On Fri, Sep 2, 2022 at 10:42 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> The commit referenced below disables the test_userfaultfd.te policy when
> the anon_inode class is not defined in the system policy, but doesn't
> disable the test itself in this situation. Thus, on distros that don't
> define the class the test might be run and fail.
>
> Fix this by adding the same condition to tests/Makefile.
>
> Fixes: 2b6ea9d2bc96 ("policy: remove CIL workarounds for missing anon_inode class")
> Reported-by: Dennis (Zhuoheng) Li <denli@xxxxxxxxxx>
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
> tests/Makefile | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tests/Makefile b/tests/Makefile
> index 8abd438..f473111 100644
> --- a/tests/Makefile
> +++ b/tests/Makefile
> @@ -134,10 +134,12 @@ endif
> endif
>
> ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true)
> +ifeq ($(shell grep -q anon_inode $(POLDEV)/include/support/all_perms.spt && echo true),true)
> ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true)
> SUBDIRS += userfaultfd
> endif
> endif
> +endif
>
> ifeq ($(shell grep -q vsock_socket $(POLDEV)/include/support/all_perms.spt && echo true),true)
> ifeq ($(shell grep -qs VMADDR_CID_LOCAL $(INCLUDEDIR)/linux/vm_sockets.h && echo true),true)
> --
> 2.37.2
>
Applied:
https://github.com/SELinuxProject/selinux-testsuite/commit/772446c98a922f771e80245f0115485428dd43a8
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
