On Tue, Feb 14, 2023 at 10:59 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Fri, Feb 10, 2023 at 12:30 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Fri, Feb 10, 2023 at 11:57 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > > On Fri, Feb 10, 2023 at 3:36 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > > > On Thu, Feb 9, 2023 at 11:09 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > > > > Hi all,
> > > > >
> > > > > I just noticed a selinux-testsuite failure in the tests/file test:
> > > > >
> > > > > # Test 8 got: "512" (file/test at line 103)
> > > > > # Expected: "0"
> > > > > # file/test line 103 is: ok( $result, 0 );
> > > > > file/test ................... Failed 1/16 subtests
> > > > >
> > > > > Digging into this a bit more it looks like the the fnctl(TIOCSTI) call
> > > > > in test_sigiotask.c is failing due to a recent Rawhide change to
> > > > > undefine CONFIG_LEGACY_TIOCSTI, disabling TIOCSTI. Upstream kernel
> > > > > commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") has more
> > > > > information on the Kconfig option.
> > > > >
> > > > > I'm not going to argue for reenabling CONFIG_LEGACY_TIOCSTI, I think
> > > > > turning it off is a good idea, but it does mean we need to adjust the
> > > > > selinux-testsuite.
> > > >
> > > > I noticed that in our CI yesterday and had a brief look. Unfortunately
> > > > I don't (yet) fully understand the terminal device voodoo being done
> > > > in test_sigiotask.c and I don't have any idea how to make it work
> > > > without TIOCSTI. So the best fix for now seems to be to use the
> > > > dev.tty.legacy_tiocsti sysctl (see the Kconfig). However, it seems to
> > > > be broken currently:
> > > >
> > > > # sysctl dev.tty.legacy_tiocsti
> > > > # sysctl -w dev.tty.legacy_tiocsti=1
> > > > sysctl: setting key "/proc/sys/dev/tty/legacy_tiocsti": Invalid argument
> > > > #
> > >
> > > Yep, I got to that point last night and had to leave for the evening
> > > so I fired off that email figuring you might get a chance to look into
> > > it before I could.
> > >
> > > Ultimately I think we'll probably still need to find some alternative
> > > to using TIOCSTI, but I'll admit to not having spent much time at all
> > > looking into how to do that.
> > >
> > > > I will look into fixing it...
> > >
> > > Thanks for getting to the root cause and posting the fix.
> > >
> > > > > Also, as a note to the Fedora folks who will see this, maybe don't
> > > > > tweak the Kconfig knobs when the kernel is at -rc7? Seeing kernel
> > > > > test failures late in the -rc7 stage doesn't do wonders for my sanity
> > > > > ;)
> > > >
> > > > When new configs are added upstream, AFAIK, they are set to the
> > > > default value in the Fedora configs and marked as "pending". The
> > > > Fedora kernel maintainer (Justin Forbes) then at some point goes
> > > > through all pending configs and sets them to a value he deems best.
> > > > This time it happened around -rc7; I'm not going to speculate why or
> > > > if it's the usual practice. I recommend raising this on
> > > > kernel@xxxxxxxxxxxxxxxxxxxxxxx - Justin is always open to suggestions
> > > > and he might be able to accomodate this expectation.
> > >
> > > Thanks, I'll send a note.
> >
> > FWIW, it looks like the current Rawhide build is back to enabling
> > CONFIG_LEGACY_TIOCSTI. My testing is back to running clean with
> > kernel 6.2.0-0.rc7.20230210git38c1e0c6.54.1.secnext.fc38.
>
> That proved to be short lived.
>
> Ondrej, would it be possible to disable the failing test until your
> patch lands upstream and ends up in Rawhide?
https://github.com/SELinuxProject/selinux-testsuite/commit/17fe94750dceb2f1a6a286cbe907718ca1b2fb8d
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
