[LTP] [patch] selinux-testsuite: extend unconfined_runs_test

Wed, 23 Jan 2008 11:21:43 -0800 

Extend the unconfined_runs_test interface in the selinux testsuite
policy to allow the test programs to properly report back to the caller.
This is required to enable many of the tests to pass on Fedora 8 and
later.  Remaining FAIL cases are fdreceive and inherit (due to Fedora 8
policy granting fd:use permission globally for all domains) and
task_create (due to refpolicy automatically granting it to all domain
types).

Signed-off-by:  Stephen Smalley <[EMAIL PROTECTED]>

---

Index: testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch
===================================================================
RCS file: 
/cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch,v
retrieving revision 1.1
diff -u -r1.1 sbin_deprecated.patch
--- testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch      
2 Jan 2008 11:58:15 -0000       1.1
+++ testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch      
23 Jan 2008 19:11:05 -0000
@@ -556,7 +556,7 @@
 diff -Nrup refpolicy/test_policy.if refpolicy.new/test_policy.if
 --- refpolicy/test_policy.if   2007-12-31 06:57:36.000000000 -0500
 +++ refpolicy.new/test_policy.if       2007-12-31 06:05:59.000000000 -0500
-@@ -25,3 +25,11 @@
+@@ -25,3 +25,17 @@
  ##      Domain allowed to transition.
  ## </param>
  #
@@ -564,9 +564,15 @@
 +interface(`unconfined_runs_test',`
 +      gen_require(`
 +              type unconfined_t;
++              type unconfined_devpts_t;
 +      ')
 +
++      # Transition from the caller to the test domain.
 +      allow unconfined_t $1:process transition;
++      # Report back from the test domain to the caller.
++      allow $1 unconfined_t:fd use;
++      allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr };
++      allow $1 unconfined_t:fifo_file { read write ioctl getattr };
 +')
 diff -Nrup refpolicy/test_ptrace.te refpolicy.new/test_ptrace.te
 --- refpolicy/test_ptrace.te   2007-12-31 06:57:36.000000000 -0500


-- 
Stephen Smalley
National Security Agency


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to