Re: [PATCH 3/3] audit2allow: tests should use local copy not system

Jason Zaman <jason@xxxxxxxxxxxxx> · Fri, 19 Aug 2016 11:56:25 +0800

On Fri, Aug 19, 2016 at 11:45:17AM +0800, Jason Zaman wrote:
> The tests currently just executed "audit2allow" which meant search in
> $PATH. They should instead test the one in the pwd. The files in the
> repo are not executable so prefix with "python" also.

Additionally, this test doesnt actually work that well. I get these
denials and an error: "No SELinux Policy installed"

allow staff_t policy_config_t:dir { getattr open read search };
allow staff_t policy_config_t:file { getattr open read };
allow staff_t security_t:security read_policy;

And if I grant them I get a ton of messages about unknown types. Gentoo
installs modules only as needed so I dont have smb_t and several others.

Can we switch these tests to use some minimal pre-built policy instead
of reading the system one? I recall one of the other tests doing that
but cant seem to find the policy file right now.

-- Jason

> Signed-off-by: Jason Zaman <jason@xxxxxxxxxxxxx>
> ---
>  policycoreutils/audit2allow/test_audit2allow.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/policycoreutils/audit2allow/test_audit2allow.py b/policycoreutils/audit2allow/test_audit2allow.py
> index 765c9ea..a826a9f 100644
> --- a/policycoreutils/audit2allow/test_audit2allow.py
> +++ b/policycoreutils/audit2allow/test_audit2allow.py
> @@ -33,7 +33,7 @@ class Audit2allowTests(unittest.TestCase):
>  
>      def test_audit2allow(self):
>          "Verify audit2allow works"
> -        p = Popen(['audit2allow', "-i", "test.log"], stdout=PIPE)
> +        p = Popen(['python', './audit2allow', "-i", "test.log"], stdout=PIPE)
>          out, err = p.communicate()
>          if err:
>              print(out, err)
> @@ -41,7 +41,7 @@ class Audit2allowTests(unittest.TestCase):
>  
>      def test_audit2why(self):
>          "Verify audit2why works"
> -        p = Popen(['audit2why', "-i", "test.log"], stdout=PIPE)
> +        p = Popen(['python', './audit2why', "-i", "test.log"], stdout=PIPE)
>          out, err = p.communicate()
>          if err:
>              print(out, err)
> -- 
> 2.7.3
> 
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.