On Fri, 2009-05-08 at 12:40 -0500, Serge E. Hallyn wrote: > Quoting Stephen Smalley ([email protected]): > > On Thu, 2009-05-07 at 21:31 -0500, Serge E. Hallyn wrote: > > > Hi Stephen, > > > > > > I'm trying to test all of your patches. But I'm having the (lately > > > usual) static libs problem. tests/inherit/Makefile specifies that > > > selinux_inherit_* should be compiled -static and -lselinux, but > > > libselinux.a is not installed. What did you do about this - did > > > you compile libselinux.a by hand, or did you find a rpm that > > > installs it? For now I just removed -static from LDFLAGS. > > > I don't recall why they were > > > -static originally. > > > > yum install libselinux-static > > I swear I'd done a yum search libselinux | grep static... > > Thanks, that did it. Any objection to adding that to the README?
It can go into the SELinux Policy and Userland section added by my earlier patch to the README; likely should mention that you need the libselinux-devel package as well. However, it is somewhat distro- and release- specific; I think originally everything was provided by the libselinux package, then they did an initial split into libselinux vs libselinux-devel, and then they further moved the static lib from libselinux-devel to its own libselinux-static. RHEL 5 didn't have a separate libselinux-static. And Debian has slightly different package names (libselinux1, libselinux1-dev) and I think they still keep the static lib in the -dev package. > > IIRC, you can't cleanly test the fd:use inheritance check from > > parent->child if the child is dynamically linked (inheritance of the > > descriptor to the dynamic linker opened while still in parent context). > > > > > My run, with all of your patches applied, on just-updated f11, gave me > > > the following failures: > > > > > > SELinux10 - selinux_file > > > test14 > > > probably explained by the fact that selinux_wait_io is labeled > > > system_u:object_r:unlabeled_t:s0 ? > > > > Well, it would be left in unlabeled_t after the test policy gets > > removed. > > Oh I was thinking I'd have to unload manually, but that's bc > I'd glanced at a line out of your README patch about > running individual testcases. > > > > SELinux36 - selinux_wait > > > test02 > > > > The two failures you listed are actual kernel regression, the first > > fixed by my recent patch (selinux: Fix send_sigiotask hook) on selinux > > list and the second fixed by a recent patch by Oleg Nesterov on lkml > > (do_wait: do take security_task_wait() into account). So the above > > just reflects that the ltp selinux testsuite is operating correctly and > > detecting improper kernel behavior in your kernel. > > Excellent. > > thanks, > -serge -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
