On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote:
> I guess I'm not being clear. Most of the work presently done by 'load'
> can be done during make all/install. In particular, everything except
> for running semodule -i can be done during make all, and then make
> install should just copy test_policy.pp (the output of make all) to
> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule
> -i /path/to/test_policy.pp before the tests and semodule -r test_policy
> afterward. We can also avoid copying test_policy.te to the system
> policy devel directory altogether. Something like this patch (and
> Makefile.selinux can then be removed altogether):
Oops, wrong variable expansion syntax in test_selinux.sh. Corrected
patch is below. This one actually runs ;)
Index: testscripts/test_selinux.sh
===================================================================
RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v
retrieving revision 1.15
diff -u -r1.15 test_selinux.sh
--- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15
+++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000
@@ -89,11 +89,10 @@
config_allow_domain_fd_use 0
# build and install the test policy...
-echo "building and installing test_policy module..."
-cd $POLICYDIR
-make load
+echo "installing test_policy module..."
+$SEMODULE -i $POLICYDIR/test_policy.pp
if [ $? != 0 ]; then
- echo "Failed to build and load test_policy module, aborting test run."
+ echo "Failed to install load test_policy module, aborting test run."
config_unset_expandcheck
exit 1
else
@@ -126,8 +125,7 @@
/usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin
echo "Removing test_policy module..."
-cd $POLICYDIR
-make cleanup 2>&1
+$SEMODULE -r test_policy
if [ $? != 0 ]; then
echo "Failed to remove test_policy module."
exit 1
Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
===================================================================
RCS file:
/cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan
2010 12:40:58 -0000 1.17
+++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 Jan
2010 20:41:22 -0000
@@ -39,10 +39,11 @@
CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy
CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
+POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel
INSTALL_DIR := testcases/kernel/security/selinux-testsuite/refpolicy
-INSTALL_TARGETS := Makefile.selinux
+INSTALL_TARGETS := test_policy.pp
TEST_POLICY_DIR := $(abs_srcdir)/policy_files
@@ -63,8 +64,17 @@
POLICY_FILES := test_global.te \
$(filter-out test_global.te,$(notdir $(wildcard
$(TEST_POLICY_DIR)/*.te)))
+all: test_policy.pp
+
+test_policy.pp: test_policy.te
+ @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \
+ $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \
+ else \
+ echo "ERROR: You must have selinux-policy?-devel? installed."; \
+ false; \
+ fi
+
test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES))
(cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@
include $(top_srcdir)/include/mk/generic_leaf_target.mk
-include $(abs_srcdir)/Makefile.selinux
--
Stephen Smalley
National Security Agency
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
