 2010 09:39:20 - 1.12 +++ refpolicy/Makefile 12 Jan 2010 17:17:27 - @@ -17,7 +17,7 @@ #with this program; if not, write to the Free Software Foundation, Inc., #51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Garrett Cooper, August 2009 +# Garrett Cooper, January 2010 # top_srcdir ?= ../../../../.. @@ -32,6 +32,7 @@ DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) +# Avoid empty strings. ifeq ($(strip $(DISTRO_VER)),) DISTRO_VER := generic endif @@ -41,10 +42,17 @@ POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel SEMODULE ?= $(DESTDIR)/usr/sbin/semodule -INSTALL_DIR:= testcases/kernel/security/selinux-testsuite +INSTALL_DIR:= testcases/selinux-testsuite/refpolicy TEST_POLICY_DIR:= $(abs_srcdir)/policy_files +# Do we have a special set of policies in the SCM to install? +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) +TEST_POLICY_DIR:= $(TEST_POLICY_DIR)/$(DISTRO_VER) +else +TEST_POLICY_DIR:= $(TEST_POLICY_DIR)/generic +endif + .PHONY: all clean cleanup install load CLEAN_DEPS := cleanup @@ -55,34 +63,24 @@ -$(SEMODULE) -r test_policy $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) -MAKE_TARGETS := - -TEST_POLICY_DIR:= $(TEST_POLICY_DIR)/$(DISTRO_VER) - -# load remains for backwards compatibility... -load: - $(MAKE) -C $(TEST_POLICY_DIR) -else - MAKE_TARGETS := test_policy.te -TEST_POLICY_DIR:= $(TEST_POLICY_DIR)/generic - -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) - ifneq ($(CHECKPOLICY_VERS),24) POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) endif +# This is being done to preserve precedence; test_global.te must come first. +POLICY_FILES := test_global.te \ + $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) + load: - @if [ -d $(POLICY_DEVEL_DIR) ]; then \ - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ + @set -e; if [ -d $(POLICY_DEVEL_DIR) ]; then \ + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ else \ -echo ERROR: You must have selinux-policy-devel installed.; \ +echo ERROR: You must have selinux-policy?-devel? installed.; \ false; \ fi There's a stray endif on line 90 of refpolicy/Makefile that needs to be deleted as well, FYI... Ok. test policy appears to build (on Fedora) when running make by hand from the refpolicy directory, but you still can't run the tests, either from /opt/ltp or from the source tree. # cd /opt/ltp/testscripts ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /opt/ltp /opt/ltp allow_domain_fd_use -- off allow_domain_fd_use exists setting building and installing test_policy module... ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory make: *** No rule to make target `load'. Stop. Failed to build and load test_policy module, aborting test run. /etc/selinux /opt/ltp /opt/ltp # cd LTP_SRCDIR/testscripts ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /home/sds/ltp /home/sds/ltp allow_domain_fd_use -- off allow_domain_fd_use exists setting building and installing test_policy module... make[1]: Entering directory `/usr/share/selinux/devel' rm -fR tmp rm -f *.pp make[1]: Leaving directory `/usr/share/selinux/devel' make[1]: Entering directory `/usr/share/selinux/devel' Compiling targeted test_policy module /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to
Re: [LTP] quotactl01 testcases problem
Garrett, Subrata, I confirmed that quotactl01 test is finished in PASS (TCONF) in my system. Thank you for your revision. -Tomonori Mitani -Original Message- From: Subrata Modak [mailto:subr...@linux.vnet.ibm.com] Sent: Thursday, January 07, 2010 8:06 PM To: Mitani Cc: ltp-list@lists.sourceforge.net Subject: Re: [LTP] quotactl01 testcases problem Hello Mitani-San, Did this get resolved for you ? Regards-- Subrata On Tue, 2010-01-05 at 17:30 +0900, Mitani wrote: Hi, I tried quotactl01 testcases, and found two problems. Second one occurred after first one's revise. 1) In the result of quotactl01, Success are displayed in spite of failing in the test: quotactl011 TFAIL : cmd=0x82: TEST_ERRNO=???(0): Success quotactl012 TFAIL : cmd=0x83: TEST_ERRNO=???(0): Success quotactl013 TFAIL : cmd=0x87: TEST_ERRNO=???(0): Success quotactl014 TFAIL : cmd=0x88: TEST_ERRNO=???(0): Success quotactl015 TFAIL : cmd=0x85: TEST_ERRNO=???(0): Success quotactl016 TFAIL : cmd=0x86: TEST_ERRNO=???(0): Success quotactl017 TFAIL : cmd=0x84: TEST_ERRNO=???(0): Success quotactl018 TFAIL : cmd=0x81: TEST_ERRNO=???