On 08/18/2016 11:56 PM, Jason Zaman wrote:
> On Fri, Aug 19, 2016 at 11:45:17AM +0800, Jason Zaman wrote:
>> The tests currently just executed "audit2allow" which meant search in
>> $PATH. They should instead test the one in the pwd. The files in the
>> repo are not executable so prefix with "python" also.
>
> Additionally, this test doesnt actually work that well. I get these
> denials and an error: "No SELinux Policy installed"
>
> allow staff_t policy_config_t:dir { getattr open read search };
> allow staff_t policy_config_t:file { getattr open read };
> allow staff_t security_t:security read_policy;
>
> And if I grant them I get a ton of messages about unknown types. Gentoo
> installs modules only as needed so I dont have smb_t and several others.
>
> Can we switch these tests to use some minimal pre-built policy instead
> of reading the system one? I recall one of the other tests doing that
> but cant seem to find the policy file right now.
I'd be fine with that, and that seems easy enough to do for audit2allow
(versus e.g. semanage, where it seems more problematic). libsepol has
test policies for its tests (but there is some longstanding breakage
there for certain tests).
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
