On Tue, 6 Apr 2021 at 10:19, Andrew Cagney <[email protected]> wrote:
> > > On Mon, 5 Apr 2021 at 22:21, Paul Wouters <[email protected]> wrote: > >> On Mon, 5 Apr 2021, Andrew Cagney wrote: >> >> > Is this something like memory leaks which should be checked at the end >> of every test, or can it be limited to the se-linux specific tests where >> the goal is to, presumably, tickle these errors? >> >> It should be checked at every test, so we know when something happens >> that is blocked by SElinux. Usually it means we need to tell the SElinux >> people we need some extra permission somewhere. >> > > I'll move it to post-mortem.sh then > I've also pushed this: commit c9783475af893389cc5aaf034a2a12b7c5088775 (HEAD -> main, origin/main, origin/HEAD) Author: Andrew Cagney <[email protected]> Date: Wed Apr 7 08:46:00 2021 -0400 testing selinux: drop another selinux sanitizer - temp-selinux-ignore.sed Pull back the curtain on the selinux records being found by post-mortem.sh but then hidden by a sanitizer. For instance, ikev2-labeled-ipsec-03-multi-acquires-enforced, currently fails because post-mortem.sh detects the record: type=AVC msg=audit(1617773741.748:165): avc: denied { setcontext } for pid=752 comm="pluto" ... but the sanitizer then hides it (all records are dumped into OUTPUT/*.avsearch.log). Presumably, either: - the record is an expected and the test should check for and then flush the record; that way post-mortem.sh can't see it (this might be tricky) or: - something needs fixing and post-mortem DTRT The records it is finding are here: https://testing.libreswan.org/v4.3-403-g3379af3083-main/ikev2-labeled-ipsec-03-multi-acquires-enforced/OUTPUT/west.ausearch.log.gz to me these look more like test misconfiguration than an expected result. > Paul >> >
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
