On Tue, Jan 12, 2010 at 8:55 AM, Garrett Cooper <yaneg...@gmail.com> wrote:
> On Tue, Jan 12, 2010 at 5:16 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On Mon, 2010-01-11 at 15:31 -0600, Serge E. Hallyn wrote:
>>> Quoting Serge E. Hallyn (se...@us.ibm.com):
>>> > Quoting Serge E. Hallyn (se...@us.ibm.com):
>>> > > Quoting Serge E. Hallyn (se...@us.ibm.com):
>>> > > > Quoting Stephen Smalley (s...@tycho.nsa.gov):
>>> > > > > On Mon, 2010-01-11 at 13:50 -0600, Serge E. Hallyn wrote:
>>> > > > > > > Fails with:
>>> > > > > > > cp: cannot stat
>>> > > > > > > `/home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/policy_files/generic/test_policy.*':
>>> > > > > > > No such file or directory
>>> > > > > >
>>> > > > > > You ran /home/sds/ltp/testscripts/test_selinux.sh, right?
>>> > > > > >
>>> > > > > > I think we are supposed to actually be running
>>> > > > > > /opt/ltp/testscripts/test_selinux.sh. So then the first question
>>> > > > > > for
>>> > > > > > Garrett is how should we deduce /home/sds/ltp as $LTP_SRCDIR from
>>> > > > > > a
>>> > > > > > testscript? Or should the policy sources be copied into /opt?
>>> > > > >
>>> > > > > Ok, but regardless: the refpolicy Makefile is still broken.
>>> > > >
>>> > > > Yup.
>>> > >
>>> > > All right, baby-steps.
>>> > >
>>> > > The attached test_selinux.diff is not to be applied, but something
>>> > > like it is needed. Should we have the ltp 'make install' fill in
>>> > > TOP_SRCDIR in /opt/ltp/testscripts/test_selinux.sh? BTW, Garrett,
>>> > > that is the issue I was saying is shared between test_selinux.sh
>>> > > and some others including test_robind.sh. That's why I'm not just
>>> > > sending a patch to make it work, bc i think we need more general
>>> > > guidance.
>>> > >
>>> > > The second match makes the 'make load' part of test_selinux.sh
>>> > > succeed on rhel5.4. Stephen, how does it do on fedora?
>>> > >
>>> > > After loading policy it fails to execute ltp-pan, but I figure let's
>>> > > get policy loading working first.
>>>
>>> All right well just doing
>>>
>>> --- /root/ltp_cvs_orig/ltp/testscripts/test_selinux.sh 2009-05-19
>>> 05:39:11.000000000 -0400
>>> +++ /opt/ltp/testscripts/test_selinux.sh 2010-01-11 16:26:12.000000000
>>> -0500
>>> @@ -115,7 +117,7 @@
>>> SAVEBINTYPE=`ls -Zd $LTPROOT/testcases/bin | awk '{ print $4 }' | awk -F:
>>> '{ print $3 }'`
>>> /usr/bin/chcon -t test_file_t $LTPROOT/testcases/bin
>>>
>>> -$LTPROOT/pan/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l
>>> $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f
>>> $LTPROOT/runtest/selinux
>>> +$LTPROOT/bin/ltp-pan -S -a $LTPROOT/results/selinux -n ltp-selinux -l
>>> $LTPROOT/results/selinux.logfile -o $LTPROOT/results/selinux.outfile -p -f
>>> $LTPROOT/runtest/selinux
>>>
>>> # cleanup before exiting
>>>
>>> ================================================================
>>> in test_selinux.sh makes the testsuite mostly pass (test 39 fails, all
>>> up to then pass)
>>>
>>> Again this is on RHEL5.4.
>>
>> test39 isn't supposed to be run on RHEL5.4.
>> The old tests/Makefile had conditional logic to exclude certain tests on
>> RHEL4 and on RHEL5, as their kernels wouldn't support newer tests.
>
>
> Something that fell through the cracks because I didn't take the time
> to actually determine _what_ the requirements were for the tests so
> they would report configuration failure instead of failure. Please try
> this (I properly pasted it this time instead of using my xterm window
> and paste):
>
> Index: tests/Makefile
> ===================================================================
> RCS file:
> /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
> retrieving revision 1.7
> diff -u -r1.7 Makefile
> --- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
> +++ tests/Makefile 12 Jan 2010 16:53:57 -0000
> @@ -24,11 +24,26 @@
>
> include $(top_srcdir)/include/mk/env_pre.mk
>
> -RECURSIVE_TARGETS := install
> +ARGS = -m
> +# Don't want to pass the -d option unless DESTDIR is a non-zero length
> string.
> +ifneq ($(strip $(DESTDIR)),)
> +ARGS += -d $(DESTDIR)
> +endif
>
> -include $(top_srcdir)/include/mk/generic_trunk_target.mk
> +DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh
> $(ARGS))
> +
> +#
> +# Certain tests should be excluded on RHEL [45].x as their kernels don't
> +# support the tests.
