From patchwork Mon Nov 18 15:02:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878731 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EADE41AA1F1 for ; Mon, 18 Nov 2024 15:03:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942194; cv=none; b=WbRy9zZRA4osCe69Cd0Vv1q3JY5DD8cTXdEWJ5arRgOxY6+BSImloirOic9kKnjNx09JjvBbe3EuSaHIoSP/bqZNIRmAhIGLrITE8cQRTwos8Lf8F/8TJ42C5XRe1XnRNJMQV88pFyRmDknz/FdxXdhAO8iIe2azZVLyZVFX7yc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942194; c=relaxed/simple; bh=gVR0QmIFHY7T61dDeBbreGNWY90xHv4n8RWeNzhM9lk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=o44tknrbsqLEdc7GjbJaf1Uq5vJR3FOLWhgRehLwl/6iA2/LoFfrRjQS0lDLylYe3LXZIro9Kv12JCLplasjs31nqVnPX6y2lX77NYA8NiyuT9t/adedjmQ3gHgITeX1KdAnJSZCaTTCOQ0bE8F0q6iM/cu/SpKexHiqE5qyWBk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=QDUmrhuz; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="QDUmrhuz" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942182; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xnRsaITNDjOiYYaoabsPcFZIdciAQa3XdI1Sp+AudtQ=; b=QDUmrhuzRuLazDKP9+ol2zwLGNRGpyhl8snwjMUs6pHP2NA+EQWDwOwYV9yv3b6aFuVcm7 xjeokAmjPhypMS32MCAXsynR3ou7XwGxGet7UXKgfMpGJIQHQAFQVCHerJfcsOagoyAt+u JDe6wyqoKA5AImlsX51wW0VsunBvkiSfI0mu4+h7gGoaZ6yUW2qWKWj7pBdBxjTt/P7WZF TrutNls1N9pYIRmKAlTXGM5lFVuqCJCHII4Jv+A4MU9i/bFSIpKIU9epvAC63m+gk88opE MGExoBtn0my/88d9PIot6nd/8K6h0C8zYPpcPoKCaMMxniOy4evjqpC9IV5S5g== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 01/17] Fix typos Date: Mon, 18 Nov 2024 16:02:23 +0100 Message-ID: <20241118150256.135432-2-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Found by codespell(1). Signed-off-by: Christian Göttsche --- doc/tests/Makefile | 2 +- doc/tests/socket.sgml | 2 +- policy/test_capable_file.te | 2 +- policy/test_capable_net.te | 2 +- policy/test_capable_sys.te | 2 +- policy/test_mqueue.te | 2 +- tests/binder/service_provider.c | 2 +- tests/bounds/test | 4 ++-- tests/capable_net/test | 2 +- tests/capable_sys/test | 2 +- tests/file/test | 2 +- tests/file/test_nofcntl.c | 2 +- tests/file/test_sigiotask.c | 2 +- tests/ioctl/test | 4 ++-- tests/ioctl/test_noioctl.c | 2 +- tests/mqueue/mqmgr.c | 2 +- tests/mqueue/test | 2 +- tests/overlay/setup-overlay | 2 +- tests/task_setscheduler/test | 2 +- tests/userfaultfd/userfaultfd.c | 2 +- 20 files changed, 22 insertions(+), 22 deletions(-) diff --git a/doc/tests/Makefile b/doc/tests/Makefile index ead6af2..6b85905 100644 --- a/doc/tests/Makefile +++ b/doc/tests/Makefile @@ -10,7 +10,7 @@ TEX := $(patsubst %.sgml, %.tex, $(TOP)) LOG := $(patsubst %.sgml, %.log, $(TOP)) OUT := $(patsubst %.sgml, %.out, $(TOP)) -all: $(PS) $(PDF) $(HMTL) +all: $(PS) $(PDF) $(HTML) $(PS): $(ALL) custom.dsl jw -f docbook -d custom.dsl -b ps $(TOP) diff --git a/doc/tests/socket.sgml b/doc/tests/socket.sgml index ca203ac..d1293ad 100644 --- a/doc/tests/socket.sgml +++ b/doc/tests/socket.sgml @@ -242,7 +242,7 @@ The socket scripts test the following hooks: -Secure Socket Sytem Call Tests +Secure Socket System Call Tests The tests in the socket_secure and unix_secure subdirectories create a single server diff --git a/policy/test_capable_file.te b/policy/test_capable_file.te index 2377279..2ee5d8f 100644 --- a/policy/test_capable_file.te +++ b/policy/test_capable_file.te @@ -29,7 +29,7 @@ type test_nofcap_t; typeattribute test_nofcap_t capabledomain; testsuite_domain_type(test_nofcap_t) -# Allow these domains to create a temporay file. +# Allow these domains to create a temporary file. allow capabledomain test_file_t:file { setattr rw_file_perms }; allow capabledomain test_file_t:chr_file { create }; allow capabledomain test_file_t:dir { setattr rw_dir_perms }; diff --git a/policy/test_capable_net.te b/policy/test_capable_net.te index a01ba8f..8ec4782 100644 --- a/policy/test_capable_net.te +++ b/policy/test_capable_net.te @@ -1,7 +1,7 @@ ################################# # # Policy for testing network related capabilities. The test_capable_file.te -# policy is a prequisite for this file. +# policy is a prerequisite for this file. # # Type for process that is allowed certain capabilities diff --git a/policy/test_capable_sys.te b/policy/test_capable_sys.te index 70717f1..05d6da5 100644 --- a/policy/test_capable_sys.te +++ b/policy/test_capable_sys.te @@ -1,7 +1,7 @@ ################################# # # Policy for testing system related capabilities. The test_capable_file.te -# policy is a prequisite for this file. +# policy is a prerequisite for this file. # # Type for process that is allowed certain capabilities diff --git a/policy/test_mqueue.te b/policy/test_mqueue.te index b938a6b..0d6df7a 100644 --- a/policy/test_mqueue.te +++ b/policy/test_mqueue.te @@ -18,7 +18,7 @@ testsuite_domain_type(test_mqreadop_t) domain_obj_id_change_exemption(test_mqreadop_t) typeattribute test_mqreadop_t mqopdomain; -# Domain for process that is allowed to wirte to write posix mqueues +# Domain for process that is allowed to write the write posix mqueues type test_mqwriteop_t; testsuite_domain_type(test_mqwriteop_t) domain_obj_id_change_exemption(test_mqwriteop_t) diff --git a/tests/binder/service_provider.c b/tests/binder/service_provider.c index f47365c..97c59dd 100644 --- a/tests/binder/service_provider.c +++ b/tests/binder/service_provider.c @@ -286,7 +286,7 @@ int main(int argc, char **argv) if (fd_type == BPF_TEST) exit(0); - /* If BPF enabed, then need to set limits */ + /* If BPF enabled, then need to set limits */ if (fd_type == BPF_MAP_FD || fd_type == BPF_PROG_FD) bpf_setrlimit(); #else diff --git a/tests/bounds/test b/tests/bounds/test index dd41115..3bf1b6a 100755 --- a/tests/bounds/test +++ b/tests/bounds/test @@ -76,8 +76,8 @@ $result = system( ); ok($result); -# It ensure the child domain shall be bounded to the parent. -# So, we expect all the alloed actiona are intersection with test_bounds_parent_t +# It ensures the child domain shall be bounded to the parent. +# So, we expect all the allowed actions are intersections with test_bounds_parent_t $result = system( "runcon -t test_bounds_child_t -- dd if=$basedir/bounds_file_red of=/dev/null count=1 2>&1 > /dev/null" diff --git a/tests/capable_net/test b/tests/capable_net/test index 8ef9ecc..dc0b57a 100755 --- a/tests/capable_net/test +++ b/tests/capable_net/test @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# This test performs checks for network-related capabilties. +# This test performs checks for network-related capabilities. # use Test; diff --git a/tests/capable_sys/test b/tests/capable_sys/test index 34ed8c8..132c732 100755 --- a/tests/capable_sys/test +++ b/tests/capable_sys/test @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# This test performs checks for system-related capabilties. +# This test performs checks for system-related capabilities. # use Test; diff --git a/tests/file/test b/tests/file/test index fa28b7c..64dc813 100755 --- a/tests/file/test +++ b/tests/file/test @@ -148,7 +148,7 @@ ok($result); system "chcon -t nofileop_rw_file_t $basedir/temp_file2 2>&1 > /dev/null"; # -# Check the fcntl for the bad domain. This uses the read-only accessable file. +# Check the fcntl for the bad domain. This uses the read-only accessible file. # $result = system "runcon -t test_nofileop_t -- $basedir/test_nofcntl $basedir/temp_file3 2>&1"; diff --git a/tests/file/test_nofcntl.c b/tests/file/test_nofcntl.c index 3554dec..40976c5 100644 --- a/tests/file/test_nofcntl.c +++ b/tests/file/test_nofcntl.c @@ -29,7 +29,7 @@ int main(int argc, char **argv) exit(2); } - /* The next two acesses should fail, so if that happens, we return success. */ + /* The next two accesses should fail, so if that happens, we return success. */ rc = fcntl(fd, F_SETFL, 0); if( rc != -1 ) { diff --git a/tests/file/test_sigiotask.c b/tests/file/test_sigiotask.c index 1a8f8f5..565c964 100644 --- a/tests/file/test_sigiotask.c +++ b/tests/file/test_sigiotask.c @@ -18,7 +18,7 @@ /* * Test the sigio operations by creating a child and registering that process * for SIGIO signals for the terminal. The main process forces a SIGIO - * on the terminal by sending a charcter to that device. + * on the terminal by sending a character to that device. */ int main(int argc, char **argv) { diff --git a/tests/ioctl/test b/tests/ioctl/test index f313f06..e8145fe 100755 --- a/tests/ioctl/test +++ b/tests/ioctl/test @@ -31,14 +31,14 @@ $result = system "touch $basedir/temp_file 2>&1"; $result = system "chcon -t test_ioctl_file_t $basedir/temp_file 2>&1"; # -# Attempt to perform the ioctls on the temproary file as the good domain +# Attempt to perform the ioctls on the temporary file as the good domain # $result = system "runcon -t test_ioctl_t -- $basedir/test_ioctl $basedir/temp_file 2>&1"; ok( $result, 0 ); # -# Attempt to perform the ioctls on the temproary file as the bad domain +# Attempt to perform the ioctls on the temporary file as the bad domain # The test program, test_noioctl.c, determines success/failure for the # individual calls, so we expect success always from that program. # diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c index 4b67e9a..b72a476 100644 --- a/tests/ioctl/test_noioctl.c +++ b/tests/ioctl/test_noioctl.c @@ -18,7 +18,7 @@ * argument. This version