Hi, From: "Serge E. Hallyn" <[email protected]> Subject: Re: [LTP] [PATCH 3/3] Proc01: Fix for PPC64 and Support SELinux-enabled Environment Date: Wed, 4 Feb 2009 11:28:43 -0600
> Quoting CAI Qian ([email protected]): >> Hi, >> >> The following patch adds checking for SELinux. If it is enabled, the >> following entries are expected to be read successfully, >> >> /proc/self/attr/* >> /proc/self/task/[0-9]*/attr/* >> >> If it is disabled, expecting read(2) return -1 with -EINVAL. 0It does not >> affect the testing for systems with no LSM, LSM other than SELinux, and >> SELinux-disabled. >> >> As discussed before, I don't want to put those entries to a separate >> test, so I can read them the same way as the rest of procfs entries. >> >> Signed-off-by: CAI Qian <[email protected]> >> >> --- testcases/kernel/fs/proc/proc01.c.p1 2009-02-04 11:06:30.000000000 >> -0500 >> +++ testcases/kernel/fs/proc/proc01.c 2009-02-04 11:14:06.000000000 >> -0500 >> @@ -25,6 +25,8 @@ >> * >> */ >> >> +#include "config.h" >> + >> #include <errno.h> /* for errno */ >> #include <stdio.h> /* for NULL */ >> #include <stdlib.h> /* for malloc() */ >> @@ -37,6 +39,10 @@ >> #include <fcntl.h> >> #include <fnmatch.h> >> >> +#ifdef HAVE_SELINUX_SELINUX_H >> +#include <selinux/selinux.h> >> +#endif >> + >> #include "test.h" >> #include "usctest.h" >> >> @@ -99,8 +105,19 @@ >> {"", "", 0} >> }; >> >> +#ifdef HAVE_SELINUX_SELINUX_H >> +/* If SELinux is enabled, the following entries should be read >> + successfully. */ >> +const char selinux_should_work[][PATH_MAX] = > > How about naming the array more generally, defining it > empty if !HAVE_SELINUX_SELINUX_H, and then always walking > it below? That will simplify the task of modifying the > flow for the next (non-selinux) folks to have to modify this. > Good point! I'll send a new patch soon. CAI Qian >> + { >> + "/proc/self/attr/*", >> + "/proc/self/task/[0-9]*/attr/*", >> + "" >> + }; >> +#endif >> + >> /* Known files that does not honor O_NONBLOCK, so they will hang >> - the test while being read.*/ >> + the test while being read. */ >> const char error_nonblock[][PATH_MAX] = >> { >> "/proc/xen/xenbus", >> @@ -112,6 +129,20 @@ >> { >> int i; >> >> +/* Should not see any error for certain entries if SELinux is >> + enabled. */ >> +#ifdef HAVE_SELINUX_SELINUX_H >> + if (is_selinux_enabled()) >> + { >> + for (i = 0; selinux_should_work[i][0] != '\0'; i++) >> + { >> + if (!strcmp(obj, selinux_should_work[i]) >> + || !fnmatch(selinux_should_work[i], obj, FNM_PATHNAME)) >> + return 0; >> + } >> + } >> +#endif >> + >> for (i = 0; known_issues[i].err != 0; i++) >> if (tmperr == known_issues[i].err >> && (!strcmp(obj, known_issues[i].file) >> >> ------------------------------------------------------------------------------ >> Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) >> software. With Adobe AIR, Ajax developers can use existing skills and code to >> build responsive, highly engaging applications that combine the power of >> local >> resources and data with the reach of the web. Download the Adobe AIR SDK and >> Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com >> _______________________________________________ >> Ltp-list mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/ltp-list ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
