Re: Anyone using the SELinux test suite on Fedora 28?

I run it several times a week on Rawhide, it's running fine for me. FWIW, usually when people are having a problem running the selinux-testsuite it is because they didn't follow the README very closely. I'm not saying that's the case here, but it couldn't hurt to give it a second look ... On

Re: Anyone using the SELinux test suite on Fedora 28?

On 5/14/2018 4:48 PM, Stephen Smalley wrote: > It's been running fine for me. Maybe you just need to clean your tree and do > a fresh make test. Did that first thing. Digging down, I find that the "make -C policy load" is failing. make[1]: Leaving directory

Re: Anyone using the SELinux test suite on Fedora 28?

It's been running fine for me. Maybe you just need to clean your tree and do a fresh make test. On Mon, May 14, 2018, 7:37 PM Casey Schaufler wrote: > Has anyone had success with the SELinux test suite on Fedora 28? > I find the chcon and newrole are unhappy with the

Anyone using the SELinux test suite on Fedora 28?

Has anyone had success with the SELinux test suite on Fedora 28? I find the chcon and newrole are unhappy with the contexts used in the suite.

Unsubscribe

Re: [PATCH ghak81 RFC V2 2/5] audit: convert sessionid unset to a macro

On Sat, May 12, 2018 at 9:58 PM, Richard Guy Briggs wrote: > Use a macro, "AUDIT_SID_UNSET", to replace each instance of > initialization and comparison to an audit session ID. > > Signed-off-by: Richard Guy Briggs > --- > include/linux/audit.h | 2 +- >

Re: [PATCH ghak81 RFC V2 1/5] audit: normalize loginuid read access

On Sat, May 12, 2018 at 9:58 PM, Richard Guy Briggs wrote: > Recognizing that the loginuid is an internal audit value, use an access > function to retrieve the audit loginuid value for the task rather than > reaching directly into the task struct to get it. > > Signed-off-by:

Re: [PATCH v2 1/3] selinux: add AF_UNSPEC and INADDR_ANY checks to selinux_socket_bind()

On Fri, May 11, 2018 at 1:15 PM, Alexey Kodanev wrote: > Commit d452930fd3b9 ("selinux: Add SCTP support") breaks compatibility > with the old programs that can pass sockaddr_in structure with AF_UNSPEC > and INADDR_ANY to bind(). As a result, bind() returns

Re: [PATCH 20/23] LSM: Move common usercopy into

On 5/14/2018 9:53 AM, Stephen Smalley wrote: > On 05/14/2018 11:12 AM, Stephen Smalley wrote: >> On 05/10/2018 08:55 PM, Casey Schaufler wrote: >>> From: Casey Schaufler >>> Date: Thu, 10 May 2018 15:54:25 -0700 >>> Subject: [PATCH 20/23] LSM: Move common usercopy into >>>

Re: [PATCH 20/23] LSM: Move common usercopy into

On 05/14/2018 11:12 AM, Stephen Smalley wrote: > On 05/10/2018 08:55 PM, Casey Schaufler wrote: >> From: Casey Schaufler >> Date: Thu, 10 May 2018 15:54:25 -0700 >> Subject: [PATCH 20/23] LSM: Move common usercopy into >> security_getpeersec_stream >> >> The modules

Re: [PATCH 10/23] LSM: Infrastructure management of the inode security

On 5/14/2018 8:04 AM, Stephen Smalley wrote: > On 05/10/2018 08:53 PM, Casey Schaufler wrote: >> From: Casey Schaufler >> Date: Thu, 10 May 2018 14:23:27 -0700 >> Subject: [PATCH 10/23] LSM: Infrastructure management of the inode security >> blob >> >> Move management of

Re: [PATCH 20/23] LSM: Move common usercopy into

On 05/10/2018 08:55 PM, Casey Schaufler wrote: > From: Casey Schaufler > Date: Thu, 10 May 2018 15:54:25 -0700 > Subject: [PATCH 20/23] LSM: Move common usercopy into > security_getpeersec_stream > > The modules implementing hook for getpeersec_stream > don't need to be

