On Fri, Feb 10, 2023 at 3:36 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Thu, Feb 9, 2023 at 11:09 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > Hi all,
> >
> > I just noticed a selinux-testsuite failure in the tests/file test:
> >
> > # Test 8 got: "512" (file/test at line 103)
> > # Expected: "0"
> > # file/test line 103 is: ok( $result, 0 );
> > file/test ................... Failed 1/16 subtests
> >
> > Digging into this a bit more it looks like the the fnctl(TIOCSTI) call
> > in test_sigiotask.c is failing due to a recent Rawhide change to
> > undefine CONFIG_LEGACY_TIOCSTI, disabling TIOCSTI. Upstream kernel
> > commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") has more
> > information on the Kconfig option.
> >
> > I'm not going to argue for reenabling CONFIG_LEGACY_TIOCSTI, I think
> > turning it off is a good idea, but it does mean we need to adjust the
> > selinux-testsuite.
>
> I noticed that in our CI yesterday and had a brief look. Unfortunately
> I don't (yet) fully understand the terminal device voodoo being done
> in test_sigiotask.c and I don't have any idea how to make it work
> without TIOCSTI. So the best fix for now seems to be to use the
> dev.tty.legacy_tiocsti sysctl (see the Kconfig). However, it seems to
> be broken currently:
>
> # sysctl dev.tty.legacy_tiocsti
> # sysctl -w dev.tty.legacy_tiocsti=1
> sysctl: setting key "/proc/sys/dev/tty/legacy_tiocsti": Invalid argument
> #
Yep, I got to that point last night and had to leave for the evening
so I fired off that email figuring you might get a chance to look into
it before I could.
Ultimately I think we'll probably still need to find some alternative
to using TIOCSTI, but I'll admit to not having spent much time at all
looking into how to do that.
> I will look into fixing it...
Thanks for getting to the root cause and posting the fix.
> > Also, as a note to the Fedora folks who will see this, maybe don't
> > tweak the Kconfig knobs when the kernel is at -rc7? Seeing kernel
> > test failures late in the -rc7 stage doesn't do wonders for my sanity
> > ;)
>
> When new configs are added upstream, AFAIK, they are set to the
> default value in the Fedora configs and marked as "pending". The
> Fedora kernel maintainer (Justin Forbes) then at some point goes
> through all pending configs and sets them to a value he deems best.
> This time it happened around -rc7; I'm not going to speculate why or
> if it's the usual practice. I recommend raising this on
> kernel@xxxxxxxxxxxxxxxxxxxxxxx - Justin is always open to suggestions
> and he might be able to accomodate this expectation.
Thanks, I'll send a note.
--
paul-moore.com
