On Thu, Dec 17, 2020 at 10:38 PM <paul@xxxxxxxxxxxxxx> wrote: > > SYSTEM: test-rawhide-1.lan > DATE: Thu, 17 Dec 2020 16:38:34 -0500 > > KERNEL: Linux 5.11.0-0.rc0.20201217gite994cc240a3b.102.1.secnext.fc34.x86_64 > > audit-testsuite: PASS > selinux-testsuite: FAILED > > ### START AUDIT TEST LOG > Running as user root > with context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > on system Fedora > > exec_execve/test ......... ok > exec_name/test ........... ok > file_create/test ......... ok > file_delete/test ......... ok > file_rename/test ......... ok > filter_exclude/test ...... ok > filter_saddr_fam/test .... ok > filter_sessionid/test .... ok > login_tty/test ........... ok > lost_reset/test .......... ok > netfilter_pkt/test ....... ok > syscalls_file/test ....... ok > syscall_module/test ...... ok > syscall_socketcall/test .. ok > time_change/test ......... ok > user_msg/test ............ ok > fanotify/test ............ ok > bpf/test ................. ok > All tests successful. > Files=18, Tests=200, 28 wallclock secs ( 0.08 usr 0.06 sys + 3.77 cusr 5.35 csys = 9.26 CPU) > Result: PASS > ### END TEST LOG > > ### START SELINUX TEST LOG > Compiling targeted test_policy module > Creating targeted test_policy.pp policy package > domain_fd_use --> on > Running as user root with context unconfined_u:unconfined_r:unconfined_t > > domain_trans/test ........... ok > entrypoint/test ............. ok > execshare/test .............. ok > exectrace/test .............. ok > execute_no_trans/test ....... ok > fdreceive/test .............. ok > inherit/test ................ ok > link/test ................... ok > mkdir/test .................. ok > msg/test .................... ok > open/test ................... ok > ptrace/test ................. ok > readlink/test ............... ok > relabel/test ................ ok > rename/test ................. ok > rxdir/test .................. ok > sem/test .................... ok > setattr/test ................ ok > setnice/test ................ ok > shm/test .................... ok > sigkill/test ................ ok > stat/test ................... ok > sysctl/test ................. ok > task_create/test ............ ok > task_setnice/test ........... ok > task_setscheduler/test ...... ok > task_getscheduler/test ...... ok > task_getsid/test ............ ok > task_getpgid/test ........... ok > task_setpgid/test ........... ok > file/test ................... ok > ioctl/test .................. ok > capable_file/test ........... ok > capable_net/test ............ ok > capable_sys/test ............ ok > dyntrans/test ............... ok > dyntrace/test ............... ok > bounds/test ................. ok > nnp_nosuid/test ............. ok > mmap/test ................... ok > unix_socket/test ............ ok > inet_socket/test ............ ok > overlay/test ................ ok > checkreqprot/test ........... ok > mqueue/test ................. ok > mac_admin/test .............. ok > atsecure/test ............... ok > cap_userns/test ............. ok > extended_socket_class/test .. ok > sctp/test ................... ok > netlink_socket/test ......... ok > prlimit/test ................ ok > binder/test ................. ok > bpf/test .................... ok > keys/test ................... ok > key_socket/test ............. ok > glblub/test ................. ok > infiniband_endport/test ..... ok > infiniband_pkey/test Yeah........ ok > cgroupfs_label/test ......... ok > module_load/test ............ ok > tun_tap/test ................ ok > > # Failed test at perf_event/test line 61. > # Looks like you failed 1 test of 9. > perf_event/test ............. > Dubious, test returned 1 (wstat 256, 0x100) > Failed 1/9 subtests So as you can see, we finally added the perf_event class to Fedora policy :) (at least that one for a start...) The failure seems to be caused by the introduction of CAP_PERFMON (and the fact that we haven't yet added *that one* to the policy...). I'll try to come up with a patch, but it probably won't happen until next year, so if someone wants to have a go at it, they are of course free to do so :) > filesystem/ext4/test ........ ok > filesystem/xfs/test ......... ok > filesystem/jfs/test ......... ok > filesystem/vfat/test ........ ok > fs_filesystem/ext4/test ..... ok > fs_filesystem/xfs/test ...... ok > fs_filesystem/jfs/test ...... ok > fs_filesystem/vfat/test ..... ok > watchkey/test ............... ok > > Test Summary Report > ------------------- > perf_event/test (Wstat: 256 Tests: 9 Failed: 1) > Failed test: 2 > Non-zero exit status: 1 > Files=72, Tests=1226, 276 wallclock secs ( 0.46 usr 0.29 sys + 11.69 cusr 77.38 csys = 89.82 CPU) > Result: FAIL > Failed 1/72 test programs. 1/1226 subtests failed. > make[1]: *** [Makefile:162: test] Error 255 > make: *** [Makefile:8: test] Error 2 > ### END TEST LOG > > -- > You received this message because you are subscribed to the Google Groups "kernel-secnext" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kernel-secnext+unsubscribe@xxxxxxxxxxxxxxxx. > To view this discussion on the web visit https://groups.google.com/d/msgid/kernel-secnext/X9vP2uwRZb1l1ySE%40server-build.lan. -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.