Re: [PATCH 10/23] LSM: Infrastructure management of the inode security

On 05/10/2018 08:53 PM, Casey Schaufler wrote: > From: Casey Schaufler > Date: Thu, 10 May 2018 14:23:27 -0700 > Subject: [PATCH 10/23] LSM: Infrastructure management of the inode security > blob > > Move management of the inode->i_security blob out > of the individual

Re: [PATCH v2 09/11] docs: Fix some broken references

On Wed, 9 May 2018 10:18:52 -0300 Mauro Carvalho Chehab wrote: > As we move stuff around, some doc references are broken. Fix some of > them via this script: > ./scripts/documentation-file-ref-check --fix-rst > > Manually checked if the produced result is

Re: Packaging policycoreutils for OpenSUSE

On Mon, May 14, 2018 at 09:30:41AM -0400, Stephen Smalley wrote: > On 05/13/2018 07:43 AM, Nicolas Iooss wrote: > > On Sat, May 12, 2018 at 2:53 PM, Matěj Cepl wrote: > >> Hi, > >> > >> I am changing jobs (Red Hat -> SUSE; R, but not a security > >> related job), and although I

Re: Packaging policycoreutils for OpenSUSE

On 05/13/2018 07:43 AM, Nicolas Iooss wrote: > On Sat, May 12, 2018 at 2:53 PM, Matěj Cepl wrote: >> Hi, >> >> I am changing jobs (Red Hat -> SUSE; R, but not a security >> related job), and although I will be switching my workstation to >> OpenSUSE, I would love to keep SELinux

Re: Packaging policycoreutils for OpenSUSE

On Sat, May 12, 2018 at 8:53 AM Matěj Cepl wrote: > Hi, > I am changing jobs (Red Hat -> SUSE; R, but not a security > related job), and although I will be switching my workstation to > OpenSUSE, I would love to keep SELinux working. Which meant I had > to dig into the current

Re: [PATCH v2 09/11] docs: Fix some broken references

On Wed, 09 May 2018 15:18:52 +0200, Mauro Carvalho Chehab wrote: > > As we move stuff around, some doc references are broken. Fix some of > them via this script: > ./scripts/documentation-file-ref-check --fix-rst > > Manually checked if the produced result is valid, removing a few >

[PATCH ghak81 RFC V2 0/5] audit: group task params

Group the audit parameters for each task into one structure. In particular, remove the loginuid and sessionid values and the audit context pointer from the task structure, replacing them with an audit task information structure to contain them. Use access functions to access audit values. Note:

[PATCH ghak81 RFC V2 2/5] audit: convert sessionid unset to a macro

Use a macro, "AUDIT_SID_UNSET", to replace each instance of initialization and comparison to an audit session ID. Signed-off-by: Richard Guy Briggs --- include/linux/audit.h | 2 +- include/net/xfrm.h | 2 +- include/uapi/linux/audit.h | 1 + init/init_task.c

[PATCH ghak81 RFC V2 1/5] audit: normalize loginuid read access

Recognizing that the loginuid is an internal audit value, use an access function to retrieve the audit loginuid value for the task rather than reaching directly into the task struct to get it. Signed-off-by: Richard Guy Briggs --- kernel/auditsc.c | 18 +- 1

[PATCH ghak81 RFC V2 5/5] audit: collect audit task parameters

The audit-related parameters in struct task_struct should ideally be collected together and accessed through a standard audit API. Collect the existing loginuid, sessionid and audit_context together in a new struct audit_task_info called "audit" in struct task_struct. See:

[PATCH ghak81 RFC V2 3/5] audit: use inline function to get audit context

Recognizing that the audit context is an internal audit value, use an access function to retrieve the audit context pointer for the task rather than reaching directly into the task struct to get it. Signed-off-by: Richard Guy Briggs --- include/linux/audit.h| 14

Re: [PATCH ghak81 RFC V1 1/5] audit: normalize loginuid read access

On 2018-05-10 17:21, Richard Guy Briggs wrote: > On 2018-05-09 11:13, Paul Moore wrote: > > On Fri, May 4, 2018 at 4:54 PM, Richard Guy Briggs wrote: > > > Recognizing that the loginuid is an internal audit value, use an access > > > function to retrieve the audit loginuid value