of the program expects some of the ioctl() * calls to fail, so if one does succeed, we exit with a bad return code. * This program expects the domain it is running as to have only read - * acess to the given file. + * access to the given file. */ int main(int argc, char **argv) { diff --git a/tests/mqueue/mqmgr.c b/tests/mqueue/mqmgr.c index 5a08ce5..d03bf85 100644 --- a/tests/mqueue/mqmgr.c +++ b/tests/mqueue/mqmgr.c @@ -10,7 +10,7 @@ #include /* - * Managed the creation and distruction of a posix mqueue. + * Managed the creation and destruction of a posix mqueue. * The first argument is the name of the mqueue to be managed * (including starting '/'). The second argument is the * operation. '1' to create, '0' to remove. diff --git a/tests/mqueue/test b/tests/mqueue/test index 8334b9b..0cb9c22 100755 --- a/tests/mqueue/test +++ b/tests/mqueue/test @@ -8,7 +8,7 @@ use Test::More; BEGIN { # check if kernel supports posix mqueues file system is mounted if ( system("mount | grep -q mqueue") ) { - plan skip_all => "mqueue fileystem not supported/mounted"; + plan skip_all => "mqueue filesystem not supported/mounted"; } else { plan tests => 13; diff --git a/tests/overlay/setup-overlay b/tests/overlay/setup-overlay index 3f33499..c08a3dd 100755 --- a/tests/overlay/setup-overlay +++ b/tests/overlay/setup-overlay @@ -29,7 +29,7 @@ setup () { # (test_overlay_mounter_t, test_overlay_client_t) chcon -R -t test_overlay_files_ro_t $BASEDIR/lower - # Label noaccessfile and noaccessdir, with types not accessable to either the + # Label noaccessfile and noaccessdir, with types not accessible to either the # mounter or the client types chcon -t test_overlay_files_noaccess_t $BASEDIR/lower/noaccessfile $BASEDIR/lower/noaccessdir $BASEDIR/lower/null_noaccess chcon -t test_overlay_mounter_files_t $BASEDIR/lower/mounterfile $BASEDIR/lower/mounterdir $BASEDIR/lower/null_mounter diff --git a/tests/task_setscheduler/test b/tests/task_setscheduler/test index c2fe8c6..3730ff7 100755 --- a/tests/task_setscheduler/test +++ b/tests/task_setscheduler/test @@ -23,7 +23,7 @@ close($f); $cgroup_cpu = "/sys/fs/cgroup/cpu/tasks"; if ( -w $cgroup_cpu ) { - # We can only set the scheduler policy fo SCHED_{RR,FIFO} in the root + # We can only set the scheduler policy to SCHED_{RR,FIFO} in the root # cgroup so move our target process to the root cgroup. open( my $fd, ">>", $cgroup_cpu ); print $fd $pid; diff --git a/tests/userfaultfd/userfaultfd.c b/tests/userfaultfd/userfaultfd.c index dd3a9f3..2a5d9d2 100644 --- a/tests/userfaultfd/userfaultfd.c +++ b/tests/userfaultfd/userfaultfd.c @@ -177,7 +177,7 @@ int main (int argc, char *argv[]) return -1; } - /* Acces to the registered memory range should invoke the 'missing' + /* Access to the registered memory range should invoke the 'missing' * userfaultfd page fault, which should get handled by the thread * created above. */ From patchwork Mon Nov 18 15:02:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878730 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAE391AA1FA for ; Mon, 18 Nov 2024 15:03:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942194; cv=none; b=cDMEib44rLlvqAWHfEj6DN9qv8giV9j89cdkluHmDEPwLD+qaQZUCbD9X1Vsi1VWlOCshqzyFmqR9/dQvFu/tKEx+TFKP/wOVx1JFqgq591FlYSi6Bd3yKy/SA9H7MTiNJixxW5F1/yxcrCQ1kva9Wc+Vd8r4tNbhxM/weVqqRU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942194; c=relaxed/simple; bh=x7eII/WdQVK9ZMv2QLkWixvsFQOXK1BaJ7y65fR0xSM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mRbHAnc+vOVuRjvEt4/6pK8+AKNxgFNEpkP5O1B7YbvHJII2RJMuVduyAiwUNVHTMQ1LDNpU8sLcPEBY84Cnf9jVBQXrCzvGYdE7kLFgDVNb57u646aQBXyhVVxhUGDUT8fH86bZvgzmbCGWdcmnedp9tV0lS16+LdrwRSfFxzk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=cE/avOku; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="cE/avOku" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942182; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ju/54G3LzPpfxmOs549yQo5+/CkfxemswAvsdmO+2XU=; b=cE/avOkuCX+JJp3U1H2jF8Hw/ObhPPAiLdigVTKRGrDoYzfP0lUMhOV2ywAm73SNNsZ40l LrbpJFVizCBwCebXwaG55c1N/2Sv8hH8glFdhLmgWGhdNI6kP8gDtVSJsVk2lhIdr0NUdO Zo/ArWmfU6MzOjWcqIQNGJI6K5hlaQjhBgmbFjT6fis80TmbRYo4aSFPzQiBUZwg9GbkQ1 KdRU5g2sxboXkTm6JZjhPo/dstj2MPXuUpx6l9HPRJANe4D+HeEs8tg/djc7ZC24nKJ+1i fQUu8652yTYyFy7EMbpYilDFlgxj6KJLhNfobHJm/M4cnbtcZ/ZQhqRPnDNNwg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 02/17] Makefile: use $(MAKE) to pass options Date: Mon, 18 Nov 2024 16:02:24 +0100 Message-ID: <20241118150256.135432-3-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Pass make options, e.g. number of jobs, which allows to build multiple test executables in a single sub-directory in parallel. Signed-off-by: Christian Göttsche --- Makefile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 9081406..8d6227a 100644 --- a/Makefile +++ b/Makefile @@ -4,14 +4,12 @@ all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i all ; done test: - make -C policy load - make -C tests test - make -C policy unload + $(MAKE) -C policy load + $(MAKE) -C tests test + $(MAKE) -C policy unload check-syntax: @./tools/check-syntax clean: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i clean ; done - - From patchwork Mon Nov 18 15:02:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878728 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAD411AA1D7 for ; Mon, 18 Nov 2024 15:03:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942192; cv=none; b=cTB439W6N7J15SU9XytDkAuht6QiqH9pDJZfH6XygAvinsiseamWEShbZnyYLqpVpUocHWZMqoH16eGnv8XawAtGobo/H+km8Ku62yG4QBsxqOtB1//txs1MLPxef38O+XqSpxMwEPYcEPL4YUhzYp6CWjdo8ndRSN/eTorFf6E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942192; c=relaxed/simple; bh=oEk1jQ+/80qQmGrucPlGx3zyGkOSfKXFsUZCiZfYASE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hMRs+aueWOwLOdbBZQnGNEUsPh7j81NI64Q7dJhK60YqRgWYZc6twq9Q6ZVsOaOigJrnVfJhXY6u+rGNVB1DeeSQly1nUc10NJkE6+tQS/vNpO0cbpkp1t4Kvp44nxSqpRiACfepUgeP2AJFmNhSIYdDtXMQq1dzLs4EGaCuWu0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=eIbo8VEO; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="eIbo8VEO" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942182; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xElDK9FN6w7nntOkfia3KzozUGVjvrMHpBsk9cyr6Zc=; b=eIbo8VEO3XNvP5eCnhqkc3YDSKS1kpRmPtUsAcufSTxJ+vSNgz17pXrGwFjgSJ4BNCdKTh d4Zsml/TU+hTItJRpxHNodp7C+TZWAW2A/K6B98iGlY3zBmSdU1M18kI1hV2nhum1oR/GK zBrNSlm9nE6HWFvZsvidWUH3+mdMxlr7FaZvSy6lEqUMMYGhg7XfEhe7looGGE43NY/mOX As8Clofhrl/QRcIbfdr6JoIaVZxaHghIHQxAHpfsfFtIM/Z8y0kO0COPxcflqG1ki0lqOZ uA8W80ZU9NB7m65+LArqPRKa5dehYu/dOheCXQuQzd+XNiWOFdsohwp4pZi9vw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 03/17] tools: quote command to prevent word splitting Date: Mon, 18 Nov 2024 16:02:25 +0100 Message-ID: <20241118150256.135432-4-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Reported by shellcheck(1). Signed-off-by: Christian Göttsche --- tools/check-syntax | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/check-syntax b/tools/check-syntax index 2115a79..d09a3dd 100755 --- a/tools/check-syntax +++ b/tools/check-syntax @@ -112,7 +112,7 @@ function style_fix() { [[ -z "$1" ]] && return [[ -z "$2" || ! -w "$2" ]] && return - tmp="$(mktemp --tmpdir=$(dirname "$2"))" + tmp="$(mktemp --tmpdir="$(dirname "$2")")" case "$1" in c|C) tool_c_style "$2" > "$tmp" From patchwork Mon Nov 18 15:02:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878729 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CDB521B0F0B for ; Mon, 18 Nov 2024 15:03:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942193; cv=none; b=L0hM36C0U6xWVH+4bTZpPhxLJxe7l1MLOduSwsSEf4zgw4kXbjF0KoIyikUsBQinfHZiFZyr0UBmVFqUVbz959QkuXbZjZP8NlSlN2CjFYPCZ42M1lC5p++S5V1rdiYuzXPzYu9OClZuoSU7VGywBoDod+upD0sz8Xh+chHd20Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942193; c=relaxed/simple; bh=faZRreWquVe700OZGYMSo0dSlhb7Uz0PJ11Md7W1r0s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=snHTWHgO8TKATOy0IsaoS4/c7d/Vuk9PR17MAcOAbfg0n8Fhu7BVnhsadkSxTLYbVyJs5XjWLZSFpe5n84UXU4fONpHL23CFDUPGoeyYRuyp046ixd2D5AGiGGD7lZZFubQJXl7zXa5Zqd8WpFgAB5h4raxa0BRcYxuuoIBgm38= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=RWxscOZK; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="RWxscOZK" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942182; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IXSqTavrILkr8R4UvsKit71r/AdRNMGLzyGo5EHv1dQ=; b=RWxscOZKeUc1RMFpFaAqMTa+oENw4o8ialrC2UG+m5fYlQIN9+2mcyQzzerFvKXrrbAoKk KCBrC64H9ZdKHKynn2jgY5C2ny+M1hYRH5j6FwWyxEWIGfZJaf9jqXbYdcfU70S3en5bCL hs9zMd9Ade7dK7kFurYKNmh311q2ZFIBr95w3YYZMATx1/j2eXClCVoJOWPsskLw7wrqa7 W7Ny7op3jUGPLk9feN+31zHNDSzTmrXzw80rzWJN/KGCPW/FEfpOB/mCnv/TYJV+Rg+pS8 F6hkwuVFVkK1BYfamF+onrF96Fm+n98/GK8dYF3+M3+Ek78XF+HHXSht0cC2Bg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 04/17] tests: port scripts to sh and please shellcheck Date: Mon, 18 Nov 2024 16:02:26 +0100 Message-ID: <20241118150256.135432-5-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Improve portability and avoid actual issues being hidden. Signed-off-by: Christian Göttsche --- tests/kvercmp | 16 +++++++++------- tests/os_detect | 10 ++++++---- tests/pol_detect | 12 +++++++----- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/tests/kvercmp b/tests/kvercmp index 3742f16..4b1e345 100755 --- a/tests/kvercmp +++ b/tests/kvercmp @@ -1,15 +1,17 @@ -#!