On Wed, Jan 13, 2010 at 11:18 AM, Stephen Smalley <[email protected]> wrote: > On Wed, 2010-01-13 at 10:52 -0800, Garrett Cooper wrote: >> On Wed, Jan 13, 2010 at 5:43 AM, Stephen Smalley <[email protected]> wrote: >> > On Tue, 2010-01-12 at 22:51 -0800, Garrett Cooper wrote: >> >> On Tue, Jan 12, 2010 at 11:12 AM, Stephen Smalley <[email protected]> >> >> wrote: >> >> > On Tue, 2010-01-12 at 09:26 -0800, Garrett Cooper wrote: >> >> >> > Also, if you guys can try out this patch for refpolicy/Makefile, I'd >> >> >> > prefer to check it in (it unifies the RHEL 4.x and `generic' >> >> >> > refpolicy >> >> >> > Make logic): >> >> >> > >> >> >> > Index: refpolicy/Makefile >> >> >> > =================================================================== >> >> >> > RCS file: >> >> >> > /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v >> >> >> > retrieving revision 1.12 >> >> >> > diff -u -r1.12 Makefile >> >> >> > --- refpolicy/Makefile 8 Jan 2010 09:39:20 -0000 1.12 >> >> >> > +++ refpolicy/Makefile 12 Jan 2010 17:17:27 -0000 >> >> >> > @@ -17,7 +17,7 @@ >> >> >> > # with this program; if not, write to the Free Software >> >> >> > Foundation, Inc., >> >> >> > # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. >> >> >> > # >> >> >> > -# Garrett Cooper, August 2009 >> >> >> > +# Garrett Cooper, January 2010 >> >> >> > # >> >> >> > >> >> >> > top_srcdir ?= ../../../../.. >> >> >> > @@ -32,6 +32,7 @@ >> >> >> > >> >> >> > DISTRO_VER := $(shell >> >> >> > $(top_srcdir)/scripts/detect_distro.sh $(ARGS)) >> >> >> > >> >> >> > +# Avoid empty strings. >> >> >> > ifeq ($(strip $(DISTRO_VER)),) >> >> >> > DISTRO_VER := generic >> >> >> > endif >> >> >> > @@ -41,10 +42,17 @@ >> >> >> > POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel >> >> >> > SEMODULE ?= $(DESTDIR)/usr/sbin/semodule >> >> >> > >> >> >> > -INSTALL_DIR := >> >> >> > testcases/kernel/security/selinux-testsuite >> >> >> > +INSTALL_DIR := testcases/selinux-testsuite/refpolicy >> >> >> > >> >> >> > TEST_POLICY_DIR := $(abs_srcdir)/policy_files >> >> >> > >> >> >> > +# Do we have a special set of policies in the SCM to install? >> >> >> > +ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/),) >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> >> > +else >> >> >> > +TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> >> > +endif >> >> >> > + >> >> >> > .PHONY: all clean cleanup install load >> >> >> > >> >> >> > CLEAN_DEPS := cleanup >> >> >> > @@ -55,34 +63,24 @@ >> >> >> > -$(SEMODULE) -r test_policy >> >> >> > $(RM) -f $(POLICY_DEVEL_DIR)/test_policy.* test_policy.te >> >> >> > >> >> >> > -ifneq ($(wildcard $(TEST_POLICY_DIR)/$(DISTRO_VER)/Makefile),) >> >> >> > -MAKE_TARGETS := >> >> >> > - >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/$(DISTRO_VER) >> >> >> > - >> >> >> > -# load remains for backwards compatibility... >> >> >> > -load: >> >> >> > - $(MAKE) -C $(TEST_POLICY_DIR) >> >> >> > -else >> >> >> > - >> >> >> > MAKE_TARGETS := test_policy.te >> >> >> > >> >> >> > -TEST_POLICY_DIR := $(TEST_POLICY_DIR)/generic >> >> >> > - >> >> >> > -POLICY_FILES := test_global.te $(filter-out >> >> >> > test_global.te,$(notdir >> >> >> > $(wildcard $(TEST_POLICY_DIR)/*.te))) >> >> >> > - >> >> >> > ifneq ($(CHECKPOLICY_VERS),24) >> >> >> > POLICY_FILES := $(filter-out >> >> >> > test_bounds.te,$(POLICY_FILES)) >> >> >> > endif >> >> >> > >> >> >> > +# This is being done to preserve precedence; test_global.te must >> >> >> > come first. >> >> >> > +POLICY_FILES := test_global.te \ >> >> >> > + $(filter-out test_global.te,$(notdir >> >> >> > $(wildcard >> >> >> > $(TEST_POLICY_DIR)/*.te))) >> >> >> > + >> >> >> > load: >> >> >> > - @if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> >> > - cp -p $(TEST_POLICY_DIR)/test_policy.* >> >> >> > $(POLICY_DEVEL_DIR); \ >> >> >> > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ >> >> >> > + cp -p test_policy.* $(POLICY_DEVEL_DIR); \ >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) clean; \ >> >> >> > $(MAKE) -C $(POLICY_DEVEL_DIR) test_policy.pp; \ >> >> >> > $(SEMODULE) -i $(POLICY_DEVEL_DIR)/test_policy.pp; \ >> >> >> > else \ >> >> >> > - echo "ERROR: You must have selinux-policy-devel >> >> >> > installed."; \ >> >> >> > + echo "ERROR: You must have selinux-policy?