Thank you Paul for looking at the issue.
Yes I am using RHEL6.9/6.10 and OL6.9/6.10. I would wait for the fix, hope it will be fixed soon.
On Fri, Jun 8, 2018 at 10:11 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
FYI, I created an issue on GH to track this:On Fri, Jun 8, 2018 at 12:35 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Fri, Jun 8, 2018 at 9:17 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> wrote:
>> Hi,
>> While running selinux testsuits I am seeing some of the inet_socket tests
>> failure.
>> Googled alotbut couldnt see any similler issue reported as such.
>> It would be really helpful if you can give some pointer to resolved this.
>>
>> Selinux rpms I am using =>
>> # rpm -qa | grep selinux
>> libselinux-devel-2.0.94-7.el6.x86_64
>> libselinux-utils-2.0.94-7.el6.x86_64
>> selinux-policy-targeted-3.7.19-312.0.1.el6.noarch
>> libselinux-2.0.94-7.el6.x86_64
>> selinux-policy-3.7.19-312.0.1.el6.noarch
>> libselinux-python-2.0.94-7.el6.x86_64
>> -------------------------------
>>
>> Output snippet of test run
>> chcon -R -t test_file_t .
>> Running as user root with context unconfined_u:unconfined_r:unconfined_t
>>
>> .....
>> ......
>> dyntrace/test ............ ok
>> bounds/test .............. ok
>> mmap/test ................ ok
>> unix_socket/test ......... ok
>> inet_socket/test .........
>> Dubious, test returned 2 (wstat 512, 0x200)
>> Failed 2/33 subtests
>> checkreqprot/test ........ ok
>> mqueue/test .............. skipped: mqueue fileystem not supported/mounted
>> mac_admin/test ........... ok
>> infiniband_pkey/test ..... ok
>> infiniband_endport/test .. ok
>>
>> Test Summary Report
>> -------------------
>> inet_socket/test (Wstat: 512 Tests: 33 Failed: 2)
>> Failed tests: 7, 9
>> Non-zero exit status: 2
>> Files=46, Tests=325, 54 wallclock secs ( 0.27 usr 0.10 sys + 0.76 cusr
>> 1.46 csys = 2.59 CPU)
>> Result: FAIL
>> make: Leaving directory `/root/SELinux/selinux-testsuite-master/tests'
>> ASSERT:SELinux-Test run failed, pls check testrun.log file for details
>> expected:<0> but was:<1>
>> FAILED
>
> It looks like you are running RHEL-6.x or CentOS-6.x?
>
> I just ran the tests on my RHEL-6.x test system and saw similar
> results, it appears to be the result of the following commit to the
> selinux-testsuite:
>
> commit c618ab669b0c580bb3fa000b168d7d4b5a00c5ee
> Author: Stephen Smalley <sds@xxxxxxxxxxxxx>
> Date: Thu Oct 26 09:29:37 2017 -0400
>
> selinux-testsuite: inet_socket: tighten checking
>
> As demonstrated by https://github.com/SELinuxProject/selinux-kernel/ issues/3
> the inet_socket tests can "pass" for the wrong reasons. Change the
> client program to use different exit codes for different failures,
> and change the test script to check the expected exit code for all tests.
> With this change, getting an unexpected peer label causes a test failure
> rather than being treated identically to a permission denial.
>
> NB This could make the tests more fragile, e.g. it appears that we encounter
> permission denial failures at different points for different tests, so we
> may need to relax the checking somewhat based on testing a wider range of
> older kernels.
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>
> ... I think we may need to take a closer look at what RHEL-6.x based
> kernels are currently doing to ensure they are "correct" (I'm going to
> assume yes, but that is an assumption), and perhaps update the test
> suite to reflect the RHEL-6.x behavior.
* https://github.com/SELinuxProject/selinux- testsuite/issues/37
--
paul moore
www.paul-moore.com
--
Regards,
-Sgeeta
-Sgeeta
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
