Hi Petr Am 16.02.2017 um 12:27 schrieb Petr Lautrbach: > I'll push builds with updated SELinux Userspace and SETools in to > Rawhide soon. > > In the mean time, you can test it from my COPR plautrba/selinux-2.6 > repository [1]. enabled it on F25 and ran the puppet-selinux modules acceptance tests (uses semanage/semanage/seboolean to build and add modules, enabling booleans, manages ports, manages a permissive domain, sets some fcontexts) [0] . It detected a problem in a test policy I wrote. "domtrans_pattern($1, puppet_test_a_exec_t, usr_t)" fails now with: ... Exec[install-module-puppet_test_b]/returns: neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:4528 Exec[install-module-puppet_test_b]/returns: (neverallow base_typeattr_7 base_typeattr_8 (process (fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate))) Exec[install-module-puppet_test_b]/returns: <root> Exec[install-module-puppet_test_b]/returns: allow at /var/lib/selinux/targeted/tmp/modules/400/puppet_test_b/cil:22 Exec[install-module-puppet_test_b]/returns: (allow usr_t puppet_test_b_t (process (sigchld))) Exec[install-module-puppet_test_b]/returns: ... Fixed it to use puppet_test_a_t instead of usr_t. :) All checks green now. - Thomas [0] https://github.com/voxpupuli/puppet-selinux/ _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