-devel? >> >> >> > installed."; \ >> >> >> > false; \ >> >> >> > fi >> >> >> >> >> >> There's a stray endif on line 90 of refpolicy/Makefile that needs to >> >> >> be deleted as well, FYI... >> >> > >> >> > Ok. test policy appears to build (on Fedora) when running make by hand >> >> > from the refpolicy directory, but you still can't run the tests, either >> >> > from /opt/ltp or from the source tree. >> >> > >> >> > # cd /opt/ltp/testscripts && ./test_selinux.sh >> >> > Running with security >> >> > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> > /etc/selinux /opt/ltp >> >> > /opt/ltp >> >> > allow_domain_fd_use --> off >> >> > allow_domain_fd_use exists setting >> >> > building and installing test_policy module... >> >> > ./test_selinux.sh: line 92: cd: >> >> > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy: No such >> >> > file or directory >> >> > make: *** No rule to make target `load'. Stop. >> >> > Failed to build and load test_policy module, aborting test run. >> >> > /etc/selinux /opt/ltp >> >> > /opt/ltp >> >> > >> >> > # cd LTP_SRCDIR/testscripts && ./test_selinux.sh >> >> > Running with security >> >> > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> > /etc/selinux /home/sds/ltp >> >> > /home/sds/ltp >> >> > allow_domain_fd_use --> off >> >> > allow_domain_fd_use exists setting >> >> > building and installing test_policy module... >> >> > make[1]: Entering directory `/usr/share/selinux/devel' >> >> > rm -fR tmp >> >> > rm -f *.pp >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> >> > make[1]: Entering directory `/usr/share/selinux/devel' >> >> > Compiling targeted test_policy module >> >> > /usr/bin/checkmodule: loading policy configuration from >> >> > tmp/test_policy.tmp >> >> > /usr/bin/checkmodule: policy configuration loaded >> >> > /usr/bin/checkmodule: writing binary representation (version 10) to >> >> > tmp/test_policy.mod >> >> > Creating targeted test_policy.pp policy package >> >> > rm tmp/test_policy.mod tmp/test_policy.mod.fc >> >> > make[1]: Leaving directory `/usr/share/selinux/devel' >> >> > Successfully built and loaded test_policy module. >> >> > /etc/selinux >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> >> > /home/sds/ltp/testcases/kernel/security/selinux-testsuite/refpolicy >> >> > Running the SELinux testsuite... >> >> > ls: cannot access /home/sds/ltp/testcases/bin: No such file or directory >> >> > /usr/bin/chcon: cannot access `/home/sds/ltp/testcases/bin': No such >> >> > file or directory >> >> > ./test_selinux.sh: line 119: /home/sds/ltp/bin/ltp-pan: No such file or >> >> > directory >> >> > /usr/bin/chcon: missing operand >> >> > Try `/usr/bin/chcon --help' for more information. >> >> > Removing test_policy module... >> >> > /usr/sbin/semodule -r test_policy >> >> > rm -f -f /usr/share/selinux/devel/test_policy.* test_policy.te >> >> > allow_domain_fd_use --> off >> >> > allow_domain_fd_use exists setting >> >> > Done. >> >> > >> >> > Both test_selinux.sh and tests/runtest.sh need to be updated. >> >> > >> >> > -- >> >> > Stephen Smalley >> >> > National Security Agency >> >> >> >> Ok, next patch then... Let me know how this goes (I took a quick >> >> look and I didn't see anything suspicious in the test scripts >> >> themselves..). >> >> Thanks, >> >> -Garrett >> > >> > patching file ../../../../testscripts/test_selinux.sh >> > Hunk #2 FAILED at 23. >> > Hunk #3 FAILED at 57. >> > 2 out of 5 hunks FAILED -- saving rejects to file >> > ../../../../testscripts/test_selinux.sh.rej >> > >> > I think it would work better if you just committed all of the patches >> > thus far and I can just re-test cvs head. >> > >> > If you do post any further patches, please make them relative to the top >> > of the tree. >> >> Ugh, I hate CVS diffs too (so I understand)... I was trying to >> avoid committing intermediate work, but as long as this gets fixed >> before the next snapshot, I guess that's fine. Committed the next step >> to CVS. > > # cd /opt/ltp > # ./testscripts/test_selinux.sh > Running with security > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > /etc/selinux /opt/ltp > /opt/ltp > allow_domain_fd_use --> off > allow_domain_fd_use exists setting > building and installing test_policy module... > make: *** No rule to make target `load'. Stop. > Failed to build and load test_policy module, aborting test run. > /etc/selinux /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy > > There is no Makefile > under /opt/ltp/testcases/kernel/security/selinux-testsuite/refpolicy, > only in the source tree.
Yeah, you're right. I was trying to beat around this bush by not copying these over, but it's better to have the test running and be improperly designed than it is for regressions to leak by today, until the day comes where these items are fixed. 1. So, Makefile is now copied over by default. 2. load is no longer done as part of all / install (test_selinux.sh was performing that function). So once the tests have been written to make and install independent of selinux-devel, etc... we'll be in good shape and I will switch these back to all / install dependent targets. I was trying to do it that way to avoid requiring make on the target under test, but I need to better understand the subject matter under test before we get to that point. Thanks, -Garrett ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
