On Tue, Apr 6, 2021 at 6:16 PM Lokesh Gidra <lokeshgidra@xxxxxxxxxx> wrote: > > > > On Tue, Apr 6, 2021 at 4:40 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: >> >> The userfaultfd test policy uses also extended permissions, so only >> enable the test or its policy if these are supported. This makes the >> testsuite runnable on certain old distros again. >> >> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > > Reviewed-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx> Thanks, I just merged the patch: https://github.com/SELinuxProject/selinux-testsuite/commit/1defa850ae71bc27c9dd101d19f543a42abc9537 BTW, for some reason your message didn't end up on the mailing list... it seems the vger lists are acting up again :/ >> >> --- >> policy/Makefile | 9 +++++++-- >> tests/Makefile | 2 ++ >> 2 files changed, 9 insertions(+), 2 deletions(-) >> >> diff --git a/policy/Makefile b/policy/Makefile >> index b092bb3..91364d5 100644 >> --- a/policy/Makefile >> +++ b/policy/Makefile >> @@ -29,14 +29,19 @@ TARGETS = \ >> test_task_getsid.te test_task_setpgid.te test_task_setsched.te \ >> test_transition.te test_unix_socket.te \ >> test_mmap.te test_overlayfs.te test_mqueue.te \ >> - test_ibpkey.te test_atsecure.te test_cgroupfs.te test_userfaultfd.te >> + test_ibpkey.te test_atsecure.te test_cgroupfs.te >> >> ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6)) >> SUPPORTS_CIL = n >> endif >> >> ifeq ($(SUPPORTS_CIL),y) >> -CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil >> +CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil >> +# userfaultfd test policy uses also xperms >> +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true) >> +CIL_TARGETS += test_userfaultfd.cil >> +TARGETS += test_userfaultfd.te >> +endif >> ifeq ($(shell [ $(MAX_KERNEL_POLICY) -ge 32 ] && echo true),true) >> ifeq ($(shell [ $(POL_VERS) -ge 32 ] && echo true),true) >> # If other MLS tests get written this can be moved outside of the glblub test >> diff --git a/tests/Makefile b/tests/Makefile >> index c19fcd7..7d4e39b 100644 >> --- a/tests/Makefile >> +++ b/tests/Makefile >> @@ -135,9 +135,11 @@ SUBDIRS += watchkey >> endif >> endif >> >> +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true) >> ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true) >> SUBDIRS += userfaultfd >> endif >> +endif >> >> ifeq ($(DISTRO),RHEL4) >> SUBDIRS:=$(filter-out bounds dyntrace dyntrans inet_socket mmap nnp_nosuid overlay unix_socket, $(SUBDIRS)) >> -- >> 2.30.2 >> -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
