On Wed, Jan 25, 2023 at 12:50 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Wed, Jan 25, 2023, 4:29 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: >> >> On Tue, Jan 24, 2023 at 8:39 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >> > When running the selinux-testsuite manually today I noticed the >> > following noise in the filesystem tests: >> > >> > % make test >> > ... >> > chmod +x */test >> > chcon -R -t test_file_t . >> > Running as user root with context unconfined_u:unconfined_r:unconfined_t >> > >> > domain_trans/test ........... ok >> > entrypoint/test ............. ok >> > ... >> > perf_event/test ............. ok >> > filesystem/ext4/test ........ 1/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 14/76 yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 20/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 22/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 24/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 30/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 34/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 40/76 yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 43/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 49/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 55/76 yes: standard output: Broken pipe >> > yes: standard output: Broken pipe >> > filesystem/ext4/test ........ 64/76 yes: standard output: Broken pipe >> > filesystem/ext4/test ........ ok >> > >> > The test system was an updated Rawhide system with the following details: >> > >> > % uname -r >> > 6.2.0-0.rc5.20230123git2475bf02.38.1.secnext.fc38.x86_64 >> > % rpm -q selinux-policy >> > selinux-policy-38.5-1.fc38.noarch >> > >> > ... and my selinux-testsuite build should be current: >> > >> > % git log --oneline | head -n 1 >> > 2cc067f ci: limit VM reboot time to 5 minutes >> >> Yep, some change in Rawhide seems to have triggered this... The most >> straightforward solution seems to be to just silence the errors. As it >> is a trivial change, I have pushed it to the master branch: >> >> https://github.com/SELinuxProject/selinux-testsuite/commit/909f3aea627300a7e5ad2bc724d12c3560d34515 > > > Are there any new denials audited, possibly requiring semodule -DB to make visible? Wondering if we are denying access to the inherited pipe fd and closing it? Denial would be on fd use or fifo file read/write. I did check now and there were no such denials. Most likely this has nothing to do with SELinux and it's just mkfs closing stdin before it exits or something like that. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
