On Thu, 2008-08-28 at 15:26 +0900, KaiGai Kohei wrote: > Stephen Smalley wrote: > > On Wed, 2008-08-27 at 17:04 +0900, KaiGai Kohei wrote: > >> James Morris wrote: > >>> Could you also please add tests for this (at least one which should fail > >>> and one which should succeed) to the Linux Test Project? > >>> > >>> > >>> - James > >> Policies stored in ltp/testcases/kernel/security/selinux-testsuite/refpolicy/ > >> invokes massive deprecated interfaces on selinux-policy-3.5.4. > >> > >> This patch fixes them according to the warning messages which encourage to > >> replace older ones. > >> > >> BTW, I'm not happy with the test_policy.pp does not allow to invoke test > >> scripts from unconfined_t domain. Is it to be fixed? > > > > I don't quite follow. Did you follow the instructions in the > > selinux-testsuite README? > > I didn't read the README file carefully, Oops. > > The update_refpolicy.sh fixes some of deprecated interfaces and > inject an interface to kick test script from unconfined domain. > So, I can run the testsuite which includs bounds test without > any problems on Rawhide. > > # However, I got some warnings for deprecated interfaces/macros > # like r_dir_perms, userdom_sysadm_bin_spec_domtrans_to or > # userdom_use_sysadm_ptys. > > The attached patch is a new test case of the boundary feature, > which contains six tests, as follows: > > test01: It tries to invoke setcon() with bounded domain in a multi-threaded > process. The expected result is success. > test02: It tries to invoke setcon() with unrelated domain in a multi-threaded > process. The expected result is fail. > test03: It makes a bounded domain try to read a file, when its bounds domain > can read the file. The expected result is success. > test04: It makes a bounded domain try to write a file, when its bounds domain > cannot write the file. The expected result is fail, because write > permission is boundary violated. > test05: It tries to write a bounded type, even if the domain cannot write to > its bounds type. The expected result is fail. > test06: It makes a bounded domain try to set an attribute of bounded type. > > Thanks, > Thanks too. Added. Regards-- Subrata > > I can run the test scripts either using the > > test_selinux.sh script or by manually loading the policy and then > > individually running them as described in the README. Watch out that > > your patch doesn't disturb the existing misc/sbin_deprecated.patch that > > gets applied by test_selinux.sh. Keep in mind that this testsuite gets > > run on everything from RHEL4 to F9. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
