On Fri, Feb 10, 2023 at 11:57 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Fri, Feb 10, 2023 at 3:36 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > On Thu, Feb 9, 2023 at 11:09 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > > Hi all,
> > >
> > > I just noticed a selinux-testsuite failure in the tests/file test:
> > >
> > > # Test 8 got: "512" (file/test at line 103)
> > > # Expected: "0"
> > > # file/test line 103 is: ok( $result, 0 );
> > > file/test ................... Failed 1/16 subtests
> > >
> > > Digging into this a bit more it looks like the the fnctl(TIOCSTI) call
> > > in test_sigiotask.c is failing due to a recent Rawhide change to
> > > undefine CONFIG_LEGACY_TIOCSTI, disabling TIOCSTI. Upstream kernel
> > > commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") has more
> > > information on the Kconfig option.
> > >
> > > I'm not going to argue for reenabling CONFIG_LEGACY_TIOCSTI, I think
> > > turning it off is a good idea, but it does mean we need to adjust the
> > > selinux-testsuite.
> >
> > I noticed that in our CI yesterday and had a brief look. Unfortunately
> > I don't (yet) fully understand the terminal device voodoo being done
> > in test_sigiotask.c and I don't have any idea how to make it work
> > without TIOCSTI. So the best fix for now seems to be to use the
> > dev.tty.legacy_tiocsti sysctl (see the Kconfig). However, it seems to
> > be broken currently:
> >
> > # sysctl dev.tty.legacy_tiocsti
> > # sysctl -w dev.tty.legacy_tiocsti=1
> > sysctl: setting key "/proc/sys/dev/tty/legacy_tiocsti": Invalid argument
> > #
>
> Yep, I got to that point last night and had to leave for the evening
> so I fired off that email figuring you might get a chance to look into
> it before I could.
>
> Ultimately I think we'll probably still need to find some alternative
> to using TIOCSTI, but I'll admit to not having spent much time at all
> looking into how to do that.
>
> > I will look into fixing it...
>
> Thanks for getting to the root cause and posting the fix.
>
> > > Also, as a note to the Fedora folks who will see this, maybe don't
> > > tweak the Kconfig knobs when the kernel is at -rc7? Seeing kernel
> > > test failures late in the -rc7 stage doesn't do wonders for my sanity
> > > ;)
> >
> > When new configs are added upstream, AFAIK, they are set to the
> > default value in the Fedora configs and marked as "pending". The
> > Fedora kernel maintainer (Justin Forbes) then at some point goes
> > through all pending configs and sets them to a value he deems best.
> > This time it happened around -rc7; I'm not going to speculate why or
> > if it's the usual practice. I recommend raising this on
> > kernel@xxxxxxxxxxxxxxxxxxxxxxx - Justin is always open to suggestions
> > and he might be able to accomodate this expectation.
>
> Thanks, I'll send a note.
FWIW, it looks like the current Rawhide build is back to enabling
CONFIG_LEGACY_TIOCSTI. My testing is back to running clean with
kernel 6.2.0-0.rc7.20230210git38c1e0c6.54.1.secnext.fc38.
--
paul-moore.com