/bin/bash +#!/bin/sh -function kvercmp() +set -eu + +kvercmp() { - ver1=`echo $1 | sed 's/-/./'` - ver2=`echo $2 | sed 's/-/./'` + ver1=$(echo "$1" | sed 's/-/./') + ver2=$(echo "$2" | sed 's/-/./') ret=0 i=1 - while [ 1 ]; do - digit1=`echo $ver1 | cut -d . -f $i` - digit2=`echo $ver2 | cut -d . -f $i` + while true; do + digit1=$(echo "$ver1" | cut -d . -f $i) + digit2=$(echo "$ver2" | cut -d . -f $i) if [ -z "$digit1" ]; then if [ -z "$digit2" ]; then diff --git a/tests/os_detect b/tests/os_detect index cddcb85..6b723f6 100755 --- a/tests/os_detect +++ b/tests/os_detect @@ -1,8 +1,10 @@ -#!/bin/bash +#!/bin/sh -if [[ -r /etc/redhat-release ]]; then - ver=$(cat /etc/redhat-release | sed -ne '/^Red Hat Enterprise Linux/p') - if [[ -n $ver ]]; then +set -eu + +if [ -r /etc/redhat-release ]; then + ver=$(sed -ne '/^Red Hat Enterprise Linux/p' /etc/redhat-release) + if [ -n "$ver" ]; then echo "$ver" | \ sed -e 's/Red Hat Enterprise Linux[ \ta-zA-Z]*\([0-9]\+\).*/RHEL\1/' fi diff --git a/tests/pol_detect b/tests/pol_detect index ba25b94..8c07997 100755 --- a/tests/pol_detect +++ b/tests/pol_detect @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +set -eu if [ $# -ne 1 ]; then echo "Usage $0 " @@ -8,10 +10,10 @@ fi # This is heuristic but seems unlikely to be wrong, # the kernel initial sid should always be SystemHigh # and SystemHigh is normally s15 -level=$(cat $1/initial_contexts/kernel | tr '\0' '\n' | cut -d: -f4) +level=$(cat "$1/initial_contexts/kernel" | tr '\0' '\n' | cut -d: -f4) -if [ -z $level ]; then echo "NON-MLS" -elif [ $level = 's0' ]; then echo "MCS" -elif [ $level = 's15' ]; then echo "MLS" +if [ -z "$level" ]; then echo "NON-MLS" +elif [ "$level" = 's0' ]; then echo "MCS" +elif [ "$level" = 's15' ]; then echo "MLS" else echo "UNKNOWN" fi From patchwork Mon Nov 18 15:02:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878734 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90D9C1BD508 for ; Mon, 18 Nov 2024 15:03:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942196; cv=none; b=K7qUiKea6df3yJOXmMcGA4JKlz9Vq/EzhvB4fbXmLo425wxCzoUj1/9gp21CGFAC87Auc3EofHAgVQICfillMkjAnQiwhOA3aP22QHImHpvX6bjcO3kmcK9jlQVH594z/tX/EhBzSxujMV3EDoR78zPD6OeESpjlAB77SoxNXy8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942196; c=relaxed/simple; bh=Zs5RtfaX+Mr03PHFB3vLsqCQK8jZPid7gvY6zuq3EK4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=vC5uf5gAy9l1ikGjokHrQbFdgfL3G8A05Sn6VUHsbq3gqkCGMqJN390c3cC75t4PKLmapCsG0DGsc0dzjc1x4795+/RH6Kz3fkrUSbCAkDkmwoVm4R2W+vYGKznY7hCDvTjo5eTjqDV+QiY+1atXnW4vw4iWfW1WcBCpSgVebzk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=Eixq4JwX; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="Eixq4JwX" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942182; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v7yp73895MB08TReEH0j7Ox3CGe9oI3eZVz16p8vcCg=; b=Eixq4JwXAG7ZdB5xeCEaG1Pr09IYpFNgfTHC71UosntOu/VFAziItGPBz96Ki9pGYiE1+T foJVt0Ga7p4HgW0rujpnaCVsSHZsItjChB5mDO44ySkdO2uZ+Yad5XOshXqadMYs9NZhzo 6oWjUrdmv/6a347tEeHDLQHu+r/HAdqBqv0ZzmnGOQetlUtjdb+sZedIQ0InSJBPiwpkrv ntMMbseeMh9G58vYR0vIj5i2vidtT2qTDeNj/7VLebm9UFmIR2maUWfAmdICT56pNxMety P1cHhuWNVsuo1XqsUzF8QNl47ugZ6uFp2nLGf6Hu3+8gI8R4OrNjU9ntBWJRBg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 05/17] tests: enable strictness for perl scripts Date: Mon, 18 Nov 2024 16:02:27 +0100 Message-ID: <20241118150256.135432-6-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/loop.pl | 9 ++++++--- tests/nfsruntests.pl | 6 +++++- tests/runtests.pl | 16 ++++++++++------ 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/tests/loop.pl b/tests/loop.pl index f5bf6ba..2c97b77 100644 --- a/tests/loop.pl +++ b/tests/loop.pl @@ -1,12 +1,15 @@ #!/usr/bin/perl -$count = shift || 1; +use strict; +use warnings; + +my $count = shift || 1; print "Running all tests $count times\n"; -for ( $i = 0 ; $i < $count ; $i++ ) { +for ( my $i = 0 ; $i < $count ; $i++ ) { print "$i: "; - $foo = `./runtests.pl`; + my $foo = `./runtests.pl`; if ( $foo =~ m|All tests successful.\n| ) { print $'; } diff --git a/tests/nfsruntests.pl b/tests/nfsruntests.pl index c3f0626..fa4e23a 100755 --- a/tests/nfsruntests.pl +++ b/tests/nfsruntests.pl @@ -1,5 +1,9 @@ #!/usr/bin/perl + +use strict; +use warnings; + use Test::Harness; -@test = "$ARGV[0]"; +my @test = "$ARGV[0]"; runtests(@test); diff --git a/tests/runtests.pl b/tests/runtests.pl index a2ed7ea..7654a82 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -1,20 +1,24 @@ #!/usr/bin/perl +use strict; +use warnings; + use Test::Harness; -@dirs = split( / /, $ENV{SUBDIRS} ); +my @dirs = split( / /, $ENV{SUBDIRS} ); +my @scripts = (); for (@dirs) { push @scripts, "$_/test"; } -$output = `id`; +my $output = `id`; $output =~ /uid=\d+\((\w+)\).*context=(\w+):(\w+):(\w+)/ || die("Can't determine user's id\n"); -$unixuser = $1; -$user = $2; -$role = $3; -$type = $4; +my $unixuser = $1; +my $user = $2; +my $role = $3; +my $type = $4; print "Running as user $unixuser with context $2:$3:$4\n\n"; From patchwork Mon Nov 18 15:02:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878733 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90D4E1AA1F1 for ; Mon, 18 Nov 2024 15:03:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942196; cv=none; b=YeaZJhzZFfMCZee+P/hN1p2E6+kuAis9rcGQdenQ1szT2d6HIleNWN4iSflQax0sQGeig9L2cxy3wOnLn32M2oL0khf5MrkxWuQINlrJE3FuNzTiV4Sf4IxWXoIYDlaEQypSU7b6UmTHTvcMNGwzd6BpaafofdqRBK/0y7Gipn0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942196; c=relaxed/simple; bh=NS31cr+XCMW1l/BVFvCHs5GwAF5P1rbc5ecIMTkhG3w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Oc01l+YeznkA+b00jwLc721OS7P6TEp/9OY58ydn5E0LbcsMAd2767zmrYbqjcyzGxbHpRZdQrukwmFK8RejDcU4z/DjXzaD+t+j/KmHSpHTS+nFEwnfaiyMxCADZjH1i8pyg0rhGnS2ElXdND6vBqzN74qPXtYKfxWz0e8EieE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=YVfyh8DN; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="YVfyh8DN" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SytQII04nwCFARVvVaX0uxulCLDGBoMaUqNq51rHoiA=; b=YVfyh8DNHkKVnGlSGkYB938nrvEnIYT2zLXVpHfGFYQie4rb3plnHR5GUV8ofcNXTN+7/t vEnD0ozDBbij7PMnqR2MtPfLSb4MYIJ7VV9MvzWVf8MDua2olhMTG2cFo8ZGcuFjKL1Ivd eXaInOs6ipBnol61xK8KhgXvLmuqJQPxPTWfD66xJ8Wi1ngzGN3QuMwzPoRrBTlpR4ypVc gcx2i4xLd43tjd1TX3Q8b6DK4XC6yXPCfpY77bv4j8+ORcW9XRXBfeGJG5ctUWosnhBkbQ opTre3juUHV3swqskOHEmKNNqnJCGq6iS/YaWSH0Mh/PCYK/9QqPJtmrrwYe0Q== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 06/17] Makefile: add PHONY targets Date: Mon, 18 Nov 2024 16:02:28 +0100 Message-ID: <20241118150256.135432-7-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- Makefile | 2 ++ policy/Makefile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 8d6227a..fc58613 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ SUBDIRS = policy tests +.PHONY: all test check-syntax clean + all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i all ; done diff --git a/policy/Makefile b/policy/Makefile index 32d7ede..a525b0e 100644 --- a/policy/Makefile +++ b/policy/Makefile @@ -175,6 +175,8 @@ ifeq ($(shell grep -q user_namespace $(POLDEV)/include/support/all_perms.spt && export M4PARAM += -Duser_namespace_defined endif +.PHONY: all expand_check build load unload clean + all: build expand_check: From patchwork Mon Nov 18 15:02:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878742 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B39F11C1F1C for ; Mon, 18 Nov 2024 15:03:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942199; cv=none; b=mpZWBDe6boZ8b5a67XqYqb/0ZDk32vqHIhJknodv6EMOPpjK/e9etNSR+Bxa2OaMTI2gad2wuOaU2O63q6DhruVoBQVCMVJjCA99DVfkMEgzUaOj+z6rcq6m8jgiL0L4L69eHUVwdN+PxesC+DSVgIqpM+VOdhA3jcAxo7dUYmI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942199; c=relaxed/simple; bh=p2c2cDcaMQPFZuADXIo5av4l5xEc86U7ap10uKKMkDU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mArwFSigFR6gtDYaplI5pWC7GloBmYyzuvwXVONmVc82/aFce4FtWR7kIbGPzcyJ1wBc36V5jTmSf+21AriJ++n237seNPiUGlUzAZeWGu0zclyPU4g1J1AAiSOkWJgTGwNCKq3EFN1ddxpOawqNU0J2mlxzbe2oDHY+E3qBtDQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=oJgTt90K; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="oJgTt90K" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PwBBOdeD0i4q9AnuVKoRDX/YDCd5DLJi1IX+Wt8eD9U=; b=oJgTt90Kbf7HDoYgRdUFwezdL69JJ+/Gb8rYZAmE1bBJtMVtLPuEK2w6Crt+/qqEhznkjj BawPfeWCY8FoWFjq426BvC27GTSiXwNwyIATHKXHZWiX7i+Sx+qmtJv8yZPWjIe9M5RQQ6 GnniPFqwBdtm7oRYrD+bwmwSyqVH8zrLQ68bk5igk9TugGPTr3+jJ+472B95gg30KQZbJw /S6h1Gkl3ouEXPai8Irk1RzF9hDJCMWK4cyjYxk8ARpyWa35dasU0hrd9KgAOpn49XS+vU vVlbaPSOLCC/XScOtOKE9UN6AOtMqZJiiEc21siVA1wDCGjo3W04ME5S4nzQuw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 07/17] test: overlayfs related tweaks Date: Mon, 18 Nov 2024 16:02:29 +0100 Message-ID: <20241118150256.135432-8-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche OverlayFS does not support a couple of ioctl's and other features, like NFS, so skip and tweak relevant tests. Signed-off-by: Christian Göttsche --- tests/capable_sys/test | 2 +- tests/ioctl/test_ioctl.c | 4 ++-- tests/ioctl/test_noioctl.c | 4 ++-- tests/overlay/test | 7 ++++--- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/tests/capable_sys/test b/tests/capable_sys/test index 132c732..6fb57a1 100755 --- a/tests/capable_sys/test +++ b/tests/capable_sys/test @@ -10,7 +10,7 @@ BEGIN { $basedir =~ s|(.*)/[^/]*|$1|; $fs = `stat -f --print %T $basedir`; - $test_fibmap = ( $fs ne "btrfs" and $fs ne "nfs" ); + $test_fibmap = ( $fs ne "btrfs" and $fs ne "nfs" and $fs ne "overlayfs" ); $test_count = 7; if ($test_fibmap) { diff --git a/tests/ioctl/test_ioctl.c b/tests/ioctl/test_ioctl.c index 9bf732d..3ed0695 100644 --- a/tests/ioctl/test_ioctl.c +++ b/tests/ioctl/test_ioctl.c @@ -28,9 +28,9 @@ int main(int argc, char **argv) } /* This one should hit the FILE__GETATTR or FILE__IOCTL test */ - rc = ioctl(fd, FIGETBSZ, &val); + rc = ioctl(fd, FS_IOC_GETFLAGS, &val); if( rc < 0 ) { - perror("test_ioctl:FIGETBSZ"); + perror("test_ioctl:FS_IOC_GETFLAGS"); exit(1); } diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c index b72a476..522fef5 100644 --- a/tests/ioctl/test_noioctl.c +++ b/tests/ioctl/test_noioctl.c @@ -44,9 +44,9 @@ int main(int argc, char **argv) } /* This one should hit the FILE__IOCTL or FILE__GETATTR test and fail. */ - rc = ioctl(fd, FIGETBSZ, &val); + rc = ioctl(fd, FS_IOC_GETFLAGS, &val); if( rc == 0 ) { - printf("test_noioctl:FIGETBSZ"); + printf("test_noioctl:FS_IOC_GETFLAGS"); exit(1); } diff --git a/tests/overlay/test b/tests/overlay/test index c8367dd..744fc9c 100755 --- a/tests/overlay/test +++ b/tests/overlay/test @@ -9,14 +9,15 @@ BEGIN { chop($seuser); $seuser =~ s|^(\w+):.*$|$1|; - $isnfs = `stat -f --print %T $basedir`; + $fs = `stat -f --print %T $basedir`; # check if kernel supports overlayfs and SELinux labeling if ( system("grep -q security_inode_copy_up /proc/kallsyms") ) { plan skip_all => "overlayfs not supported with SELinux in this kernel"; } - elsif ( $isnfs eq "nfs" ) { - plan skip_all => "overlayfs upperdir not supported on NFS"; + elsif ( $fs eq "nfs" or $fs eq "overlayfs" ) { + plan skip_all => + "overlayfs upperdir not supported on NFS and OverlayFS"; } else { plan tests => 119; From patchwork Mon Nov 18 15:02:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878735 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3A421C1F1D for ; Mon, 18 Nov 2024 15:03:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942196; cv=none; b=RccJlGZHVh1kya2tmcGKvPZQPIKIKPozVFv+8DnBfa2lxSGfkj/GsLBVRbzY4UwaXVyq8s301etC7s2kr4E0xy8H3omd5L/XfHUlYSCuFiPJqlQs+Y5MWg7v8Y3ZVzwnSBMt/qRym1+kRa7LXLUQjnCJguA1YiJqBs7nbBHQUj8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942196; c=relaxed/simple; bh=3kXbmsYP0Of0bJ969WBqgEqX4Iu6+bMO8Xn/8DUJSwA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=umGLdSiObqDXU5wKhPB/rKvQprlJgfhWJXBaWnYX3leXieOYHsVKbrZJcdhRCux91JwEMGCzYchipSS5nZOyZyYJSrNlzrrKogJhPyZQGV4SSKr0/MN+o+xATwjBBamwKkQ1O0U0EuQ2wJgDCpqwtldQn75fXbPpZW/rgwJCLD0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=maqE0x4o; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="maqE0x4o" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J3d5ZcvxoM/9p4zOypcC2QsuxclaT4OYTtMTE6UxQ9Y=; b=maqE0x4ofRq4jk7fdpZ2IdzXdRwXW2SEIa6RkKmZNtYfU08unxoF0lfuJPBfRETrya6whC DkZGKAL091yXGOdHW/Pnk3C7hTT+lse8noO3kUYISckrL5rdGq2mUqpRuv13/ged+A8zCE CUIYNmJqWKfeRdzaDSK3vgJjRy55hdsAdSUw3tsLPtD6lb3mf83SSppKyv/ryyfsT+monu yJtOKyb/lz/fKdjtG58P31VkHYFjbrwnW30WhZVuYVsOLgM1Lo2dx3Ca5PYXAniBFPBcF8 q5wxX5vEPi5jB8Tm4U8bbMcYIXm/fuItIZinhvc6t4ihi4JKBJN+kgrNTKDX6Q== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 08/17] tests/notify: work with CONFIG_FANOTIFY disabled Date: Mon, 18 Nov 2024 16:02:30 +0100 Message-ID: <20241118150256.135432-9-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/notify/test | 172 +++++++++++++++++++++-------------- tests/notify/test_fanotify.c | 14 ++- 2 files changed, 114 insertions(+), 72 deletions(-) diff --git a/tests/notify/test b/tests/notify/test index 77db8c2..be28ad1 100755 --- a/tests/notify/test +++ b/tests/notify/test @@ -1,11 +1,25 @@ #!/usr/bin/perl use Test; -BEGIN { plan tests => 18 } # number of tests to run -# help the test script locate itself -$basedir = $0; -$basedir =~ s|(.*)/[^/]*|$1|; +BEGIN { + # help the test script locate itself + $basedir = $0; + $basedir =~ s|(.*)/[^/]*|$1|; + + $fanotify_support = 1; + + $result = system("runcon -t test_watch_t $basedir/test_fanotify -c 2>&1"); + + # check if CONFIG_FANOTIFY is enabled - ENOSYS + if ( $result >> 8 eq 38 ) { + $fanotify_support = 0; + plan tests => 4; + } + else { + plan tests => 18; + } +} # Get rid of a testfile and dir from last run if it's there (just in case) system("rm -f $basedir/watch_me"); @@ -27,45 +41,53 @@ $exit_val = system("runcon -t test_watch_t $basedir/test_inotify $basedir/watch_me 2>&1"); ok( $exit_val, 0 ); -# Should be able to set non-permissions based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); -ok( $exit_val, 0 ); +if ($fanotify_support) { -# Should NOT be able to set permission based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail + # Should be able to set non-permissions based fanotify watch + $exit_val = system( + "runcon -t test_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); + ok( $exit_val, 0 ); -# Should NOT be able to set read based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail + # Should NOT be able to set permission based fanotify watch + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + # Should NOT be able to set read based fanotify watch + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail +} # Should NOT be able to set read based inotify watch $exit_val = system( "runcon -t test_watch_t $basedir/test_inotify -r $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail +ok($exit_val); # this should fail -## TEST PERM WATCH -# Should be able to set permission based fanotify watch -$exit_val = system( +if ($fanotify_support) { + + ## TEST PERM WATCH + # Should be able to set permission based fanotify watch + $exit_val = system( "runcon -t test_perm_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); -# Should NOT be able to set watch of accesses -$exit_val = system( + # Should NOT be able to set watch of accesses + $exit_val = system( "runcon -t test_perm_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1" -); -ok($exit_val); # this should fail + ); + ok($exit_val); # this should fail -## TEST READ NO PERM WATCH PERMSISSIONS -# Should NOT be able to set read and perm watch -$exit_val = system( + ## TEST READ NO PERM WATCH PERMSISSIONS + # Should NOT be able to set read and perm watch + $exit_val = system( "runcon -t test_read_watch_t $basedir/test_fanotify -p -r $basedir/watch_me 2>&1" -); -ok($exit_val); # should fail + ); + ok($exit_val); # should fail +} # Should be able to set read inotify watch $exit_val = system( @@ -73,12 +95,15 @@ $exit_val = system( ); ok( $exit_val, 0 ); -## TEST READ WITH PERM WATCH PERMSISSIONS -# Should be able to set read and perm watch -$exit_val = system( +if ($fanotify_support) { + + ## TEST READ WITH PERM WATCH PERMSISSIONS + # Should be able to set read and perm watch + $exit_val = system( "runcon -t test_perm_read_watch_t $basedir/test_fanotify -p -r $basedir/watch_me 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); +} ## TEST NO WATCH PERMSISSIONS # Should NOT be able to set inotify watch @@ -86,45 +111,52 @@ $exit_val = system( "runcon -t test_no_watch_t $basedir/test_inotify $basedir/watch_me 2>&1"); ok($exit_val); # this should fail -# Should NOT be able to set any fanotify watch -$exit_val = system( - "runcon -t test_no_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail - -## TEST READ ONLY -# Should NOT be able to get read-write descriptor -$exit_val = system( - "runcon -t test_rdonly_t $basedir/test_fanotify -l $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail - -# Should be able to get read-write descriptor -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -l $basedir/watch_me 2>&1"); -ok( $exit_val, 0 ); - -## TEST MOUNT WATCHES -# Should NOT be able to set a watch on a mount point -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1"); -ok($exit_val); # this should fail - -# Should be able to set a watch on mount point -$exit_val = system( +if ($fanotify_support) { + + # Should NOT be able to set any fanotify watch + $exit_val = system( +"runcon -t test_no_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + ## TEST READ ONLY + # Should NOT be able to get read-write descriptor + $exit_val = system( +"runcon -t test_rdonly_t $basedir/test_fanotify -l $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + # Should be able to get read-write descriptor + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -l $basedir/watch_me 2>&1" + ); + ok( $exit_val, 0 ); + + ## TEST MOUNT WATCHES + # Should NOT be able to set a watch on a mount point + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1" + ); + ok($exit_val); # this should fail + + # Should be able to set a watch on mount point + $exit_val = system( "runcon -t test_mount_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); -# Should NOT be able to set a perm watch on a mount -$exit_val = system( + # Should NOT be able to set a perm watch on a mount + $exit_val = system( "runcon -t test_mount_watch_t $basedir/test_fanotify -m -p $basedir/watch_dir 2>&1" -); -ok($exit_val); # this should fail + ); + ok($exit_val); # this should fail -# Should be able to set a perm watch on a mount object -$exit_val = system( + # Should be able to set a perm watch on a mount object + $exit_val = system( "runcon -t test_mount_perm_t $basedir/test_fanotify -p -m $basedir/watch_dir 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); +} # Clean up test file system("rm -f $basedir/watch_me"); diff --git a/tests/notify/test_fanotify.c b/tests/notify/test_fanotify.c index bc3b4c3..fe89265 100644 --- a/tests/notify/test_fanotify.c +++ b/tests/notify/test_fanotify.c @@ -5,6 +5,7 @@ #include +#include #include #include #include @@ -12,7 +13,7 @@ void printUsage() { - fprintf(stderr, "Usage: test_fanotify [-p] [-r] [-l] [-m] file_name\n"); + fprintf(stderr, "Usage: test_fanotify [-p] [-r] [-l] [-m] [-c] file_name\n"); exit(1); } @@ -26,13 +27,14 @@ int main(int argc, char *argv[]) int mask = FAN_OPEN; // default mask int flags = FAN_MARK_ADD; int listening = 0; + int check = 0; // the -p flag will test for watch_with_perm // the mask used at mark will contain FAN_OPEN_PERM // // the -r flag will test for watching accesses to files for reads // the mask will contain FAN_ACCESS - while ((arg = getopt(argc, argv, "prlm")) != -1) { + while ((arg = getopt(argc, argv, "prlmc")) != -1) { switch (arg) { case 'p': mask |= FAN_OPEN_PERM; @@ -46,6 +48,9 @@ int main(int argc, char *argv[]) case 'm': flags |= FAN_MARK_MOUNT; break; + case 'c': + check = 1; + break; default: printUsage(); } @@ -53,6 +58,11 @@ int main(int argc, char *argv[]) // get file descriptor for new fanotify event queue fd = fanotify_init(FAN_CLASS_CONTENT, O_RDWR); + if (check) { + if (fd < 0 && errno == ENOSYS) + exit(ENOSYS); + exit(0); + } if (fd < 0) { perror("fanotify_init:bad file descriptor"); exit(1); From patchwork Mon Nov 18 15:02:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878737 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A32061C1F38 for ; Mon, 18 Nov 2024 15:03:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942197; cv=none; b=Oe8pje6UZyIxmbnFN59Thjv2Fbc6iG+KEoE7gb101qHBixpp5t5xI4U3HHIex82SCqMsu4/1d40/MrM1R1LUkqYIcKOjiPpZdHOcUY5Z2nEVUyLGJWBUjHcvKFKloJW96oRCzqntH+prd4w8BIUGkbWggqvHCt1FZeEklllfEFQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942197; c=relaxed/simple; bh=O5t9CC7M2FpZFt09N9hql0vJG2J4v0TF90ygs7BHoNM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IW8zHuu1n798q32H0D40pR01uWUohXs36SUQwEbBKxP2Wwo6MKHv5KsWIQsyleP6AOfSJNfcipOa0oxE/pOzk1oyNcC5uYsfRMklcTKBaDjVY849bqneaSC6EA7DWMmpmeS70Yg4QasV1Vk8Na2lZ6aKT/MkrEm17Gm0NkgxJbM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=ZLhKhIRd; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="ZLhKhIRd" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m1x/o9CZffdwrpSVGl+bTdGOg3OLyn8xj4otoBjdY8Y=; b=ZLhKhIRdzOKqcw4DnCI7KbTj1B3tUixm84PFjujfVm2cc1Bq+Ymk+5BEJYGakXIGXsoWmX bcWTGrFphk2myv+rgYODBcyd5dWH3PBEG+5UC2ZofcYU+Dn63wa3d6YDzGwGTX6M++m14x 0egxB77NvU2XGrF5H0YolMksPDwC0l77RLiFqzIYxoLuyzYSxiULsJ3WS35kiCdCcuQmJE n3m48UKGl2uxIjOJn8j6CLThDgp96YU79ry6PXzRd/FBLuVDYBSW1uq30kw0mKf9mc5b77 Ts2yRApZh9sSZ579UkOwP9IMe89bDbcaXOJVOC00tZSMeNnYxQHZeDX1vla/WA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled Date: Mon, 18 Nov 2024 16:02:31 +0100 Message-ID: <20241118150256.135432-10-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/extended_socket_class/test | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/tests/extended_socket_class/test b/tests/extended_socket_class/test index 1e6299f..f85243a 100755 --- a/tests/extended_socket_class/test +++ b/tests/extended_socket_class/test @@ -3,10 +3,11 @@ use Test; BEGIN { - $test_count = 6; + $test_count = 4; $test_bluetooth = 0; $test_sctp = 0; $test_smc = 0; + $test_alg = 0; # check if SCTP is enabled if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) { @@ -26,6 +27,12 @@ BEGIN { $test_smc = 1; } + # check if ALG is supported + if ( system("modprobe af_alg 2>/dev/null") eq 0 ) { + $test_count += 2; + $test_alg = 1; + } + plan tests => $test_count; } @@ -127,17 +134,20 @@ if ($test_bluetooth) { ok($result); } -# Verify that test_alg_socket_t can create a Crypto API socket. -$result = system( +if ($test_alg) { + + # Verify that test_alg_socket_t can create a Crypto API socket. + $result = system( "runcon -t test_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" -); -ok( $result, 0 ); + ); + ok( $result, 0 ); -# Verify that test_no_alg_socket_t cannot create a Crypto API socket. -$result = system( + # Verify that test_no_alg_socket_t cannot create a Crypto API socket. + $result = system( "runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" -); -ok($result); + ); + ok($result); +} if ($test_smc) { From patchwork Mon Nov 18 15:02:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878736 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A31AB1C1F37 for ; Mon, 18 Nov 2024 15:03:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942197; cv=none; b=NJ+IJtpTISXqTo3WCF3XLhNcM154ynr58xRSFBV/sLrEsFCQ10cfsal2us2JjsI2tE540nlRsh+6ptV9ZTDm9yP9Hq6/AJqOwWB0uYdaatdsrvEeS/X0fRXUMFLXRrSG2mc8UmJqzr4EHuPF4g89R9YgiKgkdXjK0dCEkaNei1c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942197; c=relaxed/simple; bh=M5wVKuHBrGr812ut/qyxtniOT6QxwmVEZipXmMTKKqk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=L19kUMsACosQPH1nQn5gpGW18/iJQchgynnGSiCUxKbf2MAeD264Amu6a0yX6IYbXjhJZt+ALmSSH4Y5l9kVcG7VWWXndg2/OOIlugcgTT9Bxe3w2HhZf93e4Lb97nVMYQ1ZxZvJ0prqzH+wC4as8tuHDNeX7tTeaj4VBB7pgBs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=DF9Ds2hb; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="DF9Ds2hb" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/bzOx7Nnpr7CVMCBMAfokORsD3C2E8LRw7oes6P+zc4=; b=DF9Ds2hbop753a6/hNpKiP+7325lSb1XmKFyoWZX84zlsvu8MiL5eeYKRM7cIdUEkR23Kx HO1cKH0rCpR0ZGtlsW8aFkLtCyPoUHhhHXV16Na8Ddt3P5+BTdvfJcrDLfB32MjMwnUHtZ 0ESIqzVkxkR9xH6K0hiIN5I90unnuwTucp6nATA1GbsDYWWKMRLRz+iQ9M5Xo2xQ6szY/J lwl27zUd3Fcgrv2aVvEKKXcmhnNB0fXjlG7+MOqUFzjw/AVlPuJtwPvs3imUBVyyiXPmao xsj1iT8Q9/hymz2xMBwS7Fu2y6EFKE4ebsvQd5s3M0m/YgLr7u2mdHYHsX1kAw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 10/17] tests/tun_tap: skip if not supported Date: Mon, 18 Nov 2024 16:02:32 +0100 Message-ID: <20241118150256.135432-11-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/tun_tap/test | 10 +++++++++- tests/tun_tap/tun_common.c | 2 +- tests/tun_tap/tun_tap.c | 10 +++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/tests/tun_tap/test b/tests/tun_tap/test index 3daf2eb..87956c5 100755 --- a/tests/tun_tap/test +++ b/tests/tun_tap/test @@ -16,7 +16,15 @@ BEGIN { $v = " "; } - plan tests => 14; + $result = system("runcon -t test_tun_tap_t $basedir/tun_tap $v -c 2>&1"); + + # check for TUN/TAP support - ENOENT + if ( $result >> 8 eq 2 ) { + plan skip_all => "No TUN/TAP support"; + } + else { + plan tests => 14; + } } ############ Test tun_socket TUN ############# diff --git a/tests/tun_tap/tun_common.c b/tests/tun_tap/tun_common.c index 9a3c5de..86e41df 100644 --- a/tests/tun_tap/tun_common.c +++ b/tests/tun_tap/tun_common.c @@ -5,7 +5,7 @@ int open_dev(int *fd, char *test_str, bool verbose) char *tun_dev = "/dev/net/tun"; *fd = open(tun_dev, O_RDWR); - if (fd < 0) { + if (*fd < 0) { fprintf(stderr, "Failed to open device: %s\n", strerror(errno)); return errno; diff --git a/tests/tun_tap/tun_tap.c b/tests/tun_tap/tun_tap.c index a3db6c9..c1b8590 100644 --- a/tests/tun_tap/tun_tap.c +++ b/tests/tun_tap/tun_tap.c @@ -5,6 +5,7 @@ static void print_usage(char *progname) fprintf(stderr, "usage: %s [-p] [-s ] [-v]\n" "Where:\n\t" + "-c Check if TUN/TAP features are available.\n\t" "-p Test TAP driver, default is TUN driver.\n\t" "-s If -v, then show TUN/TAP Features.\n\t" "-v Print information.\n", progname); @@ -16,14 +17,17 @@ int main(int argc, char *argv[]) char *context, *test_str; int opt, result, fd, bit, count, test; unsigned int features, f_switch; - bool verbose = false, show = false; + bool verbose = false, show = false, check = false; struct ifreq ifr; test = IFF_TUN; test_str = "TUN"; - while ((opt = getopt(argc, argv, "psv")) != -1) { + while ((opt = getopt(argc, argv, "cpsv")) != -1) { switch (opt) { + case 'c': + check = true; + break; case 'p': test = IFF_TAP; test_str = "TAP"; @@ -52,7 +56,7 @@ int main(int argc, char *argv[]) /* Start TUN/TAP */ result = open_dev(&fd, test_str, verbose); - if (result != 0) + if (check || result != 0) exit(result); if (verbose && show) { From patchwork Mon Nov 18 15:02:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878739 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF2791C2304 for ; Mon, 18 Nov 2024 15:03:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942198; cv=none; b=N0/aZx7RRje3v6soG1e7yizfOA72PndHcO4GgHoXn9rDpXtfnpIpg5n/iQlVmcZW87HGb3sTQlaJx8IDlJtns8nk/vP9hpibKzhDqHdUAIflBgf13AvuHxlkMbDJ73tqyDsf4j0nO2JxhfFz9Ve84w7P8cWPHN7wiUk728E8SWk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942198; c=relaxed/simple; bh=h1M2u0m6G1MIc04LpAa9NOpyaxz0F9ikzwss0o8Bz5g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=E9cTt5OPmvYDNVUvCbx6PpYmN4m0fK9z90tLxkrpcygOITVu6epIMO8vcJTL8UFkXZu2xax65E/u4PRr11C7aL1KBV4JM99Ng60IvaqTll1S4RPWAEqhr3+Khq6IQU4HtICE40i9NXsBy0Y+Zjcn8huk5s+IVIScxQtMgiDAorA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=Vwb3erst; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="Vwb3erst" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hi3vhawF/IYimFHeJeTkmuepcqDCrm/RvH8JkI/8nr0=; b=Vwb3erst8k7P2OvBBlzy+TivbA/bQVYRfmrx9sM3oeYXvB3ibih+v8RTRnxbqm6bKBzIsN