(0): Success This problem occurred because the return value of system-call (syscall(__NR_quotactl, cmd[i], ...)) is not judged correctly in ${LTPROOT}/testcases/kernel/syscalls/quotactl/quotactl01.c. Above errors are caused by TFAIL and messages are printed by TTERRNO. And there is only one place (Line 206) which uses TFAIL in quotactl01.c The following patch can fix this problem: --- quotactl01.c 2009-12-20 09:36:35.0 +0900 +++ quotactl01.c.new 2010-01-04 17:11:17.0 +0900 @@ -177,7 +177,6 @@ int id = getuid(); int newtid = -1; int result; - int ret; int i; int lc; /* loop counter */ char *msg;/* message returned from parse_opts */ @@ -199,10 +198,10 @@ for (i = 0; i = 7; i++){ - ret = syscall(__NR_quotactl, cmd[i], + TEST(syscall(__NR_quotactl, cmd[i], (const char *)NULL, id, - (caddr_t)NULL); - if (ret != 0) { + (caddr_t)NULL)); + if (TEST_RETURN != 0) { tst_resm(TFAIL|TTERRNO, cmd=0x%x, cmd[i]); } else { tst_resm(TPASS, quotactl call succeeded); However, new problem occurred after applying above patch. 2) The test failed with the following error in my system: quotactl011 TFAIL : cmd=0x82: TEST_ERRNO=EFAULT(14): Bad address quotactl012 TFAIL : cmd=0x83: TEST_ERRNO=EFAULT(14): Bad address quotactl013 TFAIL : cmd=0x87: TEST_ERRNO=EFAULT(14): Bad address quotactl014 TFAIL : cmd=0x88: TEST_ERRNO=EFAULT(14): Bad address quotactl015 TFAIL : cmd=0x85: TEST_ERRNO=EFAULT(14): Bad address quotactl016 TFAIL : cmd=0x86: TEST_ERRNO=EFAULT(14): Bad address quotactl017 TFAIL : cmd=0x84: TEST_ERRNO=EFAULT(14): Bad address quotactl018 TFAIL : cmd=0x81: TEST_ERRNO=EFAULT(14): Bad address EFAULT means that there is an error in addr. The format of quotactl is following: int quotactl(int cmd, const char *special, int id, caddr_t addr); Therefore, EFAULT means that 4th argument of quotactl() has problem. In ${LTPROOT}/testcases/kernel/syscalls/quotactl/quotactl01.c, 4th argument of quotactl() is NULL: Is it right? I'm glad if I get your help. Regards-- -Tomonori Mitani -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___
Re: [LTP] regression: selinux testsuite broken since October
On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: Also, if you guys can try out this patch for refpolicy/Makefile, I'd prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy Make logic): Index: refpolicy/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- refpolicy/Makefile 8 Jan 2010 09:39:20 - 1.12 +++ refpolicy/Makefile 12 Jan 2010 17:17:27 - @@ -17,7 +17,7 @@ # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Garrett Cooper, August 2009 +# Garrett Cooper, January 2010 # top_srcdir ?= ../../../../.. @@ -32,6 +32,7 @@ DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) +# Avoid empty strings. ifeq ($(strip $(DISTRO_VER)),) DISTRO_VER := generic endif @@ -41,10 +42,17 @@ POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel SEMODULE ?= $(DESTDIR)/usr/sbin/semodule -INSTALL_DIR := testcases/kernel/security/selinux-testsuite +INSTALL_DIR := testcases/selinux-testsuite/refpolicy TEST_POLICY_DIR := $(abs_srcdir)/policy_files +# Do we have a special set of policies in the SCM to install? +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) +else +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic +endif + .PHONY: all clean cleanup install load CLEAN_DEPS := cleanup @@ -55,34 +63,24 @@ -$(SEMODULE) -r test_policy $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) -MAKE_TARGETS := - -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) - -# load remains for backwards compatibility... -load: - $(MAKE) -C $(TEST_POLICY_DIR) -else - MAKE_TARGETS := test_policy.te -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic - -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) - ifneq ($(CHECKPOLICY_VERS),24) POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) endif +# This is being done to preserve precedence; test_global.te must come first. +POLICY_FILES := test_global.te \ + $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) + load: - @if [ -d $(POLICY_DEVEL_DIR) ]; then \ - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ + @set -e; if [ -d $(POLICY_DEVEL_DIR) ]; then \ + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ else \ - echo ERROR: You must have selinux-policy-devel installed.; \ + echo ERROR: You must have selinux-policy?-devel? installed.; \ false; \ fi There's a stray endif on line 90 of refpolicy/Makefile that needs to be deleted as well, FYI... Ok. test policy appears to build (on Fedora) when running make by hand from the refpolicy directory, but you still can't run the tests, either from /opt/ltp or from the source tree. # cd /opt/ltp/testscripts ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /opt/ltp /opt/ltp allow_domain_fd_use -- off allow_domain_fd_use exists setting building and installing test_policy module... ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory make: *** No rule to make target `load'. Stop. Failed to build and load test_policy module, aborting test run. /etc/selinux /opt/ltp /opt/ltp # cd LTP_SRCDIR/testscripts ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /home/sds/ltp /home/sds/ltp allow_domain_fd_use -- off allow_domain_fd_use exists setting building and installing test_policy module... make[1]: Entering directory `/usr/share/selinux/devel' rm -fR tmp rm -f *.pp make[1]: Leaving directory `/usr/share/selinux/devel' make[1]: Entering directory `/usr/share/selinux/devel' Compiling targeted test_policy module /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp /usr/bin/checkmodule: policy
Re: [LTP] regression: selinux testsuite broken since October
On Tue, Jan 12, 2010 at 10:51 PM, Garrett Cooper yaneg...@gmail.com wrote: On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley s...@tycho.nsa.gov wrote: On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: Also, if you guys can try out this patch for refpolicy/Makefile, I'd prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy Make logic): Index: refpolicy/Makefile === RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- refpolicy/Makefile 8 Jan 2010 09:39:20 - 1.12 +++ refpolicy/Makefile 12 Jan 2010 17:17:27 - @@ -17,7 +17,7 @@ # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Garrett Cooper, August 2009 +# Garrett Cooper, January 2010 # top_srcdir ?= ../../../../.. @@ -32,6 +32,7 @@ DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) +# Avoid empty strings. ifeq ($(strip $(DISTRO_VER)),) DISTRO_VER := generic endif @@ -41,10 +42,17 @@ POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel SEMODULE ?= $(DESTDIR)/usr/sbin/semodule -INSTALL_DIR := testcases/kernel/security/selinux-testsuite +INSTALL_DIR := testcases/selinux-testsuite/refpolicy TEST_POLICY_DIR := $(abs_srcdir)/policy_files +# Do we have a special set of policies in the SCM to install? +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) +else +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic +endif + .PHONY: all clean cleanup install load CLEAN_DEPS := cleanup @@ -55,34 +63,24 @@ -$(SEMODULE) -r test_policy $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) -MAKE_TARGETS := - -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) - -# load remains for backwards compatibility... -load: - $(MAKE) -C $(TEST_POLICY_DIR) -else - MAKE_TARGETS := test_policy.te -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic - -POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) - ifneq ($(CHECKPOLICY_VERS),24) POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES)) endif +# This is being done to preserve precedence; test_global.te must come first. +POLICY_FILES := test_global.te \ + $(filter-out test_global.te,$(notdir $(wildcard $(TEST_POLICY_DIR)/*.te))) + load: - @if [ -d $(POLICY_DEVEL_DIR) ]; then \ - cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \ + @set -e; if [ -d $(POLICY_DEVEL_DIR) ]; then \ + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ else \ - echo ERROR: You must have selinux-policy-devel installed.; \ + echo ERROR: You must have selinux-policy?-devel? installed.; \ false; \ fi There's a stray endif on line 90 of refpolicy/Makefile that needs to be deleted as well, FYI... Ok. test policy appears to build (on Fedora) when running make by hand from the refpolicy directory, but you still can't run the tests, either from /opt/ltp or from the source tree. # cd /opt/ltp/testscripts ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /opt/ltp /opt/ltp allow_domain_fd_use -- off allow_domain_fd_use exists setting building and installing test_policy module... ./test_selinux.sh: line 92: cd: /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such file or directory make: *** No rule to make target `load'. Stop. Failed to build and load test_policy module, aborting test run. /etc/selinux /opt/ltp /opt/ltp # cd LTP_SRCDIR/testscripts ./test_selinux.sh Running with security context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /etc/selinux /home/sds/ltp /home/sds/ltp allow_domain_fd_use -- off allow_domain_fd_use exists setting building and installing test_policy module... make[1]: Entering directory `/usr/share/selinux/devel' rm -fR tmp rm -f *.pp make[1]: Leaving directory `/usr/share/selinux/devel' make[1]: Entering directory `/usr/share/selinux/devel' Compiling targeted test_policy module /usr/bin/checkmodule: