On Mon, 2007-12-17 at 13:50 -0500, Stephen Smalley wrote:
> On Mon, 2007-12-17 at 13:43 -0500, Stephen Smalley wrote:
> > On Thu, 2007-12-13 at 19:33 -0500, Jeff Burke wrote:
> > > Stephen, Joy, Dan and James
> > > Using Stephens latest patch. Here are the results for the selinux tests
> > > ltp-full-20071130, RHEL5.1 + selinux-policy-2.4.6-106.el5_1.3:
> >
> > Reverting the prior patches and applying this one instead, I am able to
> > run all of the test cases successfully on RHEL5.1 with that policy
> > version.
> >
> > I never did get a failure on SELinux10 though even with the old patch.
> > Looking at your log file, it suggests that you were running the tests
> > without a controlling tty? That will break that particular test at
> > least (sendsigio_task).
> >
> > As for the build failure on execshare_parent, I don't know how to fix
> > that on ia64 - is there a portable way to write a call to clone(2) that
> > will work there? I don't have ia64 hardware readily available to me.
>
> Ah, from the clone(2) man page, I see that one is supposed to use
> clone2() instead on IA-64. But someone else will have to do that and
> test it - I don't have an ia64 machine at my disposal.
>From the example of other code in the ltp, it looks like the following
patch should work for ia-64. This patch for the execshare test program
is in addition to the prior policy patch.
--
Stephen Smalley
National Security Agency
Index: testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c
===================================================================
RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c,v
retrieving revision 1.1
diff -u -r1.1 selinux_execshare_parent.c
--- testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 20 Apr 2005 16:09:08 -0000 1.1
+++ testcases/kernel/security/selinux-testsuite/tests/execshare/selinux_execshare_parent.c 17 Dec 2007 19:34:16 -0000
@@ -26,11 +26,10 @@
return -1;
}
-static long clone_stack_data[2048];
-static long *clone_stack = &clone_stack_data[2048];
-
int main(int argc, char **argv)
{
+ int pagesize;
+ void *clone_stack, *page;
int pid, rc, len, status, cloneflags;
security_context_t context_s;
context_t context;
@@ -46,6 +45,14 @@
exit(-1);
}
+ pagesize = getpagesize();
+ page = malloc(pagesize);
+ if (!page) {
+ perror("malloc");
+ exit(-1);
+ }
+ clone_stack = page + pagesize;
+
rc = getcon(&context_s);
if (rc < 0) {
fprintf(stderr, "%s: unable to get my context\n", argv[0]);
@@ -76,8 +83,13 @@
fprintf(stderr, "%s: unable to set exec context to %s\n", argv[0], context_s);
exit(-1);
}
-
+#if defined(__hppa__)
+ pid = clone(clone_fn, page, cloneflags | SIGCHLD, argv);
+#elif defined(__ia64__)
+ pid = clone2(clone_fn, clone_stack, pagesize, cloneflags | SIGCHLD, argv, NULL, NULL, NULL);
+#else
pid = clone(clone_fn, clone_stack, cloneflags | SIGCHLD, argv);
+#endif
if (pid < 0) {
perror("clone");
exit(-1);