Svnyzlss1pzjeaoOqbjqHd27ag3uuRElUlk8/Txs+aMSmUFec46/58gRzu9zznMftivIjf zcOncLKUn22zIbTCNegdvoxhme6wuVT6X/37SfpfzpJHOFV9WvtwxlvybFph9RUT06l8xI f34YWxbwaAk5gEBCceWjjAIhATTsucq1s0SXvFunvrwY4zLMF2MTSViATCE8myqE9sTBiZ JIhzhvXPDy+IXTG1ps5Glu41NBD3QJiiIaayZib58bYBdPrortZ9Ci3qh2t2MA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 11/17] tests/inet_socket: skip mptcp if not supported Date: Mon, 18 Nov 2024 16:02:33 +0100 Message-ID: <20241118150256.135432-12-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Also fix a typo in the unknown protocol case. Signed-off-by: Christian Göttsche --- tests/inet_socket/test | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/inet_socket/test b/tests/inet_socket/test index 08c7b1d..71bc7dd 100755 --- a/tests/inet_socket/test +++ b/tests/inet_socket/test @@ -9,6 +9,9 @@ BEGIN { $proto = basename($basedir); if ( $proto eq "tcp" or $proto eq "mptcp" ) { + if ( $proto eq "mptcp" && system("modprobe mptcp 2>/dev/null") ne 0 ) { + plan skip_all => "protocol mptcp not supported"; + } $is_stream = 1; $fail_value1 = 5; $fail_value2 = 5; @@ -21,7 +24,7 @@ BEGIN { $test_count = 11; } else { - plan skip => "unknown protocol name \'$proto\'"; + plan skip_all => "unknown protocol name \'$proto\'"; } $test_ipsec = 0; From patchwork Mon Nov 18 15:02:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878738 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0CCE1C230E for ; Mon, 18 Nov 2024 15:03:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942197; cv=none; b=uRKKCV4ebd9MfXiV2Q+pE3axkMvj7upKBqkTsZqfFXiAnuxcio/xlpFsmvdht1clkcN/Gz+akCJMW/aKW86ocpvxvPjyVDGEdE1a8hM79Whjgc2QTJxSTNCzo8euUmrMDZtaFf1krjAOOfmv7P3xHzjH/QbXu2ocL7xG14S6eTs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942197; c=relaxed/simple; bh=qn66shCH8fMVqd6lI8x2JwAV19hPOKt/jfYDsArJqDY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qL2GNMbqwTtvYr502Q775XIrUAyb5ASo7FqJEt2uVfVxURw1i20Xb5bJ2eI5ps2IIbJCymOENDYqkKSd59WJCq9UqKHclUM5NIT3j6A6qt3NDBGglVoX7oHXpxzfd9K2RjSAX222QFSXZogjeE/WbhL1dnaMVoiS/jfNO3cbBXg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=NB4mlZ8W; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="NB4mlZ8W" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HFxMi7KbFK+ca8mjranagTa6Yxcu2vho3L0vM1umt5Y=; b=NB4mlZ8WMIC8/mKYAgwMsMfP4vhoVdolisV53330KSoEn6BMvRtDaHcg30z5hzZoAGuUS+ WwxULkeFfvUI7UIko5mjrGmBx6vznVU7vvp1/qIkSr/fgstsuKzB0HjR7M1uOupOLjbkws zy/wrayVbcHxKjGwEmlxLAtgFE95ag+bHcyhvsRhkIZ9H00j6rAKmDpKwyfOzdfBx4BH16 hA5XV0vpXpgXp9gqFVG2l55MPrvMx5nn3wi4J22eW4/Hqzjt7/kSuDuSGel4rOXzPjPi01 1Z7mfUZmGn4VuigjsAngmaYsyK0V4YYfjdXx+Mpgouu0pp98lG+ScrVXSE7pRA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 12/17] tests/filesystem: improve fsnotify check and preload loop module Date: Mon, 18 Nov 2024 16:02:34 +0100 Message-ID: <20241118150256.135432-13-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche fsnotify support might be missing from the running kernel. Pre-load the loop module to ensure creating a loop device succeeds. Signed-off-by: Christian Göttsche --- tests/filesystem/Filesystem.pm | 2 +- tests/filesystem/test | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/filesystem/Filesystem.pm b/tests/filesystem/Filesystem.pm index f169464..ab5db31 100644 --- a/tests/filesystem/Filesystem.pm +++ b/tests/filesystem/Filesystem.pm @@ -15,7 +15,7 @@ sub check_config { $watch = 0; $result = `$base/../kvercmp $kvercur $kverminstream`; - if ( $result > 0 && -e $fanotify_fs ) { + if ( $result > 0 && -e $fanotify_fs && -d "/proc/sys/fs/fanotify/" ) { $watch = 1; $tst_count += 11; } diff --git a/tests/filesystem/test b/tests/filesystem/test index a7d8b24..c12fed2 100755 --- a/tests/filesystem/test +++ b/tests/filesystem/test @@ -176,6 +176,9 @@ ok( $result >> 8 eq 13 ); system("rm -rf $basedir/mntpoint 2>/dev/null"); +# Preload module +system("modprobe loop 2>/dev/null"); + ############### Test Basic Mount/Unmount ########################## mk_mntpoint_1($private_path); From patchwork Mon Nov 18 15:02:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878740 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DB231C3033 for ; Mon, 18 Nov 2024 15:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942198; cv=none; b=GRXEiv0E8v+8Rz3J+mHl+scFZDlEbyZYCYdpAiAGFXKFfBVwm6Vm6Dbud8J3nT1gtcEWB1ZE2zKr4RkCH/hxYAKqxFmQwGF36z5uA1xGIaSvHsbXvAsquitC+3XXVl/L6P8b/VrRXi24U2e9HM10ml0RnbMmCHkogy4cXDT+q8s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942198; c=relaxed/simple; bh=raoDcVNtzrIvrLDJsiPnjEE+u/CiKjv8xnMHBULvPmE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AlwyotJA0oz8oabCO4hmJTk+M6POT4F/dxWV/5OgpW+/MWDN8oehj6+4chp++eu+GebYFXlD9o3dVaQMQAjqWCwMux4gyx5HlnHh2X0dwRpYitj/vhK2AYBo/WwX5cL3BewSULaH9ZyjfY8vOk9+2dzsAM2zlBBRcstHOG9pvXM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=LzTUHlrI; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="LzTUHlrI" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Pq/cAdlDKH+alQicJ/sW3t1bVgLumUnYH1N46P13ZM=; b=LzTUHlrIHjpLE+Qcy4sb0Ylb7j4rlDr7mrxvArDT09ujFX673KOHZJolWZb08fPIUuT+aO Q3gNNe7XwnVrb3O7CexScLGTs3Lit/sbW5Ch2YEKuGLec9LstODgLa9nIeD88DZvsJTysQ GAQCkTMdosohGSlySBC9Ohh7dW9YwFdoKh4ONb5R7cDzR1TQDHiy5fwfGwd0GCCBd9cAu2 DgtjQff3NdqkaDeuroRj02hJkYpXGuskZwccQEipWm75agGvcnyg7Z0YiFldtXoTyVHv55 1Nlecx17jBmw9iDT3QqluKI+6kqGunuujnF+wOq+RqsP0+PgumWQXw+sh9uE4A== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 13/17] defconfig: enable CONFIG_XFRM_USER Date: Mon, 18 Nov 2024 16:02:35 +0100 Message-ID: <20241118150256.135432-14-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Required for inet_socket/tcp checks. Signed-off-by: Christian Göttsche --- defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/defconfig b/defconfig index b2d4a90..b86a1dc 100644 --- a/defconfig +++ b/defconfig @@ -10,6 +10,7 @@ CONFIG_SECURITY_SELINUX=y # For testing of labeled IPSEC, NetLabel, and SECMARK functionality. # Not strictly required for basic SELinux operation. CONFIG_SECURITY_NETWORK_XFRM=y +CONFIG_XFRM_USER=y CONFIG_NETLABEL=y CONFIG_IP_NF_SECURITY=m CONFIG_INET_XFRM_MODE_TRANSPORT=m From patchwork Mon Nov 18 15:02:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878741 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DAD31AC43E for ; Mon, 18 Nov 2024 15:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942198; cv=none; b=i6sAKzaJZobY6Xm3GRYoRaqAb1yfVfvCS7xGm8ib/LECqd50uSI58STVSg/MNIZDbDFF90QKxwToGqEBUL1AOZk4F1cDP65Yn2XZsF/BZIcFDYelvz2YYwwezSly2IHii9SBvnPWshC+dkH7rAPwLdGM+F6B6i5Nc0iGo7Zht3o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942198; c=relaxed/simple; bh=lM+ZScOj5Tjj6XXQIUc4ZJ3GnQ51mrZ/8teTHsk4XEM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aNe4duSW4NuNzTs+H+1AHvER7aIB9WV6RUK1zFTftqSwGHBTdo3N3+8t7uCyq7vQPcxAWUJnhGB8EavPXPCuFGFdJ2ofwkIZ8FzLv3/lilGvR/UGFO4WRb0XOiQuR8FYBAOIUGtnbwHQq+CvxwkUvJxGhIfEUioJcs1lBvx5ah4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=K9vfuDPJ; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="K9vfuDPJ" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5owB1v4vLBgaIEwL/4Wm8J7xWvTQcPJA9UH3H0SyVWQ=; b=K9vfuDPJaDvbVsCwdBhUfZrqRdLWWhg8Cs+YRvgYvbFqW//UCdcuvbalbURyQBFqz+mDsj dzrE4K7NG7ldoLT30Vam5WZdZAOplWCPWvQeMz2pw/HqvyL1PA7jS5rhjRVTaPyjGNxl4Z ljPWYVWNZXqpt/HMhK/ow/VjFa7iNKvy03qFQ1I6753+8uGny6ZyOHZY+pvKyMkNhacbE/ IAKutIofxrlZhh/IZ7OSGGNXhVSdJhUYW+VylOydwujcXzxYd8PIX/PV0YQ8l1QCDquu6L 33FeD+UmeLbZpiGoAZe6L+CLTN05had/khB1/buywEXfxCqUIQKEsH0AVZibnw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG Date: Mon, 18 Nov 2024 16:02:36 +0100 Message-ID: <20241118150256.135432-15-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Required for netlink_socket tests. Signed-off-by: Christian Göttsche --- defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/defconfig b/defconfig index b86a1dc..d4100c0 100644 --- a/defconfig +++ b/defconfig @@ -20,6 +20,9 @@ CONFIG_INET6_AH=m CONFIG_CRYPTO_SHA1=m # used for testing, could be updated if desired CONFIG_NETWORK_SECMARK=y CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_MATCH_STATE=m From patchwork Mon Nov 18 15:02:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878745 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15E331C230E for ; Mon, 18 Nov 2024 15:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942200; cv=none; b=DcxDaSuTSs8C72P67q1Hwmo573Z+apiHkLm30NNtrgsBk3Zg62VW8JiblpRf3zKiEPrzErSk6N/Hj63k3Xb0MDdwy+Ki71sMATwgsFxYzAh4dH4iieMTSneXoVQrNNmLs2vktzxYFqvSA82Dz48lvlNklaKanPXg/EcP4vJGZ4s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942200; c=relaxed/simple; bh=tEpf1BnOJ8Zy92CVQQ5UvWLVvZaRUGA3LpjyS2sg8Ws=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TJLl5kxuvhPaUoXxmhsqTWJKoqb1ErAvcCdyuNZX22mxN7zOkerNYbSOll1v4FSuQ0OonMkZuKu98UHKMW4qC3kbl68wkom5pLSuR30w2vh8yfyxfwh0U+cdRA64B4A37D/NzlD3QisXVu8MceDCK41jnyVRX4Sny7XbR/3QULA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=Zuch6llh; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="Zuch6llh" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NA+0OLOMurSuoC9pbDuxEz9JNJh6P5gAaH7nIkSniRg=; b=Zuch6llhcDrg3xvQ/L/28aIfRb8w4XrSIdiFfIJY+mvz1aGf1L03m1iJP6yFKAPsK2IOxk