[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: [patch] selinux-testsuite: extend unconfined_runs_test
From: Subrata Modak <subrata () linux ! vnet ! ibm ! com>
Date: 2008-01-31 7:52:40
Message-ID: 1201765240.4500.4.camel () subratamodak ! linux ! ibm ! com
[Download RAW message or body]
This is through. Thanks.
--Subrata
> Extend the unconfined_runs_test interface in the selinux testsuite
> policy to allow the test programs to properly report back to the caller.
> This is required to enable many of the tests to pass on Fedora 8 and
> later. Remaining FAIL cases are fdreceive and inherit (due to Fedora 8
> policy granting fd:use permission globally for all domains) and
> task_create (due to refpolicy automatically granting it to all domain
> types).
>
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
>
> ---
>
> Index: testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch,v
> retrieving revision 1.1
> diff -u -r1.1 sbin_deprecated.patch
> --- testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch 2 Jan \
> 2008 11:58:15 -0000 1.1
> +++ testcases/kernel/security/selinux-testsuite/misc/sbin_deprecated.patch 23 Jan \
> 2008 19:11:05 -0000 @@ -556,7 +556,7 @@
> diff -Nrup refpolicy/test_policy.if refpolicy.new/test_policy.if
> --- refpolicy/test_policy.if 2007-12-31 06:57:36.000000000 -0500
> +++ refpolicy.new/test_policy.if 2007-12-31 06:05:59.000000000 -0500
> -@@ -25,3 +25,11 @@
> +@@ -25,3 +25,17 @@
> ## Domain allowed to transition.
> ## </param>
> #
> @@ -564,9 +564,15 @@
> +interface(`unconfined_runs_test',`
> + gen_require(`
> + type unconfined_t;
> ++ type unconfined_devpts_t;
> + ')
> +
> ++ # Transition from the caller to the test domain.
> + allow unconfined_t $1:process transition;
> ++ # Report back from the test domain to the caller.
> ++ allow $1 unconfined_t:fd use;
> ++ allow $1 unconfined_devpts_t:chr_file { read write ioctl getattr };
> ++ allow $1 unconfined_t:fifo_file { read write ioctl getattr };
> +')
> diff -Nrup refpolicy/test_ptrace.te refpolicy.new/test_ptrace.te
> --- refpolicy/test_ptrace.te 2007-12-31 06:57:36.000000000 -0500
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic