On Oct 8, 2017 9:54 PM, "James Morris" <jmorris@xxxxxxxxx> wrote:
On Thu, 5 Oct 2017, Stephen Smalley wrote:Do these results all look as expected?
> inet_socket test failures are expected due to running in a non-init
> network namespace; they don't work even without unsharing the selinux
> namespace.
No, that suggests that you either didn't insert the policy module allowing access to unlabeled fds or you didn't run restorecon -R /dev before running the tests. The only expected failures are the inet socket ones.
Test Summary Report
-------------------
fdreceive/test (Wstat: 0 Tests: 3 Failed: 1)
Failed test: 3
inherit/test (Wstat: 0 Tests: 3 Failed: 1)
Failed test: 1
file/test (Wstat: 0 Tests: 16 Failed: 1)
Failed test: 8
bounds/test (Wstat: 0 Tests: 24 Failed: 5)
Failed tests: 3, 6, 12, 21, 23
mmap/test (Wstat: 0 Tests: 46 Failed: 2)
Failed tests: 9, 13
inet_socket/test (Wstat: 3584 Tests: 33 Failed: 14)
Failed tests: 1, 3, 5-6, 8, 16, 18, 20, 22, 25-26, 28
30, 32
Non-zero exit status: 14
overlay/test (Wstat: 3072 Tests: 121 Failed: 12)
Failed tests: 1, 25, 27, 39-40, 57, 63, 87, 89, 98-99
116
Non-zero exit status: 12
Files=51, Tests=485, 28 wallclock secs ( 0.60 usr 0.13 sys + 2.67 cusr
3.76 csys = 7.16 CPU)
Result: FAIL
Failed 7/51 test programs. 36/485 subtests failed.
--
James Morris
<jmorris@xxxxxxxxx>