p43Ikjmhpe0qJe39t+2NOY9dj6O8n9yYjyBBLlTbvZrm1vYKPl0Dn7jYx0lNq+koLYtfEf +0x1ZlQe0UIb/SSfxxDTxUbl6JTJ+CPMPq7a3sCXHGRqTfXOcIcgG3LPnFaP0hkfp5ZVu8 wqQfMIa4S7obkGYHt1QWGWfQUsnIabmCcoMljyyxm7UGXPIeCnRyDLmisXHDhntmAS01LE o+aR5yGHUZTGhsgrK04lyFVzwWueAGXE/6PLriFSmuBxkICr8EytK8vvM6JCyw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 15/17] tests: test code tweaks Date: Mon, 18 Nov 2024 16:02:37 +0100 Message-ID: <20241118150256.135432-16-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Be more cautious on unexpected failures and input: binder Avoid returning garbage value from binder_parse() in case of an unexpected (impossible?) empty buffer. Store create_bpf_*() results temporarily in an int to actually perform the error checks (they are currently no-ops on unsigned). bpf Initialize variable in case the program gets called without the associated option. cap_userns Use appropriate types and casts to avoid implicit conversions. execshare Avoid use of void pointer arithmetic. fdreceive Do not call non async-safe exit(3) in signal handler. Drop dead assignment. filesystem Initialize variables in case the programs get called without the associated options. inet_socket/unix_socket Declare usage() as noreturn to help compilers avoid issuing inaccurate warnings. inherit Use a large enough buffer for a potential huge PID. key_socket Avoid comparison of signed with unsigned integer. module_load Correctly check for an open(2) failure. nnp_nosuid Check if wait(2) succeeded before checking the child status. notify Check if opening file was successful. Use appropriate type for read(2) return value. prlimit Set all members of the new limit structure. sctp Use appropriate iterator type. Signed-off-by: Christian Göttsche --- tests/binder/client.c | 2 +- tests/binder/manager.c | 2 +- tests/binder/service_provider.c | 12 +++++++----- tests/bpf/bpf_test.c | 2 +- tests/cap_userns/userns_child_exec.c | 6 +++--- tests/execshare/parent.c | 2 +- tests/fdreceive/server.c | 3 +-- tests/filesystem/fs_relabel.c | 2 +- tests/filesystem/grim_reaper.c | 2 +- tests/inet_socket/bind.c | 1 + tests/inet_socket/connect.c | 1 + tests/inherit/parent.c | 2 +- tests/key_socket/key_sock.c | 2 +- tests/module_load/init_load.c | 2 +- tests/nnp_nosuid/execnnp.c | 2 +- tests/notify/test_fanotify.c | 8 ++++++-- tests/prlimit/parent.c | 2 ++ tests/sctp/sctp_common.c | 4 ++-- tests/unix_socket/client.c | 1 + tests/unix_socket/server.c | 1 + tests/unix_socket/socketpair.c | 1 + 21 files changed, 36 insertions(+), 24 deletions(-) diff --git a/tests/binder/client.c b/tests/binder/client.c index 4965563..220d37a 100644 --- a/tests/binder/client.c +++ b/tests/binder/client.c @@ -231,7 +231,7 @@ static void extract_handle_and_acquire(int fd, static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/binder/manager.c b/tests/binder/manager.c index 8e5f446..f7f1723 100644 --- a/tests/binder/manager.c +++ b/tests/binder/manager.c @@ -156,7 +156,7 @@ static void reply_with_handle(int fd, struct binder_transaction_data *txn_in) static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/binder/service_provider.c b/tests/binder/service_provider.c index 97c59dd..1e6b490 100644 --- a/tests/binder/service_provider.c +++ b/tests/binder/service_provider.c @@ -76,14 +76,16 @@ static void request_service_provider_fd(int fd, break; #if HAVE_BPF case BPF_MAP_FD: - obj.fd = create_bpf_map(); - if (obj.fd < 0) + result = create_bpf_map(); + if (result < 0) exit(70); + obj.fd = result; break; case BPF_PROG_FD: - obj.fd = create_bpf_prog(); - if (obj.fd < 0) + result = create_bpf_prog(); + if (result < 0) exit(71); + obj.fd = result; break; #else case BPF_MAP_FD: @@ -122,7 +124,7 @@ static void request_service_provider_fd(int fd, static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/bpf/bpf_test.c b/tests/bpf/bpf_test.c index 3c6a29c..f43440a 100644 --- a/tests/bpf/bpf_test.c +++ b/tests/bpf/bpf_test.c @@ -20,7 +20,7 @@ int main(int argc, char *argv[]) enum { MAP_FD = 1, PROG_FD - } bpf_fd_type; + } bpf_fd_type = -1; while ((opt = getopt(argc, argv, "mpv")) != -1) { switch (opt) { diff --git a/tests/cap_userns/userns_child_exec.c b/tests/cap_userns/userns_child_exec.c index bfff944..a7ad7bb 100644 --- a/tests/cap_userns/userns_child_exec.c +++ b/tests/cap_userns/userns_child_exec.c @@ -89,8 +89,8 @@ usage(char *pname) static void update_map(char *mapping, char *map_file) { - int fd, j; - size_t map_len; /* Length of 'mapping' */ + int fd; + size_t j, map_len; /* Length of 'mapping' */ /* Replace commas in mapping string with newlines */ @@ -106,7 +106,7 @@ update_map(char *mapping, char *map_file) exit(EXIT_FAILURE); } - if (write(fd, mapping, map_len) != map_len) { + if (write(fd, mapping, map_len) != (ssize_t)map_len) { fprintf(stderr, "ERROR: write %s: %s\n", map_file, strerror(errno)); exit(EXIT_FAILURE); diff --git a/tests/execshare/parent.c b/tests/execshare/parent.c index db2e127..a0e815b 100644 --- a/tests/execshare/parent.c +++ b/tests/execshare/parent.c @@ -43,7 +43,7 @@ int main(int argc, char **argv) perror("malloc"); exit(-1); } - clone_stack = page + pagesize; + clone_stack = (unsigned char *)page + pagesize; rc = getcon(&context_tmp); if (rc < 0) { diff --git a/tests/fdreceive/server.c b/tests/fdreceive/server.c index ff91532..bbe1c63 100644 --- a/tests/fdreceive/server.c +++ b/tests/fdreceive/server.c @@ -9,7 +9,7 @@ #include char my_path[1024]; -#define CLEANUP_AND_EXIT do { unlink(my_path); exit(1); } while (0) +#define CLEANUP_AND_EXIT do { unlink(my_path); _exit(1); } while (0) void handler(int sig) { @@ -43,7 +43,6 @@ int main(int argc, char **argv) } sun.sun_family = AF_UNIX; - sunlen = sizeof(struct sockaddr_un); strcpy(sun.sun_path, argv[2]); sunlen = strlen(sun.sun_path) + 1 + sizeof(short); strcpy(my_path, sun.sun_path); diff --git a/tests/filesystem/fs_relabel.c b/tests/filesystem/fs_relabel.c index 4daf70c..229fcb5 100644 --- a/tests/filesystem/fs_relabel.c +++ b/tests/filesystem/fs_relabel.c @@ -27,7 +27,7 @@ int main(int argc, char **argv) { int opt, result, save_err; const char *newcon; - char *context, *fs_con = NULL, *base_dir, *type; + char *context, *fs_con = NULL, *base_dir = NULL, *type = NULL; char fs_mount[PATH_MAX]; bool verbose = false; context_t con_t; diff --git a/tests/filesystem/grim_reaper.c b/tests/filesystem/grim_reaper.c index 340546a..167441d 100644 --- a/tests/filesystem/grim_reaper.c +++ b/tests/filesystem/grim_reaper.c @@ -26,7 +26,7 @@ int main(int argc, char *argv[]) size_t len; ssize_t num; int opt, index = 0, i, result = 0; - char *mount_info[2], *buf = NULL, *item, *tgt; + char *mount_info[2], *buf = NULL, *item, *tgt = NULL; bool verbose = false; while ((opt = getopt(argc, argv, "t:v")) != -1) { diff --git a/tests/inet_socket/bind.c b/tests/inet_socket/bind.c index 389ca20..51dae02 100644 --- a/tests/inet_socket/bind.c +++ b/tests/inet_socket/bind.c @@ -12,6 +12,7 @@ #define IPPROTO_MPTCP 262 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, "usage: %s protocol port\n", progname); diff --git a/tests/inet_socket/connect.c b/tests/inet_socket/connect.c index e2d02da..c4defa6 100644 --- a/tests/inet_socket/connect.c +++ b/tests/inet_socket/connect.c @@ -15,6 +15,7 @@ #define IPPROTO_MPTCP 262 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, "usage: %s protocol port\n", progname); diff --git a/tests/inherit/parent.c b/tests/inherit/parent.c index d37bcfe..c218b42 100644 --- a/tests/inherit/parent.c +++ b/tests/inherit/parent.c @@ -66,7 +66,7 @@ int main(int argc, char **argv) fprintf(stderr, "%s: out of memory\n", argv[0]); exit(-1); } - childargv[1] = malloc(6); + childargv[1] = malloc(11); if (!childargv[1]) { fprintf(stderr, "%s: out of memory\n", argv[0]); exit(-1); diff --git a/tests/key_socket/key_sock.c b/tests/key_socket/key_sock.c index 29beb0e..3333fa0 100644 --- a/tests/key_socket/key_sock.c +++ b/tests/key_socket/key_sock.c @@ -111,7 +111,7 @@ int main(int argc, char *argv[]) r_msg.sadb_msg_type != w_msg.sadb_msg_type || r_msg.sadb_msg_satype != w_msg.sadb_msg_satype || r_msg.sadb_msg_seq != w_msg.sadb_msg_seq || - r_msg.sadb_msg_pid != getpid()) { + (pid_t)r_msg.sadb_msg_pid != getpid()) { fprintf(stderr, "Failed to read correct sadb_msg data:\n"); fprintf(stderr, "\tSent - ver: %d type: %d sa_type: %d seq: %d pid: %d\n", w_msg.sadb_msg_version, w_msg.sadb_msg_type, diff --git a/tests/module_load/init_load.c b/tests/module_load/init_load.c index 0422c19..821c4bd 100644 --- a/tests/module_load/init_load.c +++ b/tests/module_load/init_load.c @@ -52,7 +52,7 @@ int main(int argc, char *argv[]) } fd = open(file_name, O_RDONLY); - if (!fd) { + if (fd < 0) { fprintf(stderr, "Failed to open %s: %s\n", file_name, strerror(errno)); exit(-1); diff --git a/tests/nnp_nosuid/execnnp.c b/tests/nnp_nosuid/execnnp.c index 78b5ab5..b4e4928 100644 --- a/tests/nnp_nosuid/execnnp.c +++ b/tests/nnp_nosuid/execnnp.c @@ -67,7 +67,7 @@ int main(int argc, char **argv) } pid = wait(&status); - if (WIFEXITED(status)) { + if (pid >= 0 && WIFEXITED(status)) { if (WEXITSTATUS(status) && nobounded) { printf("%s: Kernels < v3.18 do not support bounded transitions under NNP.