Re: [LTP] [patch] selinux-testsuite: extend unconfined_runs_test

Wed, 30 Jan 2008 23:41:45 -0800 

This is through. Thanks.

--Subrata

> Extend the unconfined_runs_test interface in the selinux testsuite
> policy to allow the test programs to properly report back to the caller.
> This is required to enable many of the tests to pass on Fedora 8 and
> later.  Remaining FAIL cases are fdreceive and inherit (due to Fedora 8
> policy granting fd:use permission globally for all domains) and
> task_create (due to refpolicy automatically granting it to all domain
> types).
> 
> Signed-off-by:  Stephen Smalley <[EMAIL PROTECTED]>
> 
> ---
> 
> Index: testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch
> ===================================================================
> RCS file: 
> /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch,v
> retrieving revision 1.1
> diff -u -r1.1 sbin_deprecated.patch
> --- testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch    
> 2 Jan 2008 11:58:15 -0000       1.1
> +++ testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch    
> 23 Jan 2008 19:11:05 -0000
> @@ -556,7 +556,7 @@
>  diff -Nrup refpolicy/test_policy.if refpolicy.new/test_policy.if
>  --- refpolicy/test_policy.if 2007-12-31 06:57:36.000000000 -0500
>  +++ refpolicy.new/test_policy.if     2007-12-31 06:05:59.000000000 -0500
> -@@ -25,3 +25,11 @@
> +@@ -25,3 +25,17 @@
>   ##      Domain allowed to transition.
>   ## </param>
>   #
> @@ -564,9 +564,15 @@
>  +interface(`unconfined_runs_test',`
>  +    gen_require(`
>  +            type unconfined_t;
> ++            type unconfined_devpts_t;
>  +    ')
>  +
> ++    # Transition from the caller to the test domain.
>  +    allow unconfined_t $1:process transition;
> ++    # Report back from the test domain to the caller.
> ++    allow $1 unconfined_t:fd use;
> ++    allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr };
> ++    allow $1 unconfined_t:fifo_file { read write ioctl getattr };
>  +')
>  diff -Nrup refpolicy/test_ptrace.te refpolicy.new/test_ptrace.te
>  --- refpolicy/test_ptrace.te 2007-12-31 06:57:36.000000000 -0500
> 
> 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to