Hi,
While running selinux testsuits I am seeing some of the inet_socket tests failure. Googled alotbut couldnt see any similler issue reported as such.
It would be really helpful if you can give some pointer to resolved this.
It would be really helpful if you can give some pointer to resolved this.
Selinux rpms I am using =>
# rpm -qa | grep selinux
libselinux-devel-2.0.94-7.el6.x86_64
libselinux-utils-2.0.94-7.el6.x86_64
selinux-policy-targeted-3.7.19-312.0.1.el6.noarch
libselinux-2.0.94-7.el6.x86_64
selinux-policy-3.7.19-312.0.1.el6.noarch
libselinux-python-2.0.94-7.el6.x86_64
-------------------------------
Output snippet of test run
chcon -R -t test_file_t .
Running as user root with context unconfined_u:unconfined_r:unconfined_t
.....
......
dyntrace/test ............ ok
bounds/test .............. ok
mmap/test ................ ok
unix_socket/test ......... ok
inet_socket/test .........
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/33 subtests
checkreqprot/test ........ ok
mqueue/test .............. skipped: mqueue fileystem not supported/mounted
mac_admin/test ........... ok
infiniband_pkey/test ..... ok
infiniband_endport/test .. ok
Test Summary Report
-------------------
inet_socket/test (Wstat: 512 Tests: 33 Failed: 2)
Failed tests: 7, 9
Non-zero exit status: 2
Files=46, Tests=325, 54 wallclock secs ( 0.27 usr 0.10 sys + 0.76 cusr 1.46 csys = 2.59 CPU)
Result: FAIL
make: Leaving directory `/root/SELinux/selinux-testsuite-master/tests'
ASSERT:SELinux-Test run failed, pls check testrun.log file for details expected:<0> but was:<1>
FAILED
Ran 1 test.
-------------------------------------------------
Individual test run =>
inet_socket]# ./test
1..33
./server: Got peer label=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 1
connect: No route to host
ok 2
./server: Got SCM_SECURITY=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 3
read: No route to host
2304
ok 4
./server: Got peer label=system_u:object_r:netlabel_peer_t:s0:c0.c10
ok 5
./server: Got peer label=system_u:object_r:netlabel_peer_t:s0:c8.c10
ok 6
./server: Got peer label=system_u:object_r:netlabel_peer_t:s0:c8.c12
./client: expected unconfined_u:unconfined_r:test_inet_client_t:s0:c8.c12, got system_u:object_r:netlabel_peer_t:s0:c8.c12
not ok 7
# Failed test at ./test line 88.
./server: Got SCM_SECURITY=system_u:object_r:netlabel_peer_t:s0:c20.c50
ok 8
./server: Got SCM_SECURITY=system_u:object_r:netlabel_peer_t:s0:c40.c51
./client: expected unconfined_u:unconfined_r:test_inet_client_t:s0:c40.c51, got system_u:object_r:netlabel_peer_t:s0:c40.c51
# You named your test '2816'. You shouldn't use numbers for your test names.
# Very confusing.
not ok 9 - 2816
# Failed test '2816'
# at ./test line 109.
ok 10
ok 11
bind: Permission denied
ok 12
bind: Permission denied
ok 13
bind: Permission denied
ok 14
bind: Permission denied
ok 15
ok 16
connect: Permission denied
ok 17
./server: Got peer label=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 18
connect: Operation now in progress
ok 19
./server: Got peer label=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 20
connect: Operation now in progress
ok 21
./server: Got SCM_SECURITY=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 22
./client: no reply from server
ok 23
./client: no reply from server
ok 24
ok 25
ok 26
connect: Operation now in progress
ok 27
ok 28
connect: Operation now in progress
ok 29
ok 30
./client: no reply from server
ok 31
ok 32
./client: no reply from server
ok 33
# Looks like you failed 2 tests of 33.
----------------------------
1..33
./server: Got peer label=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 1
connect: No route to host
ok 2
./server: Got SCM_SECURITY=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 3
read: No route to host
2304
ok 4
./server: Got peer label=system_u:object_r:netlabel_peer_t:s0:c0.c10
ok 5
./server: Got peer label=system_u:object_r:netlabel_peer_t:s0:c8.c10
ok 6
./server: Got peer label=system_u:object_r:netlabel_peer_t:s0:c8.c12
./client: expected unconfined_u:unconfined_r:test_inet_client_t:s0:c8.c12, got system_u:object_r:netlabel_peer_t:s0:c8.c12
not ok 7
# Failed test at ./test line 88.
./server: Got SCM_SECURITY=system_u:object_r:netlabel_peer_t:s0:c20.c50
ok 8
./server: Got SCM_SECURITY=system_u:object_r:netlabel_peer_t:s0:c40.c51
./client: expected unconfined_u:unconfined_r:test_inet_client_t:s0:c40.c51, got system_u:object_r:netlabel_peer_t:s0:c40.c51
# You named your test '2816'. You shouldn't use numbers for your test names.
# Very confusing.
not ok 9 - 2816
# Failed test '2816'
# at ./test line 109.
ok 10
ok 11
bind: Permission denied
ok 12
bind: Permission denied
ok 13
bind: Permission denied
ok 14
bind: Permission denied
ok 15
ok 16
connect: Permission denied
ok 17
./server: Got peer label=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 18
connect: Operation now in progress
ok 19
./server: Got peer label=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 20
connect: Operation now in progress
ok 21
./server: Got SCM_SECURITY=unconfined_u:unconfined_r:test_inet_client_t:s0-s0:c0.c1023
ok 22
./client: no reply from server
ok 23
./client: no reply from server
ok 24
ok 25
ok 26
connect: Operation now in progress
ok 27
ok 28
connect: Operation now in progress
ok 29
ok 30
./client: no reply from server
ok 31
ok 32
./client: no reply from server
ok 33
# Looks like you failed 2 tests of 33.
----------------------------
Checked test file @88
# Verify that authorized client cannot communicate with the server using different level.
$result = system
"runcon -t test_inet_client_t -l s0:c8.c12 $basedir/client stream 127.0.0.1 65535 2>&1";
ok( $result >> 8 eq 5 );
and @108 [ I have $result to check output of system command ]
# Verify that authorized client cannot communicate with the server using levels dominating the server.
$result = system
"runcon -t test_inet_client_t -l s0:c40.c51 $basedir/client dgram 127.0.0.1 65535 2>&1";
ok( $result >> 8 eq 9 , $result );
# Verify that authorized client cannot communicate with the server using different level.
$result = system
"runcon -t test_inet_client_t -l s0:c8.c12 $basedir/client stream 127.0.0.1 65535 2>&1";
ok( $result >> 8 eq 5 );
and @108 [ I have $result to check output of system command ]
# Verify that authorized client cannot communicate with the server using levels dominating the server.
$result = system
"runcon -t test_inet_client_t -l s0:c40.c51 $basedir/client dgram 127.0.0.1 65535 2>&1";
ok( $result >> 8 eq 9 , $result );
--
Thanks,
-Sangeeta
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
