Re: F13 SELinux failure

[Ralf Wildenhues]

Hi Peter,

* Peter O'Gorman wrote on Wed, Jun 09, 2010 at 03:40:32AM CEST:
> >The above is, of course, after tests/demo-nopic.test, and the problem is
> >the selinux boolean allow_execmod which disallows text relocations.
> >
> >I'll look into making the test skip in this case.
> 
> Ok?

This skips a bit more than is absolutely needed (only the demo-exec run
after demo-nopic and demo-make would need to be skipped), but I don't
see a big problem with that.  We can fix that when we rename tests to
have unique names (e.g., to allow parallel-tests).

Would it make sense to test for /etc/selinux only
  if test "$build" = "$host" && test -d /etc/selinux ...

though?  I'm not quite sure myself actually.

I don't have much experience with selinux, the only other nits I see is
that you want a ;; after the first esac you added, and bump copyright
years.

Thanks,
Ralf

> >From cb91e71e6913d09e20a5176e3d3591136e116bc3 Mon Sep 17 00:00:00 2001
> From: Peter O'Gorman <address@hidden>
> Date: Tue, 8 Jun 2010 20:07:50 -0500
> Subject: [PATCH] Skip demo-nopic tests if SELinux policy will cause failure.
> 
> * tests/demo-nopic.test: Check SELinux policy and skip if
> necessary.
> * tests/testsuite.at (LT_AT_CONFIGURE, LT_AT_MAKE):

> --- a/tests/demo-nopic.test
> +++ b/tests/demo-nopic.test
> @@ -34,6 +34,19 @@ hppa*|x86_64*|s390*)
>       ;;
>  esac
>  
> +if test -d "/etc/selinux"; then
> +     _selinux=`getenforce 2>/dev/null || echo "Disabled"`
> +     case "${_selinux}" in
> +     *Enforcing)
> +             _sebool_allow_execmod=`getsebool allow_execmod 2>/dev/null`
> +             case "${_sebool_allow_execmod}" in
> +                     *off)
> +                             func_skip "SELinux policy disallows"
> +                             ;;
> +             esac
> +     esac
> +fi
> +
>  func_rmprefixdir
>  func_cd "tests/demo"
>  func_make_distclean