Subrata, Two patches I sent yesterday should be gone away. The latest patch I sent today is revised, however, it is too early to apply LTP tree, because the new test checks a new kernel feature which is not included yet. Thanks, Subrata Modak wrote: > Thanks KaiGai. > > Stephen/James, > > Would be ACK-ing these 2 patches ? > > 1) [LTP][PATCH 1/2] Replacement of deprecated interfaces, & > 2) [LTP][PATCH 2/2] Add a new test case for bounds types, > > Regards-- > Subrata > > On Thu, 2008-08-28 at 15:26 +0900, KaiGai Kohei wrote: >> Stephen Smalley wrote: >>> On Wed, 2008-08-27 at 17:04 +0900, KaiGai Kohei wrote: >>>> James Morris wrote: >>>>> Could you also please add tests for this (at least one which should fail >>>>> and one which should succeed) to the Linux Test Project? >>>>> >>>>> >>>>> - James >>>> Policies stored in ltp/testcases/kernel/security/selinux-testsuite/refpolicy/ >>>> invokes massive deprecated interfaces on selinux-policy-3.5.4. >>>> >>>> This patch fixes them according to the warning messages which encourage to >>>> replace older ones. >>>> >>>> BTW, I'm not happy with the test_policy.pp does not allow to invoke test >>>> scripts from unconfined_t domain. Is it to be fixed? >>> I don't quite follow. Did you follow the instructions in the >>> selinux-testsuite README? >> I didn't read the README file carefully, Oops. >> >> The update_refpolicy.sh fixes some of deprecated interfaces and >> inject an interface to kick test script from unconfined domain. >> So, I can run the testsuite which includs bounds test without >> any problems on Rawhide. >> >> # However, I got some warnings for deprecated interfaces/macros >> # like r_dir_perms, userdom_sysadm_bin_spec_domtrans_to or >> # userdom_use_sysadm_ptys. >> >> The attached patch is a new test case of the boundary feature, >> which contains six tests, as follows: >> >> test01: It tries to invoke setcon() with bounded domain in a multi-threaded >> process. The expected result is success. >> test02: It tries to invoke setcon() with unrelated domain in a multi-threaded >> process. The expected result is fail. >> test03: It makes a bounded domain try to read a file, when its bounds domain >> can read the file. The expected result is success. >> test04: It makes a bounded domain try to write a file, when its bounds domain >> cannot write the file. The expected result is fail, because write >> permission is boundary violated. >> test05: It tries to write a bounded type, even if the domain cannot write to >> its bounds type. The expected result is fail. >> test06: It makes a bounded domain try to set an attribute of bounded type. >> >> Thanks, >> >>> I can run the test scripts either using the >>> test_selinux.sh script or by manually loading the policy and then >>> individually running them as described in the README. Watch out that >>> your patch doesn't disturb the existing misc/sbin_deprecated.patch that >>> gets applied by test_selinux.sh. Keep in mind that this testsuite gets >>> run on everything from RHEL4 to F9. > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > -- KaiGai Kohei <kaigai@xxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
