On Sat, Jun 9, 2018 at 1:12 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> wrote: > Thank you Paul for looking at the issue. > Yes I am using RHEL6.9/6.10 and OL6.9/6.10. > I would wait for the fix, hope it will be fixed soon. As a FYI, I believe this is simply an issue to be worked around using the selinux-testsuites's SELinux policy, I don't believe this is a problem with the kernel or userspace on RHEL-6.x based systems. I have some time set aside on Monday and Tuesday to work on SELinux policy, I'm hopeful that I'll have a fix then. > On Fri, Jun 8, 2018 at 10:11 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >> >> On Fri, Jun 8, 2018 at 12:35 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >> > On Fri, Jun 8, 2018 at 9:17 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> >> > wrote: >> >> Hi, >> >> While running selinux testsuits I am seeing some of the inet_socket >> >> tests >> >> failure. >> >> Googled alotbut couldnt see any similler issue reported as such. >> >> It would be really helpful if you can give some pointer to resolved >> >> this. >> >> >> >> Selinux rpms I am using => >> >> # rpm -qa | grep selinux >> >> libselinux-devel-2.0.94-7.el6.x86_64 >> >> libselinux-utils-2.0.94-7.el6.x86_64 >> >> selinux-policy-targeted-3.7.19-312.0.1.el6.noarch >> >> libselinux-2.0.94-7.el6.x86_64 >> >> selinux-policy-3.7.19-312.0.1.el6.noarch >> >> libselinux-python-2.0.94-7.el6.x86_64 >> >> ------------------------------- >> >> >> >> Output snippet of test run >> >> chcon -R -t test_file_t . >> >> Running as user root with context >> >> unconfined_u:unconfined_r:unconfined_t >> >> >> >> ..... >> >> ...... >> >> dyntrace/test ............ ok >> >> bounds/test .............. ok >> >> mmap/test ................ ok >> >> unix_socket/test ......... ok >> >> inet_socket/test ......... >> >> Dubious, test returned 2 (wstat 512, 0x200) >> >> Failed 2/33 subtests >> >> checkreqprot/test ........ ok >> >> mqueue/test .............. skipped: mqueue fileystem not >> >> supported/mounted >> >> mac_admin/test ........... ok >> >> infiniband_pkey/test ..... ok >> >> infiniband_endport/test .. ok >> >> >> >> Test Summary Report >> >> ------------------- >> >> inet_socket/test (Wstat: 512 Tests: 33 Failed: 2) >> >> Failed tests: 7, 9 >> >> Non-zero exit status: 2 >> >> Files=46, Tests=325, 54 wallclock secs ( 0.27 usr 0.10 sys + 0.76 >> >> cusr >> >> 1.46 csys = 2.59 CPU) >> >> Result: FAIL >> >> make: Leaving directory `/root/SELinux/selinux-testsuite-master/tests' >> >> ASSERT:SELinux-Test run failed, pls check testrun.log file for details >> >> expected:<0> but was:<1> >> >> FAILED >> > >> > It looks like you are running RHEL-6.x or CentOS-6.x? >> > >> > I just ran the tests on my RHEL-6.x test system and saw similar >> > results, it appears to be the result of the following commit to the >> > selinux-testsuite: >> > >> > commit c618ab669b0c580bb3fa000b168d7d4b5a00c5ee >> > Author: Stephen Smalley <sds@xxxxxxxxxxxxx> >> > Date: Thu Oct 26 09:29:37 2017 -0400 >> > >> > selinux-testsuite: inet_socket: tighten checking >> > >> > As demonstrated by >> > https://github.com/SELinuxProject/selinux-kernel/issues/3 >> > the inet_socket tests can "pass" for the wrong reasons. Change the >> > client program to use different exit codes for different failures, >> > and change the test script to check the expected exit code for all >> > tests. >> > With this change, getting an unexpected peer label causes a test >> > failure >> > rather than being treated identically to a permission denial. >> > >> > NB This could make the tests more fragile, e.g. it appears that we >> > encounter >> > permission denial failures at different points for different tests, >> > so we >> > may need to relax the checking somewhat based on testing a wider >> > range of >> > older kernels. >> > >> > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >> > >> > ... I think we may need to take a closer look at what RHEL-6.x based >> > kernels are currently doing to ensure they are "correct" (I'm going to >> > assume yes, but that is an assumption), and perhaps update the test >> > suite to reflect the RHEL-6.x behavior. >> >> FYI, I created an issue on GH to track this: >> >> * https://github.com/SELinuxProject/selinux-testsuite/issues/37 >> >> -- >> paul moore >> www.paul-moore.com > > > > > -- > Regards, > -Sgeeta -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
