The 05/04/2019 20:00, Ondrej Mosnacek wrote: > Hi Dan, > > On Sat, May 4, 2019 at 5:42 AM Dan Noland <dan@xxxxxxxxxx> wrote: > > - Hello - > > > > I am running a CentOS (7.6.1810 Core) base system with a 4.19.0-x > > kernel. I have a fresh clone of the selinux-testsuite from > > github. Before invoking "make -C policy load" I am running only the > > targeted policy in the enforcing mode. I am consistently seeing a > > single failure in the mmap regression tests: > > > > not ok 27 > > # Failed test 27 in ./mmap/test at line 143 > > # ./mmap/test line 143 is: ok($result); > > > > > > Any wisdom on how I should understand and address this failure would > > be gratefully received. > > RHEL (and likely also CentOS) 7.6 has the domain_can_mmap_files > SELinux boolean set to "on" by default [1], which basically means that > map permissions are not checked, which logically leads to the failure > of the test that checks that map permission is denied when it was not > allowed by the test policy. When running the testsuite on CentOS/RHEL > 7.6, you need to turn off the domain_can_mmap_files boolean during > test execution: > > # setsebool domain_can_mmap_files off > (run the testsuite) > # setsebool domain_can_mmap_files on > > [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.6_release_notes/index#BZ1460322 > - Ondrej - That was exactly the problem. Thank you. -- TY, Dan Noland