\n", argv[0]); diff --git a/tests/notify/test_fanotify.c b/tests/notify/test_fanotify.c index fe89265..c771a8d 100644 --- a/tests/notify/test_fanotify.c +++ b/tests/notify/test_fanotify.c @@ -86,6 +86,10 @@ int main(int argc, char *argv[]) FILE *f; f = fopen(argv[optind], "r"); // open file for reading + if (!f) { + perror("test_fanotify:bad listen file"); + exit(1); + } fgetc(f); // read char from file fclose(f); @@ -100,9 +104,9 @@ int main(int argc, char *argv[]) if (fds.revents & POLLIN) { struct fanotify_event_metadata buff[200]; - size_t len = read(fd, (void *)&buff, sizeof(buff)); + ssize_t len = read(fd, (void *)&buff, sizeof(buff)); if (len == -1) { - perror("test_fanotify:can't open file"); + perror("test_fanotify:can't read file"); exit(1); } else { listening = 0; diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c index 649aecf..70daefb 100644 --- a/tests/prlimit/parent.c +++ b/tests/prlimit/parent.c @@ -138,12 +138,14 @@ int main(int argc, char **argv) newrlimp = &newrlim; if (soft) { newrlim.rlim_max = oldrlim.rlim_max; + newrlim.rlim_cur = oldrlim.rlim_cur; if (newrlim.rlim_cur == RLIM_INFINITY) newrlim.rlim_cur = 1024; else newrlim.rlim_cur = oldrlim.rlim_cur / 2; } else { newrlim.rlim_cur = oldrlim.rlim_cur; + newrlim.rlim_max = oldrlim.rlim_max; if (newrlim.rlim_max == RLIM_INFINITY) newrlim.rlim_max = 1024; else diff --git a/tests/sctp/sctp_common.c b/tests/sctp/sctp_common.c index d10225c..527cda3 100644 --- a/tests/sctp/sctp_common.c +++ b/tests/sctp/sctp_common.c @@ -105,9 +105,9 @@ void print_addr_info(struct sockaddr *sin, char *text) char *get_ip_option(int fd, bool ipv4, socklen_t *opt_len) { - int result, i; + int result; unsigned char ip_options[1024]; - socklen_t len = sizeof(ip_options); + socklen_t i, len = sizeof(ip_options); char *ip_optbuf; if (ipv4) diff --git a/tests/unix_socket/client.c b/tests/unix_socket/client.c index 093c319..eaf83ee 100644 --- a/tests/unix_socket/client.c +++ b/tests/unix_socket/client.c @@ -11,6 +11,7 @@ #include #include +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, diff --git a/tests/unix_socket/server.c b/tests/unix_socket/server.c index bd85e4c..1ec9db5 100644 --- a/tests/unix_socket/server.c +++ b/tests/unix_socket/server.c @@ -16,6 +16,7 @@ #define SCM_SECURITY 0x03 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, diff --git a/tests/unix_socket/socketpair.c b/tests/unix_socket/socketpair.c index d547d10..a9ac873 100644 --- a/tests/unix_socket/socketpair.c +++ b/tests/unix_socket/socketpair.c @@ -17,6 +17,7 @@ #define SCM_SECURITY 0x03 #endif +__attribute__((noreturn)) void print_usage(char *progname) { fprintf(stderr, From patchwork Mon Nov 18 15:02:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878743 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0C701C3052 for ; Mon, 18 Nov 2024 15:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942199; cv=none; b=qfIkhVadFJuOGsD7la/2m8VvbJM6EA5EUMcNBKSs0VgURE4z4Axo/VBvqCb0iGQnUdtDowYqXO6SFW3XavOw9YtJwFinPhkzaepblb3tZHCFI/RVQ0UdW5D+T7GYCAI1kvtdNjGRInrEsNnT4n85IOYCiw5onANNulZfggFivXE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942199; c=relaxed/simple; bh=nd5MJkWG/ikwWX3ChVFMCu5V9TU6m3Gt5ZpFcGzBShg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WRJSUDEYfe52lzHlbVGJ0IEmkXpuAbB9qNGXx1ToL2XTLVV9nnYU0GkTkUkzqm5ynubldjwBSskSqLksvfHVLtO14uYl4SEal/T2u0EE3nUVy3hYLeREyqQR2Kd09DMo5RcsUGhJimhnG/VUPgZc+gS5uFAuvjuE39VYRcx3wrk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=HmT+bwEK; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="HmT+bwEK" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942185; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n9Heze5wg91yc7ytY0iZxudFtT95Ni6upeAMd+kfodM=; b=HmT+bwEKr2J9SqLR+IivO8pa4zoE3gt8WNh6CuWNjREK/o8MrLgs8WJBbH+vxoDrDKxyLu FHzsK/27lkTMolEGgpk6hz/kM4MeFDl8kc94Yx+3Dm1A/BYpw8u3KfKzti/hjaDzWrwlMW xBRKkdEbP6OwC+cYry2YVyvb0OUTxgQd2B+mOdtTqbJfrB/DFtGCmaaRXeFcuHcY6O7EE9 5jf/Nb61m7azidKCogheJCpL+jCWBugiYfexxadZOhkazulbMdyU+OCB0JQkLmCgFJMRck aoCfncvVOJPvRBuaizQbrgggSTzWJhN0BsucLFfEdWt0LHQbUgT4ZRgcTkhcxg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 16/17] tests: fail on compiler warnings and enable Wextra Date: Mon, 18 Nov 2024 16:02:38 +0100 Message-ID: <20241118150256.135432-17-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Warnings issued by -Wall and -Wextra most of the time point to actual issues in the code. Treat the as error, so the resulting test run failure will be investigated and the issue handled. Signed-off-by: Christian Göttsche --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 35bb358..6af7651 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,7 +6,7 @@ INCLUDEDIR ?= $(PREFIX)/include SELINUXFS ?= /sys/fs/selinux FILESYSTEMS ?= ext4 xfs jfs vfat -export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE +export CFLAGS+=-g -O0 -Werror -Wall -Wextra -Wno-unused-parameter -D_GNU_SOURCE DISTRO=$(shell ./os_detect) SELINUXFS := $(shell cat /proc/mounts | grep selinuxfs | cut -f 2 -d ' ') From patchwork Mon Nov 18 15:02:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13878744 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 32DE61C32FE for ; Mon, 18 Nov 2024 15:03:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942199; cv=none; b=a1Kv26fQmfhYHKaiDJLPH7FCjKIc3b6t84X+lPjK+TszhwEa35G96Z/f7v5W4EsqbrDUmqrQF6+TQz1oh+3YHu2P2bANn8LhjcQCzU3YfgT1a7fTXUaxwmFlYlwllg2t3RWqaE47XXYyUbBSwJNW7yUFQg0EfPkC7B6pnBr6M6E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731942199; c=relaxed/simple; bh=roKxq2qm1HPTtoOTcINosgKYHpaNA7Wl9W9zlllPTXQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X2kzNmiBoYv6ueEXy4XXZpw+CKYY227h4yJBMdg3sbzQQiQzctiZ6Zj4mj2giL/HmfY90zNbzpS092YIvUF1feJ1dXHPuYiJa+V7BV6oxQlbToDw2XyqRqlvw3Q8jphXYNrmwqBHt5uSveDZHUNWXgPb2h2RC1bJBlc3dFWr7Uk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=sbQLdHs3; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="sbQLdHs3" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1731942186; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GHn0t7MjlNNT4OrnjFyCPZDnzh8LV2FSdCWuLEJKd1Y=; b=sbQLdHs3xwfXDbINiGhtifamE9t4jHR0IwJynJb40tN5wb60+80UNggBvIO//BN0C9dIh9 bYCWusoaSaDwGBptixn8u3rX5l2VXzWSg7i2Q1dPwQK82PimqekDlZo7frgJq1/HBKyE0w zBsA9Wqsml5XUaXJUjd310P7I/i9mhOZ6NuLUYZ1LATR4+pw19Etq1O1oqCU8tgeRZ6Dmq yVP9bkJdsBugDJbE6sjbETbiPACh+uc7RVbXmmivRt0dYDEXRAJBaaPQibgvp+1+sOgncQ amU3GEAp7QfO8cYBdQd2ElC5pn7zeflIxLYZriHvj4OxreBLMy+FrVWLreDU3w== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 17/17] tests: drop headers from Makefile dependencies Date: Mon, 18 Nov 2024 16:02:39 +0100 Message-ID: <20241118150256.135432-18-cgoettsche@seltendoof.de> In-Reply-To: <20241118150256.135432-1-cgoettsche@seltendoof.de> References: <20241118150256.135432-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Clang does not support header files included in the compile command: clang -g -O2 -Werror -Wall -Wextra -Wno-error=unused-parameter -D_GNU_SOURCE -DHAVE_BPF -DHAVE_FS_WATCH_PERM -DHAVE_BPF bpf_test.c bpf_common.c bpf_common.h -lselinux -lbpf -o bpf_test clang: error: cannot specify -o when generating multiple output files Signed-off-by: Christian Göttsche --- tests/binder/Makefile | 4 ++-- tests/bpf/Makefile | 2 +- tests/fdreceive/Makefile | 2 +- tests/keys/Makefile | 2 -- tests/tun_tap/Makefile | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/binder/Makefile b/tests/binder/Makefile index b89d4db..5c3a589 100644 --- a/tests/binder/Makefile +++ b/tests/binder/Makefile @@ -3,7 +3,7 @@ INCLUDEDIR ?= /usr/include TARGETS = check_binder client manager service_provider LDLIBS += -lselinux -lrt -DEPS = binder_common.c binder_common.h +DEPS = binder_common.c ifeq ($(shell test -e $(INCLUDEDIR)/linux/android/binderfs.h && echo true),true) CFLAGS += -DHAVE_BINDERFS @@ -11,7 +11,7 @@ TARGETS += check_binderfs endif ifneq (,$(findstring -DHAVE_BPF,$(CFLAGS))) - DEPS += ../bpf/bpf_common.c ../bpf/bpf_common.h + DEPS += ../bpf/bpf_common.c LDLIBS += -lbpf endif diff --git a/tests/bpf/Makefile b/tests/bpf/Makefile index 1ae8ce9..6b26ff9 100644 --- a/tests/bpf/Makefile +++ b/tests/bpf/Makefile @@ -1,5 +1,5 @@ TARGETS = bpf_test -DEPS = bpf_common.c bpf_common.h +DEPS = bpf_common.c LDLIBS += -lselinux -lbpf # export so that BPF_ENABLED entries get built correctly on local build diff --git a/tests/fdreceive/Makefile b/tests/fdreceive/Makefile index d9f8927..4b1fb8c 100644 --- a/tests/fdreceive/Makefile +++ b/tests/fdreceive/Makefile @@ -1,7 +1,7 @@ TARGETS = client server ifneq (,$(findstring -DHAVE_BPF,$(CFLAGS))) - DEPS = ../bpf/bpf_common.c ../bpf/bpf_common.h + DEPS = ../bpf/bpf_common.c LDLIBS += -lbpf endif diff --git a/tests/keys/Makefile b/tests/keys/Makefile index d9f36ff..d3793db 100644 --- a/tests/keys/Makefile +++ b/tests/keys/Makefile @@ -1,8 +1,6 @@ TARGETS = keyctl keyctl_relabel keyring_service request_keys LDLIBS += -lselinux -lkeyutils -$(TARGETS): keys_common.h - all: $(TARGETS) clean: diff --git a/tests/tun_tap/Makefile b/tests/tun_tap/Makefile index 11f5b03..f4b69d5 100644 --- a/tests/tun_tap/Makefile +++ b/tests/tun_tap/Makefile @@ -1,5 +1,5 @@ TARGETS = tun_tap tun_relabel -DEPS = tun_common.c tun_common.h +DEPS = tun_common.c LDLIBS += -lselinux all: $(TARGETS)