On Wed, Jan 25, 2023 at 8:36 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Wed, Jan 25, 2023 at 12:50 PM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > > > On Wed, Jan 25, 2023, 4:29 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > >> > >> On Tue, Jan 24, 2023 at 8:39 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > >> > When running the selinux-testsuite manually today I noticed the > >> > following noise in the filesystem tests: > >> > > >> > % make test > >> > ... > >> > chmod +x */test > >> > chcon -R -t test_file_t . > >> > Running as user root with context unconfined_u:unconfined_r:unconfined_t > >> > > >> > domain_trans/test ........... ok > >> > entrypoint/test ............. ok > >> > ... > >> > perf_event/test ............. ok > >> > filesystem/ext4/test ........ 1/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 14/76 yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 20/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 22/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 24/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 30/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 34/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 40/76 yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 43/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 49/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 55/76 yes: standard output: Broken pipe > >> > yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ 64/76 yes: standard output: Broken pipe > >> > filesystem/ext4/test ........ ok > >> > > >> > The test system was an updated Rawhide system with the following details: > >> > > >> > % uname -r > >> > 6.2.0-0.rc5.20230123git2475bf02.38.1.secnext.fc38.x86_64 > >> > % rpm -q selinux-policy > >> > selinux-policy-38.5-1.fc38.noarch > >> > > >> > ... and my selinux-testsuite build should be current: > >> > > >> > % git log --oneline | head -n 1 > >> > 2cc067f ci: limit VM reboot time to 5 minutes > >> > >> Yep, some change in Rawhide seems to have triggered this... The most > >> straightforward solution seems to be to just silence the errors. As it > >> is a trivial change, I have pushed it to the master branch: > >> > >> https://github.com/SELinuxProject/selinux-testsuite/commit/909f3aea627300a7e5ad2bc724d12c3560d34515 > > > > > > Are there any new denials audited, possibly requiring semodule -DB to make visible? Wondering if we are denying access to the inherited pipe fd and closing it? Denial would be on fd use or fifo file read/write. > > I did check now and there were no such denials. Most likely this has > nothing to do with SELinux and it's just mkfs closing stdin before it > exits or something like that. Got it, thank you for checking!
