On Mon, 2008-03-24 at 08:34 -0400, Stephen Smalley wrote:
> On Mon, 2008-03-24 at 17:55 +0530, Subrata Modak wrote:
> > Hi Stephen,
> >
> > Do you have any forthcoming updates for LTP-Selinux ?
>
> Not presently, no. However, I would like to note that they seem to be
> broken on Fedora 9 / rawhide, presumably due to changes in the base
> policy again. So someone will need to fix that eventually.
Oh God !! That´s unfortunate to hear. You can send me patch anytime to
fix the same. Sergei/Jeff can you also help out on this, as you provided
se-linux patches earlier ?
Regards--
Subrata
>
> >
> > Regards--
> > Subrata
> >
> > On Tue, 2008-02-26 at 12:25 -0500, Stephen Smalley wrote:
> > > On Tue, 2008-02-26 at 11:08 -0600, Serge E. Hallyn wrote:
> > > > Quoting Jeff Burke ([EMAIL PROTECTED]):
> > > > > Jeff Burke wrote:
> > > > > > Stephen Smalley wrote:
> > > > > >> On Tue, 2008-02-26 at 08:48 -0500, Jeff Burke wrote:
> > > > > >>> Subrata Modak wrote:
> > > > > >>>> On Mon, 2008-02-25 at 09:08 -0500, Stephen Smalley wrote:
> > > > > >>>>> On Mon, 2008-02-25 at 18:56 +0530, Subrata Modak wrote:
> > > > > >>>>>> Stephen,
> > > > > >>>>>>
> > > > > >>>>>> Any new Patches for LTP-Selinux ?
> > > > > >>>>> I don't have any updates, no.
> > > > > >>>>>
> > > > > >>>>> I have noticed that on x86_64, there are a number of FAILs that
> > > > > >>>>> are not
> > > > > >>>>> present on x86, in particular in the System V IPC tests (msg,
> > > > > >>>>> sem, shm).
> > > > > >>>>> I don't know if that has always been the case or not, as the
> > > > > >>>>> tests were
> > > > > >>>>> all originally written and tested on x86 only.
> > > > > >>>> Turing this on to Jeff and Sergei, who used these test cases a
> > > > > >>>> lot on
> > > > > >>>> their machines.
> > > > > >>> Subrata,
> > > > > >>> Currently I don't have any patches. But I am still running the
> > > > > >>> ltp-full-20071231 release. I am primarily focusing on RHEL so we
> > > > > >>> still
> > > > > >>> may have issues the selinux test and Fedora. At the current time
> > > > > >>> we are
> > > > > >>> in a "lock down" mode for the release of RHEL5.2 so I can't
> > > > > >>> change the
> > > > > >>> baseline tests that are being used.
> > > > > >>>
> > > > > >>> One thing that I did discover is that with the release of
> > > > > >>> SELinux that
> > > > > >>> is in 5.2 and they way the test is run we have to set a boolean
> > > > > >>> for the
> > > > > >>> test to pass. If the boolean exists
> > > > > >>> /usr/sbin/setsebool allow_domain_fd_use=0 We may want to add that
> > > > > >>> to the
> > > > > >>> README.
> > > > > >> Ok, that's due to a policy change by Dan in the base policy.
> > > > > >>
> > > > > >>> Here is what I think still needs to be done. Currently there is
> > > > > >>> no way
> > > > > >>> to put the system back into the state it was before the test ran.
> > > > > >>> This
> > > > > >>> should be handled as part of the testcase. At this point in time
> > > > > >>> we make
> > > > > >>> sure that this is the last test that gets run on that system.
> > > > > >> Not sure what you mean - the test_selinux.sh script removes the
> > > > > >> test
> > > > > >> policy module after running the tests. Also, Serge submitted
> > > > > >> patches to
> > > > > >> automatically save, modify, and restore semanage.conf in
> > > > > >> test_selinux.sh
> > > > > >> so that it doesn't require manual modification. test_selinux.sh
> > > > > >> could
> > > > > >> also handle the setting and restoring of that boolean, although it
> > > > > >> needs
> > > > > >> to gracefully proceed if that boolean happens to not exist in the
> > > > > >> particular system being tested.
