[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: F13 SELinux failure
From: |
Ralf Wildenhues |
Subject: |
Re: F13 SELinux failure |
Date: |
Wed, 9 Jun 2010 06:55:57 +0200 |
User-agent: |
Mutt/1.5.20 (2009-10-28) |
Hi Peter,
* Peter O'Gorman wrote on Wed, Jun 09, 2010 at 03:40:32AM CEST:
> >The above is, of course, after tests/demo-nopic.test, and the problem is
> >the selinux boolean allow_execmod which disallows text relocations.
> >
> >I'll look into making the test skip in this case.
>
> Ok?
This skips a bit more than is absolutely needed (only the demo-exec run
after demo-nopic and demo-make would need to be skipped), but I don't
see a big problem with that. We can fix that when we rename tests to
have unique names (e.g., to allow parallel-tests).
Would it make sense to test for /etc/selinux only
if test "$build" = "$host" && test -d /etc/selinux ...
though? I'm not quite sure myself actually.
I don't have much experience with selinux, the only other nits I see is
that you want a ;; after the first esac you added, and bump copyright
years.
Thanks,
Ralf
> >From cb91e71e6913d09e20a5176e3d3591136e116bc3 Mon Sep 17 00:00:00 2001
> From: Peter O'Gorman <address@hidden>
> Date: Tue, 8 Jun 2010 20:07:50 -0500
> Subject: [PATCH] Skip demo-nopic tests if SELinux policy will cause failure.
>
> * tests/demo-nopic.test: Check SELinux policy and skip if
> necessary.
> * tests/testsuite.at (LT_AT_CONFIGURE, LT_AT_MAKE):
> --- a/tests/demo-nopic.test
> +++ b/tests/demo-nopic.test
> @@ -34,6 +34,19 @@ hppa*|x86_64*|s390*)
> ;;
> esac
>
> +if test -d "/etc/selinux"; then
> + _selinux=`getenforce 2>/dev/null || echo "Disabled"`
> + case "${_selinux}" in
> + *Enforcing)
> + _sebool_allow_execmod=`getsebool allow_execmod 2>/dev/null`
> + case "${_sebool_allow_execmod}" in
> + *off)
> + func_skip "SELinux policy disallows"
> + ;;
> + esac
> + esac
> +fi
> +
> func_rmprefixdir
> func_cd "tests/demo"
> func_make_distclean