On Fri, Jun 8, 2018 at 12:35 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Fri, Jun 8, 2018 at 9:17 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> wrote: >> Hi, >> While running selinux testsuits I am seeing some of the inet_socket tests >> failure. >> Googled alotbut couldnt see any similler issue reported as such. >> It would be really helpful if you can give some pointer to resolved this. >> >> Selinux rpms I am using => >> # rpm -qa | grep selinux >> libselinux-devel-2.0.94-7.el6.x86_64 >> libselinux-utils-2.0.94-7.el6.x86_64 >> selinux-policy-targeted-3.7.19-312.0.1.el6.noarch >> libselinux-2.0.94-7.el6.x86_64 >> selinux-policy-3.7.19-312.0.1.el6.noarch >> libselinux-python-2.0.94-7.el6.x86_64 >> ------------------------------- >> >> Output snippet of test run >> chcon -R -t test_file_t . >> Running as user root with context unconfined_u:unconfined_r:unconfined_t >> >> ..... >> ...... >> dyntrace/test ............ ok >> bounds/test .............. ok >> mmap/test ................ ok >> unix_socket/test ......... ok >> inet_socket/test ......... >> Dubious, test returned 2 (wstat 512, 0x200) >> Failed 2/33 subtests >> checkreqprot/test ........ ok >> mqueue/test .............. skipped: mqueue fileystem not supported/mounted >> mac_admin/test ........... ok >> infiniband_pkey/test ..... ok >> infiniband_endport/test .. ok >> >> Test Summary Report >> ------------------- >> inet_socket/test (Wstat: 512 Tests: 33 Failed: 2) >> Failed tests: 7, 9 >> Non-zero exit status: 2 >> Files=46, Tests=325, 54 wallclock secs ( 0.27 usr 0.10 sys + 0.76 cusr >> 1.46 csys = 2.59 CPU) >> Result: FAIL >> make: Leaving directory `/root/SELinux/selinux-testsuite-master/tests' >> ASSERT:SELinux-Test run failed, pls check testrun.log file for details >> expected:<0> but was:<1> >> FAILED > > It looks like you are running RHEL-6.x or CentOS-6.x? > > I just ran the tests on my RHEL-6.x test system and saw similar > results, it appears to be the result of the following commit to the > selinux-testsuite: > > commit c618ab669b0c580bb3fa000b168d7d4b5a00c5ee > Author: Stephen Smalley <sds@xxxxxxxxxxxxx> > Date: Thu Oct 26 09:29:37 2017 -0400 > > selinux-testsuite: inet_socket: tighten checking > > As demonstrated by https://github.com/SELinuxProject/selinux-kernel/issues/3 > the inet_socket tests can "pass" for the wrong reasons. Change the > client program to use different exit codes for different failures, > and change the test script to check the expected exit code for all tests. > With this change, getting an unexpected peer label causes a test failure > rather than being treated identically to a permission denial. > > NB This could make the tests more fragile, e.g. it appears that we encounter > permission denial failures at different points for different tests, so we > may need to relax the checking somewhat based on testing a wider range of > older kernels. > > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > > ... I think we may need to take a closer look at what RHEL-6.x based > kernels are currently doing to ensure they are "correct" (I'm going to > assume yes, but that is an assumption), and perhaps update the test > suite to reflect the RHEL-6.x behavior. FYI, I created an issue on GH to track this: * https://github.com/SELinuxProject/selinux-testsuite/issues/37 -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
