| Message ID | 20210406111022.2472280-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | [testsuite] Deactivate userfaultfd test policy if no xperm support | expand |
On Tue, Apr 6, 2021 at 6:16 PM Lokesh Gidra <lokeshgidra@google.com> wrote: > > > > On Tue, Apr 6, 2021 at 4:40 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: >> >> The userfaultfd test policy uses also extended permissions, so only >> enable the test or its policy if these are supported. This makes the >> testsuite runnable on certain old distros again. >> >> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > > Reviewed-by: Lokesh Gidra <lokeshgidra@google.com> Thanks, I just merged the patch: https://github.com/SELinuxProject/selinux-testsuite/commit/1defa850ae71bc27c9dd101d19f543a42abc9537 BTW, for some reason your message didn't end up on the mailing list... it seems the vger lists are acting up again :/ >> >> --- >> policy/Makefile | 9 +++++++-- >> tests/Makefile | 2 ++ >> 2 files changed, 9 insertions(+), 2 deletions(-) >> >> diff --git a/policy/Makefile b/policy/Makefile >> index b092bb3..91364d5 100644 >> --- a/policy/Makefile >> +++ b/policy/Makefile >> @@ -29,14 +29,19 @@ TARGETS = \ >> test_task_getsid.te test_task_setpgid.te test_task_setsched.te \ >> test_transition.te test_unix_socket.te \ >> test_mmap.te test_overlayfs.te test_mqueue.te \ >> - test_ibpkey.te test_atsecure.te test_cgroupfs.te test_userfaultfd.te >> + test_ibpkey.te test_atsecure.te test_cgroupfs.te >> >> ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6)) >> SUPPORTS_CIL = n >> endif >> >> ifeq ($(SUPPORTS_CIL),y) >> -CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil >> +CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil >> +# userfaultfd test policy uses also xperms >> +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true) >> +CIL_TARGETS += test_userfaultfd.cil >> +TARGETS += test_userfaultfd.te >> +endif >> ifeq ($(shell [ $(MAX_KERNEL_POLICY) -ge 32 ] && echo true),true) >> ifeq ($(shell [ $(POL_VERS) -ge 32 ] && echo true),true) >> # If other MLS tests get written this can be moved outside of the glblub test >> diff --git a/tests/Makefile b/tests/Makefile >> index c19fcd7..7d4e39b 100644 >> --- a/tests/Makefile >> +++ b/tests/Makefile >> @@ -135,9 +135,11 @@ SUBDIRS += watchkey >> endif >> endif >> >> +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true) >> ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true) >> SUBDIRS += userfaultfd >> endif >> +endif >> >> ifeq ($(DISTRO),RHEL4) >> SUBDIRS:=$(filter-out bounds dyntrace dyntrans inet_socket mmap nnp_nosuid overlay unix_socket, $(SUBDIRS)) >> -- >> 2.30.2 >>
diff --git a/policy/Makefile b/policy/Makefile index b092bb3..91364d5 100644 --- a/policy/Makefile +++ b/policy/Makefile @@ -29,14 +29,19 @@ TARGETS = \ test_task_getsid.te test_task_setpgid.te test_task_setsched.te \ test_transition.te test_unix_socket.te \ test_mmap.te test_overlayfs.te test_mqueue.te \ - test_ibpkey.te test_atsecure.te test_cgroupfs.te test_userfaultfd.te + test_ibpkey.te test_atsecure.te test_cgroupfs.te ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6)) SUPPORTS_CIL = n endif ifeq ($(SUPPORTS_CIL),y) -CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil +CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil +# userfaultfd test policy uses also xperms +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true) +CIL_TARGETS += test_userfaultfd.cil +TARGETS += test_userfaultfd.te +endif ifeq ($(shell [ $(MAX_KERNEL_POLICY) -ge 32 ] && echo true),true) ifeq ($(shell [ $(POL_VERS) -ge 32 ] && echo true),true) # If other MLS tests get written this can be moved outside of the glblub test diff --git a/tests/Makefile b/tests/Makefile index c19fcd7..7d4e39b 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -135,9 +135,11 @@ SUBDIRS += watchkey endif endif +ifeq ($(shell [ $(MOD_POL_VERS) -ge 18 -a $(MAX_KERNEL_POLICY) -ge 30 ] && echo true),true) ifeq ($(shell test -e $(INCLUDEDIR)/linux/userfaultfd.h && echo true),true) SUBDIRS += userfaultfd endif +endif ifeq ($(DISTRO),RHEL4) SUBDIRS:=$(filter-out bounds dyntrace dyntrans inet_socket mmap nnp_nosuid overlay unix_socket, $(SUBDIRS))
The userfaultfd test policy uses also extended permissions, so only enable the test or its policy if these are supported. This makes the testsuite runnable on certain old distros again. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- policy/Makefile | 9 +++++++-- tests/Makefile | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-)