On Tue, 2010-01-12 at 00:43 -0800, Garrett Cooper wrote: > On Mon, Jan 11, 2010 at 11:55 AM, Stephen Smalley <[email protected]> wrote: > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote: > >> Quoting Stephen Smalley ([email protected]): > >> > On Fri, 2010-01-08 at 23:27 -0800, Garrett Cooper wrote: > >> > > On Fri, Jan 8, 2010 at 2:08 PM, Garrett Cooper <[email protected]> > >> > > wrote: > >> > > > On Fri, Jan 8, 2010 at 2:00 PM, Stephen Smalley <[email protected]> > >> > > > wrote: > >> > > >> On Fri, 2010-01-08 at 13:38 -0800, Garrett Cooper wrote: > >> > > >>> On Fri, Jan 8, 2010 at 10:50 AM, Stephen Smalley > >> > > >>> <[email protected]> wrote: > >> > > >>> > On Fri, 2010-01-08 at 13:47 -0500, Stephen Smalley wrote: > >> > > >>> >> On Fri, 2010-01-08 at 10:20 -0800, Garrett Cooper wrote: > >> > > >>> >> > Thanks for the feedback and details Stephen. > >> > > >>> >> > Would you be kind enough to try out the version from CVS > >> > > >>> >> > to see > >> > > >>> >> > whether or not it resolves your issue? You'll also need to > >> > > >>> >> > update > >> > > >>> >> > $LTPROOT/scripts in order to use the new version as I added a > >> > > >>> >> > distro > >> > > >>> >> > detection script which opens up /etc/redhat-release (for > >> > > >>> >> > redhat) as > >> > > >>> >> > opposed to using rpm to query the release. > >> > > >>> >> > Thanks, > >> > > >>> >> > -Garrett > >> > > >>> >> > >> > > >>> >> The attempt to make the test policy immediately dies with: > >> > > >>> >> detect_distro.sh: ERROR: Bad release file: /etc/redhat-release > >> > > >>> > > >> > > >>> > I should note that I'm running it on Fedora, so I wouldn't > >> > > >>> > expect that > >> > > >>> > file to exist. But the script needs to handle it gracefully; we > >> > > >>> > just > >> > > >>> > use the generic test policy files in that situation. > >> > > >>> > >> > > >>> What does /etc/redhat-release look like (feel free to reply to > >> > > >>> me off-list)? > >> > > >> > >> > > >> On RHEL5, it can look like one of the following: > >> > > >> Red Hat Enterprise Linux Server release 5 (Tikanga) > >> > > >> Red Hat Enterprise Linux Server release 5.x (Tikanga) > >> > > >> Red Hat Enterprise Linux Client release 5 (Tikanga) > >> > > >> Red Hat Enterprise Linux Client release 5.x (Tikanga) > >> > > > > >> > > > Interesting. They switched over to more of the Fedora-style > >> > > > branding, maybe?. > >> > > > > >> > > > [garrc...@halflife ~]$ cat /etc/redhat-release > >> > > > Red Hat Enterprise Linux AS release 4 (Nahant Update 6) > >> > > > >> > > Could you try again please :)? > >> > > >> > Fails with: > >> > cp: cannot stat > >> > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*': > >> > No such file or directory > >> > >> You ran /home/sds/ltp/testscripts/test_selinux.sh, right? > >> > >> I think we are supposed to actually be running > >> /opt/ltp/testscripts/test_selinux.sh. So then the first question for > >> Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from a > >> testscript? Or should the policy sources be copied into /opt? > > > > Ok, but regardless: the refpolicy Makefile is still broken. > > Yes, it is (I don't have access to that package I think on my > version of Fedora...). Please try the attached patch and let me know > how it goes [the comments aren't as important as the `set -e' and > `$(TEST_POLICY_DIR)/' removal on the cp(1) call]. > Thanks, > -Garrett
The patch was whitespace-damaged, so I had to fix it up by hand. Now a 'make' in the refpolicy directory yields: (cd "/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic" && cat test_global.te test_bounds.te test_capable_file.te test_capable_net.te test_capable_sys.te test_dyntrace.te test_dyntrans.te test_entrypoint.te test_execshare.te test_exectrace.te test_execute_no_trans.te test_fdreceive.te test_file.te test_inherit.te test_ioctl.te test_ipc.te test_link.te test_mkdir.te test_open.te test_ptrace.te test_readlink.te test_relabel.te test_rename.te test_rxdir.te test_setattr.te test_setnice.te test_sigkill.te test_stat.te test_sysctl.te test_task_create.te test_task_getpgid.te test_task_getsched.te test_task_getsid.te test_task_setpgid.te test_task_setsched.te test_transition.te test_wait.te) > test_policy.te And a 'make load' successfully loads that. On recent Fedora you don't need any additional packages; /usr/share/selinux/devel is shipped as part of selinux-policy these days rather than as a separate selinux-policy-devel package. -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
