Jeff Burke wrote:
> Stephen Smalley wrote:
>> On Tue, 2008-02-26 at 08:48 -0500, Jeff Burke wrote:
>>> Subrata Modak wrote:
>>>> On Mon, 2008-02-25 at 09:08 -0500, Stephen Smalley wrote:
>>>>> On Mon, 2008-02-25 at 18:56 +0530, Subrata Modak wrote:
>>>>>> Stephen,
>>>>>>
>>>>>> Any new Patches for LTP-Selinux ?
>>>>> I don't have any updates, no.
>>>>>
>>>>> I have noticed that on x86_64, there are a number of FAILs that are not
>>>>> present on x86, in particular in the System V IPC tests (msg, sem, shm).
>>>>> I don't know if that has always been the case or not, as the tests were
>>>>> all originally written and tested on x86 only.
>>>> Turing this on to Jeff and Sergei, who used these test cases a lot on
>>>> their machines.
>>> Subrata,
>>> Currently I don't have any patches. But I am still running the
>>> ltp-full-20071231 release. I am primarily focusing on RHEL so we still
>>> may have issues the selinux test and Fedora. At the current time we are
>>> in a "lock down" mode for the release of RHEL5.2 so I can't change the
>>> baseline tests that are being used.
>>>
>>> One thing that I did discover is that with the release of SELinux that
>>> is in 5.2 and they way the test is run we have to set a boolean for the
>>> test to pass. If the boolean exists
>>> /usr/sbin/setsebool allow_domain_fd_use=0 We may want to add that to the
>>> README.
>> Ok, that's due to a policy change by Dan in the base policy.
>>
>>> Here is what I think still needs to be done. Currently there is no way
>>> to put the system back into the state it was before the test ran. This
>>> should be handled as part of the testcase. At this point in time we make
>>> sure that this is the last test that gets run on that system.
>> Not sure what you mean - the test_selinux.sh script removes the test
>> policy module after running the tests. Also, Serge submitted patches to
>> automatically save, modify, and restore semanage.conf in test_selinux.sh
>> so that it doesn't require manual modification. test_selinux.sh could
>> also handle the setting and restoring of that boolean, although it needs
>> to gracefully proceed if that boolean happens to not exist in the
>> particular system being tested.
> Stephen,
> Not sure when Serge added that stuff to the test_selinux.sh. But I am
> currently behind (ltp-full-20071231) in my baseline. So I may not have
> those changes you have mentioned. I will compare it with what is
> currently in CVS.
Here is the diff:
--------------------------------------------------------
diff ./ltp-full-20071231/testscripts/test_selinux.sh
/local_data/sandbox/LTP/ltp/testscripts/test_selinux.sh
11a12,24
> config_set_expandcheck() {
> pushd /etc/selinux
> cp --preserve semanage.conf semanage.conf.orig
> echo "expand-check=0" >> semanage.conf
> popd
> }
>
> config_unset_expandcheck() {
> pushd /etc/selinux
> mv semanage.conf.orig semanage.conf
> popd
> }
>
61a75,81
> # Update test policy if needed
> pushd $LTPROOT/testcases/kernel/security/selinux-testsuite/misc
> sh ./update_refpolicy.sh
> popd
>
> config_set_expandcheck
>
67a88
> config_unset_expandcheck
72a94,95
> config_unset_expandcheck
>
--------------------------------------------------------
>
> If in fact they are the same, I will send out the information on what
> problems I am seeing. I will also send along a patch for the boolean
> change in test_selinux.sh
Let me know if you still want the results.
>
> Thanks,
> Jeff
>>> Comment or questions?
>>> Jeff
>>>> --Subrata
>>>>>> Regards--
>>>>>> Subrata
>>>>>>
>>>>>> On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote:
>>>>>>> On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote:
>>>>>>>> Here is a patch against this morning's ltp cvs snapshot to implement
>>>>>>>> Stephen's suggestion of setting expand-check=0 for the duration of
>>>>>>>> the policy load. This allowed me to get rid of the hack
>>>>>>>> ++domain_type(test_create_no_t) in refpolicy/test_task_create.te, also
>>>>>>>> done in this patch.
>>>>>>>>
>>>>>>>> (I think it also inlines a patch Stephen sent on jan 23 which
>>>>>>>> wasn't yet in ltp cvs)
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