> +#
> +# XXX (garrcoop): actually complete the work to add proper checks to the
> tests
> +# to report TCONF on configuration failure.
> +#
> +ifneq ($(findstring $(DISTRO_VER),redhat-4 redhat-5),)
> +FILTER_OUT_DIRS += dyntrace dyntrans
> +endif
> +ifeq (redhat-4,$(DISTRO_VER))
> +FILTER_OUT_DIRS += bounds
> +endif
>
> -all:
> - @set -e; for i in $(SUBDIRS); do \
> - $(MAKE) -C $$i $@; \
> - done
> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
>
The conditional checks didn't make sense with what Stephen mentioned
above to you Serge, so I respun the diff:
Index: tests/Makefile
===================================================================
RCS file:
/cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- tests/Makefile 9 Oct 2009 17:55:51 -0000 1.7
+++ tests/Makefile 12 Jan 2010 17:16:09 -0000
@@ -24,11 +24,28 @@
include $(top_srcdir)/include/mk/env_pre.mk
-RECURSIVE_TARGETS := install
+ARGS = -m
+# Don't want to pass the -d option unless DESTDIR is a non-zero length string.
+ifneq ($(strip $(DESTDIR)),)
+ARGS += -d $(DESTDIR)
+endif
-include $(top_srcdir)/include/mk/generic_trunk_target.mk
+DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh
$(ARGS))
+
+#
+# Certain tests should be excluded on RHEL [45].x as their kernels don't
+# support the tests.
+#
+# XXX (garrcoop): actually complete the work to add proper checks to the tests
+# to report TCONF on configuration failure.
-all:
- @set -e; for i in $(SUBDIRS); do \
- $(MAKE) -C $$i $@; \
- done
+# RHEL 4.x doesn't support the dyntrace and dyntrans tests.
+ifneq ($(findstring $(DISTRO_VER),redhat-4),)
+FILTER_OUT_DIRS += dyntrace dyntrans
+endif
+# RHEL 5.x doesn't support the bounds test.
+ifeq (redhat-5,$(DISTRO_VER))
+FILTER_OUT_DIRS += bounds
+endif
+
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
Also, if you guys can try out this patch for refpolicy/Makefile, I'd
prefer to check it in (it unifies the RHEL 4.x and `generic' refpolicy
Make logic):
Index: refpolicy/Makefile
===================================================================
RCS file:
/cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12
+++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000
@@ -17,7 +17,7 @@
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-# Garrett Cooper, August 2009
+# Garrett Cooper, January 2010
#
top_srcdir ?= ../../../../..
@@ -32,6 +32,7 @@
DISTRO_VER := $(shell $(top_srcdir)/scripts/detect_distro.sh
$(ARGS))
+# Avoid empty strings.
ifeq ($(strip $(DISTRO_VER)),)
DISTRO_VER := generic
endif
@@ -41,10 +42,17 @@
POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
SEMODULE ?= $(DESTDIR)/usr/sbin/semodule
-INSTALL_DIR := testcases/kernel/security/selinux-testsuite
+INSTALL_DIR := testcases/selinux-testsuite/refpolicy
TEST_POLICY_DIR := $(abs_srcdir)/policy_files
+# Do we have a special set of policies in the SCM to install?
+ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),)
+TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
+else
+TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
+endif
+
.PHONY: all clean cleanup install load
CLEAN_DEPS := cleanup
@@ -55,34 +63,24 @@
-$(SEMODULE) -r test_policy
$(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te
-ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),)
-MAKE_TARGETS :=
-
-TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER)
-
-# load remains for backwards compatibility...
-load:
- $(MAKE) -C $(TEST_POLICY_DIR)
-else
-
MAKE_TARGETS := test_policy.te
-TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic
-
-POLICY_FILES := test_global.te $(filter-out test_global.te,$(notdir
$(wildcard $(TEST_POLICY_DIR)/*.te)))
-
ifneq ($(CHECKPOLICY_VERS),24)
POLICY_FILES := $(filter-out test_bounds.te,$(POLICY_FILES))
endif
+# This is being done to preserve precedence; test_global.te must come first.
+POLICY_FILES := test_global.te \
+ $(filter-out test_global.te,$(notdir $(wildcard
$(TEST_POLICY_DIR)/*.te)))
+
load:
- @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
- cp -p $(TEST_POLICY_DIR)/test_policy.* $(POLICY_DEVEL_DIR); \
+ @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
+ cp -p test_policy.* $(POLICY_DEVEL_DIR); \
$(MAKE) -C $(POLICY_DEVEL_DIR) clean; \
$(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \
$(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \
else \
- echo "ERROR: You must have selinux-policy-devel installed."; \
+ echo "ERROR: You must have selinux-policy?-devel? installed."; \
false; \
fi
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
