-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Meyering wrote: > In a simple test of runcon for coreutils test suite, I used the following, > but see that it's failing in an enforcing F8t3 environment: > [from coreutils/tests/misc/runcon] > > ... > cat <<\EOF > exp || framework_failure > runcon: runcon may be used only on a SELinux kernel > EOF > > fail=0 > > # This test works even on systems without SELinux. > # On such a system it fails with the above diagnostic, which is fine. > # Before the no-reorder change, it would have failed with a diagnostic > # about -j being an invalid option. > runcon -t unconfined_t true -j 2> out && : > exp > > compare out exp || fail=1 > > (exit $fail); exit $fail > > Is there any similar use of runcon that can be expected to succeed? > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. This would only work on a system that allowed the running domain to transition to unconfined_t. If this is an automated test, then it is probably running in initrc_t. So for your test environment I would load a policy module that would allow the transition from initrc_t to unconfined_t or any other transitions that you need. This is what the internel test suites at Red Hat do, to eliminate avc's caused by the test environment. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHCMyNrlYvE4MpobMRAis2AKCXrQq5c2bi1qUlRezIKKTL5F/vtwCdGaAi 88T9O+oAHVsW0dOnnI1KT0A= =yqe9 -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
