Some changes on top of the prior patches to enable the ltp selinux testsuite to run successfully on rhel5. Changes: - Fix the extraction of the release version to exclude Client/Server/etc. - Make the ioctl test detect kernel version and adjust the test logic to match the expected selinux_file_ioctl() logic. - Prevent runcon from consuming the options to chcon in selinux_relabel.sh.
Signed-off-by: Stephen Smalley <[email protected]> --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile | 2 testcases/kernel/security/selinux-testsuite/tests/ioctl/selinux_noioctl.c | 28 +++++++--- testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh | 2 3 files changed, 23 insertions(+), 9 deletions(-) diff -u testcases/kernel/security/selinux-testsuite/refpolicy/Makefile testcases/kernel/security/selinux-testsuite/refpolicy/Makefile --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 5 May 2009 13:47:43 -0000 +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 5 May 2009 19:30:39 -0000 @@ -1,5 +1,5 @@ REDHAT_RELEASE=$(shell rpm -q redhat-release) -REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-") +REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g") POLICYDEVEL = /usr/share/selinux/devel SEMODULE = /usr/sbin/semodule CHECKPOLICY = /usr/bin/checkpolicy diff -u testcases/kernel/security/selinux-testsuite/tests/ioctl/selinux_noioctl.c testcases/kernel/security/selinux-testsuite/tests/ioctl/selinux_noioctl.c --- testcases/kernel/security/selinux-testsuite/tests/ioctl/selinux_noioctl.c 1 May 2009 13:29:14 -0000 +++ testcases/kernel/security/selinux-testsuite/tests/ioctl/selinux_noioctl.c 5 May 2009 19:30:39 -0000 @@ -16,6 +16,7 @@ #include<sys/stat.h> #include<linux/fs.h> #include<linux/ext2_fs.h> +#include <sys/utsname.h> /* * Test the ioctl() calls on a file whose name is given as the first @@ -25,11 +26,19 @@ * acess to the given file. */ int main(int argc, char **argv) { - + struct utsname uts; int fd; - int rc; + int rc, oldkernel = 1; int val; + if (uname(&uts) < 0) { + perror("uname"); + exit(1); + } + + if (strverscmp(uts.release, "2.6.27") >= 0) + oldkernel = 0; + fd = open(argv[1], O_RDONLY, 0); if(fd == -1) { @@ -51,19 +60,24 @@ exit(1); } - /* This one should hit the FILE__IOCTL test and fail. */ + /* + * This one depends on kernel version: + * New: Should hit the FILE__IOCTL test and fail. + * Old: Should only check FD__USE and succeed. + */ rc = ioctl(fd, FIONBIO, &val); - if( rc == 0 ) { + if( !rc == !oldkernel ) { printf("test_noioctl:FIONBIO"); exit(1); } /* - * This one should hit the FILE__READ test and succeed since - * read permission had to be granted in order to open the file. + * This one depends on kernel version: + * New: Should hit the FILE__READ test and succeed. + * Old: Should hit the FILE__GETATTR test and fail. */ rc = ioctl(fd, EXT2_IOC_GETVERSION, &val); - if( rc != 0 ) { + if( !rc != !oldkernel ) { perror("test_noioctl:EXT2_IOC_GETVERSION"); exit(1); } diff -u testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh --- testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh 30 Apr 2009 15:18:04 -0000 +++ testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh 5 May 2009 19:30:39 -0000 @@ -31,7 +31,7 @@ RC=0 # Verify that test_relabel_t can relabel the file. - runcon -t test_relabel_t chcon -t test_relabel_newtype_t $SELINUXTMPDIR/test_file 2>&1 + runcon -t test_relabel_t -- chcon -t test_relabel_newtype_t $SELINUXTMPDIR/test_file 2>&1 RC=$? if [ $RC -eq 0 ] then -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
