Re: [PATCH V2] selinux-testsuite: Add SCTP test support

[Paul Moore]

On Fri, Jun 1, 2018 at 3:44 AM, Richard Haines
 wrote:
> The sctp testsuite tests all new sctp SELinux functionality.
>
> Signed-off-by: Richard Haines 
> ---
> V2 Changes:
> Add -v option to test
> Add info in README.md regarding lksctp-tools-devel requirements
> Fix asconf parameter chunk processing in test
> Fix merge error for policy/Makefile
> Fix buffer overflow in sctp_asconf_params_client.c

Merged with the understanding that this is a *massive* patch and I
went rather quickly through parts so I'm sure I may have missed a few
things, but it works on my test system now so that's good :)

Thanks again for all the time and effort that went into the SCTP
patches/tests, I know how difficult stuff like this can be at times.

-- 
paul moore
www.paul-moore.com

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH V2] selinux-testsuite: Add SCTP test support

[Richard Haines via Selinux]

The sctp testsuite tests all new sctp SELinux functionality.

Signed-off-by: Richard Haines 
---
V2 Changes:
Add -v option to test
Add info in README.md regarding lksctp-tools-devel requirements
Fix asconf parameter chunk processing in test
Fix merge error for policy/Makefile
Fix buffer overflow in sctp_asconf_params_client.c

 README.md  |   4 +-
 policy/Makefile|   4 +
 policy/test_sctp.te| 159 +
 tests/Makefile |   4 +
 tests/sctp/Makefile|  13 +
 tests/sctp/calipso-flush   |   5 +
 tests/sctp/calipso-load|   7 +
 tests/sctp/cipso-fl-flush  |   5 +
 tests/sctp/cipso-fl-load   |   7 +
 tests/sctp/cipso-flush |   5 +
 tests/sctp/cipso-load-t1   |   7 +
 tests/sctp/cipso-load-t2   |   7 +
 tests/sctp/cipso-load-t5   |   7 +
 tests/sctp/fb-deny-label-flush |   6 +
 tests/sctp/fb-deny-label-load  |   7 +
 tests/sctp/fb-label-flush  |   6 +
 tests/sctp/fb-label-load   |   8 +
 tests/sctp/iptables-flush  |   4 +
 tests/sctp/iptables-load   |  27 +
 tests/sctp/sctp_asconf_params_client.c | 298 +
 tests/sctp/sctp_asconf_params_server.c | 236 +++
 tests/sctp/sctp_bind.c |  81 +++
 tests/sctp/sctp_bindx.c| 116 
 tests/sctp/sctp_client.c   | 220 +++
 tests/sctp/sctp_common.c   | 101 +++
 tests/sctp/sctp_common.h   |  27 +
 tests/sctp/sctp_connectx.c | 124 
 tests/sctp/sctp_peeloff_server.c   | 260 
 tests/sctp/sctp_server.c   | 335 ++
 tests/sctp/sctp_set_params.c   | 205 +++
 tests/sctp/sctp_set_peer_addr.c| 414 +
 tests/sctp/sctp_set_pri_addr.c | 135 
 tests/sctp/test| 814 +
 33 files changed, 3657 insertions(+), 1 deletion(-)
 create mode 100644 policy/test_sctp.te
 create mode 100644 tests/sctp/Makefile
 create mode 100644 tests/sctp/calipso-flush
 create mode 100644 tests/sctp/calipso-load
 create mode 100644 tests/sctp/cipso-fl-flush
 create mode 100644 tests/sctp/cipso-fl-load
 create mode 100644 tests/sctp/cipso-flush
 create mode 100644 tests/sctp/cipso-load-t1
 create mode 100644 tests/sctp/cipso-load-t2
 create mode 100644 tests/sctp/cipso-load-t5
 create mode 100644 tests/sctp/fb-deny-label-flush
 create mode 100644 tests/sctp/fb-deny-label-load
 create mode 100644 tests/sctp/fb-label-flush
 create mode 100644 tests/sctp/fb-label-load
 create mode 100644 tests/sctp/iptables-flush
 create mode 100644 tests/sctp/iptables-load
 create mode 100644 tests/sctp/sctp_asconf_params_client.c
 create mode 100644 tests/sctp/sctp_asconf_params_server.c
 create mode 100644 tests/sctp/sctp_bind.c
 create mode 100644 tests/sctp/sctp_bindx.c
 create mode 100644 tests/sctp/sctp_client.c
 create mode 100644 tests/sctp/sctp_common.c
 create mode 100644 tests/sctp/sctp_common.h
 create mode 100644 tests/sctp/sctp_connectx.c
 create mode 100644 tests/sctp/sctp_peeloff_server.c
 create mode 100644 tests/sctp/sctp_server.c
 create mode 100644 tests/sctp/sctp_set_params.c
 create mode 100644 tests/sctp/sctp_set_peer_addr.c
 create mode 100644 tests/sctp/sctp_set_pri_addr.c
 create mode 100755 tests/sctp/test

diff --git a/README.md b/README.md
index 60a249e..2c871d3 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,7 @@ similar dependencies):
 * net-tools _(for `ifconfig`, used by `capable_net/test`)_
 * netlabel\_tools _(to load NetLabel configuration during `inet_socket` tests)_
 * iptables _(to load the `iptables SECMARK` rules during `inet_socket` tests)_
+* lksctp-tools-devel _(to build the SCTP test programs)_
 
 On a modern Fedora system you can install these dependencies with the
 following command:
@@ -61,7 +62,8 @@ following command:
libselinux-devel \
net-tools \
netlabel_tools \
-   iptables
+   iptables \
+   lksctp-tools-devel
 
 The testsuite requires a pre-existing base policy configuration of SELinux,
 using either the old example policy or the reference policy as the baseline.
diff --git a/policy/Makefile b/policy/Makefile
index 15e3a0c..cc70d33 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -67,6 +67,10 @@ ifeq ($(shell grep -q binder 
$(POLDEV)/include/support/all_perms.spt && echo tru
 TARGETS += test_binder.te
 endif
 
+ifeq ($(shell grep -q corenet_sctp_bind_all_nodes 
$(POLDEV)/include/kernel/corenetwork.if && echo true),true)
+TARGETS += test_sctp.te
+endif
+
 ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6))
 TARGETS:=$(filter-out test_overlayfs.te test_mqueue.te, $(TARGETS))
 endif
diff --git a/policy/test_sctp.te b/policy/test_sctp.te
new file mode 100644
index 000..6d43208
--- /dev/null