Hi Stephen, Sergei & David,
Can you kindly provide review comments for this LTP-SELinux patch from
Ramon.
Regards--
Subrata
-------- Forwarded Message --------
From: Ramon de Carvalho Valle <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [email protected]
Subject: [LTP] [PATCH] The selinux-testsuite does not work out of the
box on RHEL4
Date: Mon, 07 Jul 2008 16:38:24 -0300
The attached patch fixes the following issues:
The LTP selinux-testsuite does not work out of the box on Red Hat
Enterprise
Linux 4.
The testscripts/test_selinux.sh script does not detect if refpolicy should be
used or not.
The LTP selinux-testsuite test policy uses the can_setcon macro which is not
defined in global macros of Red Hat Enterprise Linux 4 selinux policy targeted
sources.
Some Makefile needs minor fixes and enhancements.
Best regards,
--
Ramon de Carvalho Valle
Software Engineer
IBM Linux Technology Center
E-Mail: [EMAIL PROTECTED]
Mobile: +55-21-78987602
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/Makefile ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/Makefile
--- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/Makefile 2005-04-20 13:09:04.000000000 -0300
+++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/Makefile 2008-07-07 11:43:59.000000000 -0300
@@ -1,18 +1,18 @@
-# for FC3
include /etc/selinux/config
-POLICYSRC = /etc/selinux/$(SELINUXTYPE)/src/policy
+SELINUX_SRC=/etc/selinux/$(SELINUXTYPE)/src/policy
-# for FC2
-#POLICYSRC = /etc/security/selinux/src/policy
+# for Fedora Core 2
+# SELINUX_SRC=/etc/security/selinux/src/policy
load:
- @if [ -d $(POLICYSRC) ]; then \
- install test_*.te $(POLICYSRC)/domains/misc; \
- $(MAKE) -C $(POLICYSRC) clean load; \
+ @if [ -d $(SELINUX_SRC) ]; then \
+ cp test_* $(SELINUX_SRC)/domains/misc/; \
+ $(MAKE) -C $(SELINUX_SRC) -W users load; \
else \
- echo "ERROR: You must have the policy sources installed in $(POLICYSRC)."; \
+ echo "ERROR: You must have selinux-policy-targeted-sources installed."; \
fi
cleanup:
- rm -f $(POLICYSRC)/domains/misc/test_*.te
- $(MAKE) -C $(POLICYSRC) clean load
+ rm -f $(SELINUX_SRC)/domains/misc/test_*
+ $(MAKE) -C $(SELINUX_SRC) -W users load
+
diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/test_global.te ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/test_global.te
--- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/policy/test_global.te 2008-04-06 07:39:18.000000000 -0300
+++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/policy/test_global.te 2008-07-03 18:13:41.000000000 -0300
@@ -3,6 +3,28 @@
# Rules that apply to most test domains.
#
+#
+# This test policy uses the can_setcon macro which is not defined in global
+# macros of Red Hat Enterprise Linux 4 selinux policy targeted sources, so we
+# define it here as a workaround.
+#
+
+##################################
+#
+# can_setcon(domain)
+#
+# Authorize a domain to set its current context
+# (via /proc/pid/attr/current).
+#
+define(`can_setcon',`
+allow $1 self:process setcurrent;
+allow $1 proc_t:dir search;
+allow $1 proc_t:{ file lnk_file } read;
+allow $1 self:dir search;
+allow $1 self:file { getattr read write };
+')
+
+
# Note: test_file_t is declared in types/file.te in the example policy.
# Authorize sysadm_r and system_r for the test domains.
diff -urN ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/tests/Makefile ltp-full-20080531/testcases/kernel/security/selinux-testsuite/tests/Makefile
--- ltp-full-20080531.original/testcases/kernel/security/selinux-testsuite/tests/Makefile 2005-11-08 14:49:33.000000000 -0200
+++ ltp-full-20080531/testcases/kernel/security/selinux-testsuite/tests/Makefile 2008-07-07 14:40:44.000000000 -0300
@@ -1,6 +1,12 @@
-SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys dyntrace dyntrans
+REDHAT_RELEASE=$(shell rpm -q redhat-release)
-all:
+ifeq (redhat-release-4, $(findstring redhat-release-4, $(REDHAT_RELEASE)))
+ SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys
+else
+ SUBDIRS=domain_trans entrypoint execshare exectrace execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink relabel rename rxdir sem setattr setnice shm sigkill stat sysctl task_create task_setnice task_setscheduler task_getscheduler task_getsid task_getpgid task_setpgid wait file ioctl capable_file capable_net capable_sys dyntrace dyntrans
+endif
+
+all:
@set -e; for i in $(SUBDIRS); do \
$(MAKE) -C $$i all; \
chcon -R -t test_file_t . ; \
diff -urN ltp-full-20080531.original/testscripts/test_selinux.sh ltp-full-20080531/testscripts/test_selinux.sh
--- ltp-full-20080531.original/testscripts/test_selinux.sh 2008-04-06 07:39:19.000000000 -0300
+++ ltp-full-20080531/testscripts/test_selinux.sh 2008-07-07 13:50:29.000000000 -0300
@@ -75,6 +75,14 @@
exit
fi
+SEMODULE="/usr/sbin/semodule"
+
+if [ -f $SEMODULE ]; then
+ POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy"
+else
+ POLICYDIR="$LTPROOT/testcases/kernel/security/selinux-testsuite/policy"
+fi
+
# Update test policy if needed
pushd $LTPROOT/testcases/kernel/security/selinux-testsuite/misc
sh ./update_refpolicy.sh
@@ -86,7 +94,7 @@
# build and install the test policy...
echo "building and installing test_policy module..."
-cd $LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy
+cd $POLICYDIR
make load
if [ $? != 0 ]; then
echo "Failed to build and load test_policy module, aborting test run."
@@ -122,7 +130,7 @@
/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
echo "Removing test_policy module..."
-cd $LTPROOT/testcases/kernel/security/selinux-testsuite/refpolicy
+cd $POLICYDIR
make cleanup 2>&1
if [ $? != 0 ]; then
echo "Failed to remove test_policy module."
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
