Quoting Jeff Burke ([EMAIL PROTECTED]):
> Jeff Burke wrote:
> > Stephen Smalley wrote:
> >> On Tue, 2008-02-26 at 08:48 -0500, Jeff Burke wrote:
> >>> Subrata Modak wrote:
> >>>> On Mon, 2008-02-25 at 09:08 -0500, Stephen Smalley wrote:
> >>>>> On Mon, 2008-02-25 at 18:56 +0530, Subrata Modak wrote:
> >>>>>> Stephen,
> >>>>>>
> >>>>>> Any new Patches for LTP-Selinux ?
> >>>>> I don't have any updates, no.
> >>>>>
> >>>>> I have noticed that on x86_64, there are a number of FAILs that are not
> >>>>> present on x86, in particular in the System V IPC tests (msg, sem, shm).
> >>>>> I don't know if that has always been the case or not, as the tests were
> >>>>> all originally written and tested on x86 only.
> >>>> Turing this on to Jeff and Sergei, who used these test cases a lot on
> >>>> their machines.
> >>> Subrata,
> >>> Currently I don't have any patches. But I am still running the
> >>> ltp-full-20071231 release. I am primarily focusing on RHEL so we still
> >>> may have issues the selinux test and Fedora. At the current time we are
> >>> in a "lock down" mode for the release of RHEL5.2 so I can't change the
> >>> baseline tests that are being used.
> >>>
> >>> One thing that I did discover is that with the release of SELinux that
> >>> is in 5.2 and they way the test is run we have to set a boolean for the
> >>> test to pass. If the boolean exists
> >>> /usr/sbin/setsebool allow_domain_fd_use=0 We may want to add that to the
> >>> README.
> >> Ok, that's due to a policy change by Dan in the base policy.
> >>
> >>> Here is what I think still needs to be done. Currently there is no way
> >>> to put the system back into the state it was before the test ran. This
> >>> should be handled as part of the testcase. At this point in time we make
> >>> sure that this is the last test that gets run on that system.
> >> Not sure what you mean - the test_selinux.sh script removes the test
> >> policy module after running the tests. Also, Serge submitted patches to
> >> automatically save, modify, and restore semanage.conf in test_selinux.sh
> >> so that it doesn't require manual modification. test_selinux.sh could
> >> also handle the setting and restoring of that boolean, although it needs
> >> to gracefully proceed if that boolean happens to not exist in the
> >> particular system being tested.
> > Stephen,
> > Not sure when Serge added that stuff to the test_selinux.sh. But I am
> > currently behind (ltp-full-20071231) in my baseline. So I may not have
> > those changes you have mentioned. I will compare it with what is
> > currently in CVS.
> Here is the diff:
> --------------------------------------------------------
> diff ./ltp-full-20071231/testscripts/test_selinux.sh
> /local_data/sandbox/LTP/ltp/testscripts/test_selinux.sh
> 11a12,24
> > config_set_expandcheck() {
> > pushd /etc/selinux
> > cp --preserve semanage.conf semanage.conf.orig
> > echo "expand-check=0" >> semanage.conf
> > popd
> > }
> >
> > config_unset_expandcheck() {
> > pushd /etc/selinux
> > mv semanage.conf.orig semanage.conf
> > popd
> > }
> >
> 61a75,81
> > # Update test policy if needed
> > pushd $LTPROOT/testcases/kernel/security/selinux-testsuite/misc
> > sh ./update_refpolicy.sh
> > popd
> >
> > config_set_expandcheck
> >
> 67a88
> > config_unset_expandcheck
> 72a94,95
> > config_unset_expandcheck
> >
> --------------------------------------------------------
> >
> > If in fact they are the same, I will send out the information on what
> > problems I am seeing. I will also send along a patch for the boolean
> > change in test_selinux.sh
> Let me know if you still want the results.
I assume expand-check won't ignore booleans, so I should think your
patch will still be needed for 5.2.
thanks,
-serge
> > Thanks,
> > Jeff
> >>> Comment or questions?
> >>> Jeff
> >>>> --Subrata
> >>>>>> Regards--
> >>>>>> Subrata
> >>>>>>
> >>>>>> On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote:
> >>>>>>> On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote:
> >>>>>>>> Here is a patch against this morning's ltp cvs snapshot to implement
> >>>>>>>> Stephen's suggestion of setting expand-check=0 for the duration of
> >>>>>>>> the policy load. This allowed me to get rid of the hack
> >>>>>>>> ++domain_type(test_create_no_t) in refpolicy/test_task_create.te,
> >>>>>>>> also
> >>>>>>>> done in this patch.
> >>>>>>>>
> >>>>>>>> (I think it also inlines a patch Stephen sent on jan 23 which
> >>>>>>>> wasn't yet in ltp cvs)
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
