On Thu, 2008-08-28 at 21:52 +0900, KaiGai Kohei wrote: > Subrata, > > Two patches I sent yesterday should be gone away. > > The latest patch I sent today is revised, however, it is too early > to apply LTP tree, because the new test checks a new kernel feature > which is not included yet. Oops. Please send those to the ltp-list whenever the respective features are in, and you feel it is the right time to go in ;-) Regards-- Subrata > > Thanks, > > Subrata Modak wrote: > > Thanks KaiGai. > > > > Stephen/James, > > > > Would be ACK-ing these 2 patches ? > > > > 1) [LTP][PATCH 1/2] Replacement of deprecated interfaces, & > > 2) [LTP][PATCH 2/2] Add a new test case for bounds types, > > > > Regards-- > > Subrata > > > > On Thu, 2008-08-28 at 15:26 +0900, KaiGai Kohei wrote: > >> Stephen Smalley wrote: > >>> On Wed, 2008-08-27 at 17:04 +0900, KaiGai Kohei wrote: > >>>> James Morris wrote: > >>>>> Could you also please add tests for this (at least one which should fail > >>>>> and one which should succeed) to the Linux Test Project? > >>>>> > >>>>> > >>>>> - James > >>>> Policies stored in ltp/testcases/kernel/security/selinux-testsuite/refpolicy/ > >>>> invokes massive deprecated interfaces on selinux-policy-3.5.4. > >>>> > >>>> This patch fixes them according to the warning messages which encourage to > >>>> replace older ones. > >>>> > >>>> BTW, I'm not happy with the test_policy.pp does not allow to invoke test > >>>> scripts from unconfined_t domain. Is it to be fixed? > >>> I don't quite follow. Did you follow the instructions in the > >>> selinux-testsuite README? > >> I didn't read the README file carefully, Oops. > >> > >> The update_refpolicy.sh fixes some of deprecated interfaces and > >> inject an interface to kick test script from unconfined domain. > >> So, I can run the testsuite which includs bounds test without > >> any problems on Rawhide. > >> > >> # However, I got some warnings for deprecated interfaces/macros > >> # like r_dir_perms, userdom_sysadm_bin_spec_domtrans_to or > >> # userdom_use_sysadm_ptys. > >> > >> The attached patch is a new test case of the boundary feature, > >> which contains six tests, as follows: > >> > >> test01: It tries to invoke setcon() with bounded domain in a multi-threaded > >> process. The expected result is success. > >> test02: It tries to invoke setcon() with unrelated domain in a multi-threaded > >> process. The expected result is fail. > >> test03: It makes a bounded domain try to read a file, when its bounds domain > >> can read the file. The expected result is success. > >> test04: It makes a bounded domain try to write a file, when its bounds domain > >> cannot write the file. The expected result is fail, because write > >> permission is boundary violated. > >> test05: It tries to write a bounded type, even if the domain cannot write to > >> its bounds type. The expected result is fail. > >> test06: It makes a bounded domain try to set an attribute of bounded type. > >> > >> Thanks, > >> > >>> I can run the test scripts either using the > >>> test_selinux.sh script or by manually loading the policy and then > >>> individually running them as described in the README. Watch out that > >>> your patch doesn't disturb the existing misc/sbin_deprecated.patch that > >>> gets applied by test_selinux.sh. Keep in mind that this testsuite gets > >>> run on everything from RHEL4 to F9. > > > > > > -- > > This message was distributed to subscribers of the selinux mailing list. > > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > > the words "unsubscribe selinux" without quotes as the message. > > > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
