[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: [patch] selinux-testsuite:  extend unconfined_runs_test
From:       Subrata Modak <subrata () linux ! vnet ! ibm ! com>
Date:       2008-01-31 7:52:40
Message-ID: 1201765240.4500.4.camel () subratamodak ! linux ! ibm ! com
[Download RAW message or body]

This is through. Thanks.

--Subrata

> Extend the unconfined_runs_test interface in the selinux testsuite
> policy to allow the test programs to properly report back to the caller.
> This is required to enable many of the tests to pass on Fedora 8 and
> later.  Remaining FAIL cases are fdreceive and inherit (due to Fedora 8
> policy granting fd:use permission globally for all domains) and
> task_create (due to refpolicy automatically granting it to all domain
> types).
> 
> Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
> 
> ---
> 
> Index: testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch,v
>  retrieving revision 1.1
> diff -u -r1.1 sbin_deprecated.patch
> --- testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch	2 Jan \
>                 2008 11:58:15 -0000	1.1
> +++ testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch	23 Jan \
> 2008 19:11:05 -0000 @@ -556,7 +556,7 @@
> diff -Nrup refpolicy/test_policy.if refpolicy.new/test_policy.if
> --- refpolicy/test_policy.if	2007-12-31 06:57:36.000000000 -0500
> +++ refpolicy.new/test_policy.if	2007-12-31 06:05:59.000000000 -0500
> -@@ -25,3 +25,11 @@
> +@@ -25,3 +25,17 @@
> ##      Domain allowed to transition.
> ## </param>
> #
> @@ -564,9 +564,15 @@
> +interface(`unconfined_runs_test',`
> +	gen_require(`
> +		type unconfined_t;
> ++		type unconfined_devpts_t;
> +	')
> +
> ++	# Transition from the caller to the test domain.
> +	allow unconfined_t $1:process transition;
> ++	# Report back from the test domain to the caller.
> ++	allow $1 unconfined_t:fd use;
> ++	allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr };
> ++	allow $1 unconfined_t:fifo_file { read write ioctl getattr };
> +')
> diff -Nrup refpolicy/test_ptrace.te refpolicy.new/test_ptrace.te
> --- refpolicy/test_ptrace.te	2007-12-31 06:57:36.000000000 -0500
> 
> 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.


[prev in list] [next in list] [prev in thread] [next in thread]