On Wed, Sep 4, 2024 at 5:29 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Wed, Sep 4, 2024 at 11:13 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > Hello, > > > > While playing with migrating selinux-testsuite CI to Testing Farm > > (more on that later) I encountered a problem when running the NFS > > tests: When you create a symlink to the testsuite directory, cd inside > > that symlink, and run ./tools/nfs.sh, the nfs_filesystem/test fails. > > In fact, I also get some strange failures in unix_socket/test in the > > general testsuite run over NFS, but only when I run this scenario > > manually, not when running through the TMT tool (which also runs the > > tests inside a symlink to the testsuite directory, but only fails on > > the nfs_filesystem/test). > > > > Feel free to investigate if interested, for now I will leave the NFS > > tests out of the CI, as it's not clear if the issues are in the > > testsuite or the kernel (or both) and I don't want to add workarounds > > blindly. > > I'd tentatively guess that the symlink problem is merely that the test > policy isn't allowing the test domains to read > <whatever-type-is-on-that-symlink>:lnk_file. I'd try that and if so, > possibly add it to the test policy or relabel that symlink to an > allowed type. > > Unix socket test failures sound familiar - I seem to recall an earlier > email exchange about encountering that myself that turned out to > actually be the bug in NFS that I fixed earlier this year. Good point! I must have done my debugging runs in an environment with an older (broken) kernel and not realize it... Back then even adding the policy didn't resolve the failures, but with a recent kernel adding two lines to the policy is indeed enough. In the meantime I have refactored the way the tests are run, so it incidentally no longer triggers the symlink bug, but I have posted a patch with the policy fixes anyway, so that it doesn't become a problem in the future. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
