On Tue, Feb 14, 2023 at 10:59 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Fri, Feb 10, 2023 at 12:30 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Fri, Feb 10, 2023 at 11:57 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > On Fri, Feb 10, 2023 at 3:36 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > On Thu, Feb 9, 2023 at 11:09 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > > > Hi all, > > > > > > > > > > I just noticed a selinux-testsuite failure in the tests/file test: > > > > > > > > > > # Test 8 got: "512" (file/test at line 103) > > > > > # Expected: "0" > > > > > # file/test line 103 is: ok( $result, 0 ); > > > > > file/test ................... Failed 1/16 subtests > > > > > > > > > > Digging into this a bit more it looks like the the fnctl(TIOCSTI) call > > > > > in test_sigiotask.c is failing due to a recent Rawhide change to > > > > > undefine CONFIG_LEGACY_TIOCSTI, disabling TIOCSTI. Upstream kernel > > > > > commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") has more > > > > > information on the Kconfig option. > > > > > > > > > > I'm not going to argue for reenabling CONFIG_LEGACY_TIOCSTI, I think > > > > > turning it off is a good idea, but it does mean we need to adjust the > > > > > selinux-testsuite. > > > > > > > > I noticed that in our CI yesterday and had a brief look. Unfortunately > > > > I don't (yet) fully understand the terminal device voodoo being done > > > > in test_sigiotask.c and I don't have any idea how to make it work > > > > without TIOCSTI. So the best fix for now seems to be to use the > > > > dev.tty.legacy_tiocsti sysctl (see the Kconfig). However, it seems to > > > > be broken currently: > > > > > > > > # sysctl dev.tty.legacy_tiocsti > > > > # sysctl -w dev.tty.legacy_tiocsti=1 > > > > sysctl: setting key "/proc/sys/dev/tty/legacy_tiocsti": Invalid argument > > > > # > > > > > > Yep, I got to that point last night and had to leave for the evening > > > so I fired off that email figuring you might get a chance to look into > > > it before I could. > > > > > > Ultimately I think we'll probably still need to find some alternative > > > to using TIOCSTI, but I'll admit to not having spent much time at all > > > looking into how to do that. > > > > > > > I will look into fixing it... > > > > > > Thanks for getting to the root cause and posting the fix. > > > > > > > > Also, as a note to the Fedora folks who will see this, maybe don't > > > > > tweak the Kconfig knobs when the kernel is at -rc7? Seeing kernel > > > > > test failures late in the -rc7 stage doesn't do wonders for my sanity > > > > > ;) > > > > > > > > When new configs are added upstream, AFAIK, they are set to the > > > > default value in the Fedora configs and marked as "pending". The > > > > Fedora kernel maintainer (Justin Forbes) then at some point goes > > > > through all pending configs and sets them to a value he deems best. > > > > This time it happened around -rc7; I'm not going to speculate why or > > > > if it's the usual practice. I recommend raising this on > > > > kernel@xxxxxxxxxxxxxxxxxxxxxxx - Justin is always open to suggestions > > > > and he might be able to accomodate this expectation. > > > > > > Thanks, I'll send a note. > > > > FWIW, it looks like the current Rawhide build is back to enabling > > CONFIG_LEGACY_TIOCSTI. My testing is back to running clean with > > kernel 6.2.0-0.rc7.20230210git38c1e0c6.54.1.secnext.fc38. > > That proved to be short lived. > > Ondrej, would it be possible to disable the failing test until your > patch lands upstream and ends up in Rawhide? https://github.com/SELinuxProject/selinux-testsuite/commit/17fe94750dceb2f1a6a286cbe907718ca1b2fb8d -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.