On Fri, Jun 8, 2018 at 9:17 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> wrote: > Hi, > While running selinux testsuits I am seeing some of the inet_socket tests > failure. > Googled alotbut couldnt see any similler issue reported as such. > It would be really helpful if you can give some pointer to resolved this. > > Selinux rpms I am using => > # rpm -qa | grep selinux > libselinux-devel-2.0.94-7.el6.x86_64 > libselinux-utils-2.0.94-7.el6.x86_64 > selinux-policy-targeted-3.7.19-312.0.1.el6.noarch > libselinux-2.0.94-7.el6.x86_64 > selinux-policy-3.7.19-312.0.1.el6.noarch > libselinux-python-2.0.94-7.el6.x86_64 > ------------------------------- > > Output snippet of test run > chcon -R -t test_file_t . > Running as user root with context unconfined_u:unconfined_r:unconfined_t > > ..... > ...... > dyntrace/test ............ ok > bounds/test .............. ok > mmap/test ................ ok > unix_socket/test ......... ok > inet_socket/test ......... > Dubious, test returned 2 (wstat 512, 0x200) > Failed 2/33 subtests > checkreqprot/test ........ ok > mqueue/test .............. skipped: mqueue fileystem not supported/mounted > mac_admin/test ........... ok > infiniband_pkey/test ..... ok > infiniband_endport/test .. ok > > Test Summary Report > ------------------- > inet_socket/test (Wstat: 512 Tests: 33 Failed: 2) > Failed tests: 7, 9 > Non-zero exit status: 2 > Files=46, Tests=325, 54 wallclock secs ( 0.27 usr 0.10 sys + 0.76 cusr > 1.46 csys = 2.59 CPU) > Result: FAIL > make: Leaving directory `/root/SELinux/selinux-testsuite-master/tests' > ASSERT:SELinux-Test run failed, pls check testrun.log file for details > expected:<0> but was:<1> > FAILED It looks like you are running RHEL-6.x or CentOS-6.x? I just ran the tests on my RHEL-6.x test system and saw similar results, it appears to be the result of the following commit to the selinux-testsuite: commit c618ab669b0c580bb3fa000b168d7d4b5a00c5ee Author: Stephen Smalley <sds@xxxxxxxxxxxxx> Date: Thu Oct 26 09:29:37 2017 -0400 selinux-testsuite: inet_socket: tighten checking As demonstrated by https://github.com/SELinuxProject/selinux-kernel/issues/3 the inet_socket tests can "pass" for the wrong reasons. Change the client program to use different exit codes for different failures, and change the test script to check the expected exit code for all tests. With this change, getting an unexpected peer label causes a test failure rather than being treated identically to a permission denial. NB This could make the tests more fragile, e.g. it appears that we encounter permission denial failures at different points for different tests, so we may need to relax the checking somewhat based on testing a wider range of older kernels. Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> ... I think we may need to take a closer look at what RHEL-6.x based kernels are currently doing to ensure they are "correct" (I'm going to assume yes, but that is an assumption), and perhaps update the test suite to reflect the RHEL-6.x behavior. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
