On Sun, Jun 10, 2018 at 11:55 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Sat, Jun 9, 2018 at 1:12 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> wrote: >> Thank you Paul for looking at the issue. >> Yes I am using RHEL6.9/6.10 and OL6.9/6.10. >> I would wait for the fix, hope it will be fixed soon. > > As a FYI, I believe this is simply an issue to be worked around using > the selinux-testsuites's SELinux policy, I don't believe this is a > problem with the kernel or userspace on RHEL-6.x based systems. > > I have some time set aside on Monday and Tuesday to work on SELinux > policy, I'm hopeful that I'll have a fix then. FYI, this should now be fixed in the selinux-testsuite repository, if you continue to see problems let us know. >> On Fri, Jun 8, 2018 at 10:11 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >>> >>> On Fri, Jun 8, 2018 at 12:35 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >>> > On Fri, Jun 8, 2018 at 9:17 AM, Sgeeta Dhundale <sgeeta.in@xxxxxxxxx> >>> > wrote: >>> >> Hi, >>> >> While running selinux testsuits I am seeing some of the inet_socket >>> >> tests >>> >> failure. >>> >> Googled alotbut couldnt see any similler issue reported as such. >>> >> It would be really helpful if you can give some pointer to resolved >>> >> this. >>> >> >>> >> Selinux rpms I am using => >>> >> # rpm -qa | grep selinux >>> >> libselinux-devel-2.0.94-7.el6.x86_64 >>> >> libselinux-utils-2.0.94-7.el6.x86_64 >>> >> selinux-policy-targeted-3.7.19-312.0.1.el6.noarch >>> >> libselinux-2.0.94-7.el6.x86_64 >>> >> selinux-policy-3.7.19-312.0.1.el6.noarch >>> >> libselinux-python-2.0.94-7.el6.x86_64 >>> >> ------------------------------- >>> >> >>> >> Output snippet of test run >>> >> chcon -R -t test_file_t . >>> >> Running as user root with context >>> >> unconfined_u:unconfined_r:unconfined_t >>> >> >>> >> ..... >>> >> ...... >>> >> dyntrace/test ............ ok >>> >> bounds/test .............. ok >>> >> mmap/test ................ ok >>> >> unix_socket/test ......... ok >>> >> inet_socket/test ......... >>> >> Dubious, test returned 2 (wstat 512, 0x200) >>> >> Failed 2/33 subtests >>> >> checkreqprot/test ........ ok >>> >> mqueue/test .............. skipped: mqueue fileystem not >>> >> supported/mounted >>> >> mac_admin/test ........... ok >>> >> infiniband_pkey/test ..... ok >>> >> infiniband_endport/test .. ok >>> >> >>> >> Test Summary Report >>> >> ------------------- >>> >> inet_socket/test (Wstat: 512 Tests: 33 Failed: 2) >>> >> Failed tests: 7, 9 >>> >> Non-zero exit status: 2 >>> >> Files=46, Tests=325, 54 wallclock secs ( 0.27 usr 0.10 sys + 0.76 >>> >> cusr >>> >> 1.46 csys = 2.59 CPU) >>> >> Result: FAIL >>> >> make: Leaving directory `/root/SELinux/selinux-testsuite-master/tests' >>> >> ASSERT:SELinux-Test run failed, pls check testrun.log file for details >>> >> expected:<0> but was:<1> >>> >> FAILED >>> > >>> > It looks like you are running RHEL-6.x or CentOS-6.x? >>> > >>> > I just ran the tests on my RHEL-6.x test system and saw similar >>> > results, it appears to be the result of the following commit to the >>> > selinux-testsuite: >>> > >>> > commit c618ab669b0c580bb3fa000b168d7d4b5a00c5ee >>> > Author: Stephen Smalley <sds@xxxxxxxxxxxxx> >>> > Date: Thu Oct 26 09:29:37 2017 -0400 >>> > >>> > selinux-testsuite: inet_socket: tighten checking >>> > >>> > As demonstrated by >>> > https://github.com/SELinuxProject/selinux-kernel/issues/3 >>> > the inet_socket tests can "pass" for the wrong reasons. Change the >>> > client program to use different exit codes for different failures, >>> > and change the test script to check the expected exit code for all >>> > tests. >>> > With this change, getting an unexpected peer label causes a test >>> > failure >>> > rather than being treated identically to a permission denial. >>> > >>> > NB This could make the tests more fragile, e.g. it appears that we >>> > encounter >>> > permission denial failures at different points for different tests, >>> > so we >>> > may need to relax the checking somewhat based on testing a wider >>> > range of >>> > older kernels. >>> > >>> > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >>> > >>> > ... I think we may need to take a closer look at what RHEL-6.x based >>> > kernels are currently doing to ensure they are "correct" (I'm going to >>> > assume yes, but that is an assumption), and perhaps update the test >>> > suite to reflect the RHEL-6.x behavior. >>> >>> FYI, I created an issue on GH to track this: >>> >>> * https://github.com/SELinuxProject/selinux-testsuite/issues/37 >>> >>> -- >>> paul moore >>> www.paul-moore.com >> >> >> >> >> -- >> Regards, >> -Sgeeta > > > > -- > paul moore > www.paul-moore.com -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