> > > > > > Stephen,
> > > > > > Not sure when Serge added that stuff to the test_selinux.sh.
> > > > > > But I am
> > > > > > currently behind (ltp-full-20071231) in my baseline. So I may not
> > > > > > have
> > > > > > those changes you have mentioned. I will compare it with what is
> > > > > > currently in CVS.
> > > > > Here is the diff:
> > > > > --------------------------------------------------------
> > > > > diff ./ltp-full-20071231/testscripts/test_selinux.sh
> > > > > /local_data/sandbox/LTP/ltp/testscripts/test_selinux.sh
> > > > > 11a12,24
> > > > > > config_set_expandcheck() {
> > > > > > pushd /etc/selinux
> > > > > > cp --preserve semanage.conf semanage.conf.orig
> > > > > > echo "expand-check=0" >> semanage.conf
> > > > > > popd
> > > > > > }
> > > > > >
> > > > > > config_unset_expandcheck() {
> > > > > > pushd /etc/selinux
> > > > > > mv semanage.conf.orig semanage.conf
> > > > > > popd
> > > > > > }
> > > > > >
> > > > > 61a75,81
> > > > > > # Update test policy if needed
> > > > > > pushd $LTPROOT/testcases/kernel/security/selinux-testsuite/misc
> > > > > > sh ./update_refpolicy.sh
> > > > > > popd
> > > > > >
> > > > > > config_set_expandcheck
> > > > > >
> > > > > 67a88
> > > > > > config_unset_expandcheck
> > > > > 72a94,95
> > > > > > config_unset_expandcheck
> > > > > >
> > > > > --------------------------------------------------------
> > > > > >
> > > > > > If in fact they are the same, I will send out the information
> > > > > > on what
> > > > > > problems I am seeing. I will also send along a patch for the boolean
> > > > > > change in test_selinux.sh
> > > > > Let me know if you still want the results.
> > > >
> > > > I assume expand-check won't ignore booleans, so I should think your
> > > > patch will still be needed for 5.2.
> > >
> > > Correct. Just make sure that if you don't bail out of the test script
> > > altogether if the boolean doesn't exist in the policy (possibly call
> > > getsebool first on it).
> > >
> > > >
> > > > thanks,
> > > > -serge
> > > >
> > > > > > Thanks,
> > > > > > Jeff
> > > > > >>> Comment or questions?
> > > > > >>> Jeff
> > > > > >>>> --Subrata
> > > > > >>>>>> Regards--
> > > > > >>>>>> Subrata
> > > > > >>>>>>
> > > > > >>>>>> On Wed, 2008-01-30 at 07:20 -0500, Stephen Smalley wrote:
> > > > > >>>>>>> On Tue, 2008-01-29 at 18:21 -0600, Serge E. Hallyn wrote:
> > > > > >>>>>>>> Here is a patch against this morning's ltp cvs snapshot to
> > > > > >>>>>>>> implement
> > > > > >>>>>>>> Stephen's suggestion of setting expand-check=0 for the
> > > > > >>>>>>>> duration of
> > > > > >>>>>>>> the policy load. This allowed me to get rid of the hack
> > > > > >>>>>>>> ++domain_type(test_create_no_t) in
> > > > > >>>>>>>> refpolicy/test_task_create.te, also
> > > > > >>>>>>>> done in this patch.
> > > > > >>>>>>>>
> > > > > >>>>>>>> (I think it also inlines a patch Stephen sent on jan 23 which
> > > > > >>>>>>>> wasn't yet in ltp cvs)
> > > > >
> > > > > -------------------------------------------------------------------------
> > > > > This SF.net email is sponsored by: Microsoft
> > > > > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > > _______________________________________________
> > > > > Ltp-list mailing list
> > > > > Ltp-list@lists.sourceforge.net
> > > > > https://lists.sourceforge.net/lists/listinfo/ltp-list
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
