From: Alexey Kodanev <alexey.kodanev@oracle.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2 5/6] shell: Add tst_security.sh helper
Date: Wed, 12 Dec 2018 14:54:57 +0300 [thread overview]
Message-ID: <0fabb62a-e758-80f8-79e1-e3d4ccec7ede@oracle.com> (raw)
In-Reply-To: <20181207123516.30867-6-pvorel@suse.cz>
Hi Petr,
On 07.12.2018 15:35, Petr Vorel wrote:
> It prints info about AppArmor and SELinux and allows to disable it.
> This is due some false positives because improper usage or bugs
> in AppArmor profiles (e.g. traceroute, dnsmasq).
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
>
...
>
> - if [ "$TST_NEEDS_ROOT" = 1 ]; then
> + if [ "$TST_NEEDS_ROOT" = 1 ] || [ "$TST_DISABLE_APPARMOR" = 1 ] || [ "$TST_DISABLE_SELINUX" = 1 ]; then
> if [ "$(id -ru)" != 0 ]; then
> tst_brk TCONF "Must be super/root for this test!"
> fi
> fi
>
> + [ "$TST_DISABLE_APPARMOR" = 1 ] && tst_disable_apparmor
> + [ "$TST_DISABLE_SELINUX" = 1 ] && tst_disable_selinux
> +
> + if [ "$TST_SECURITY_WARN" = 1 ]; then
> + tst_apparmor_enabled && \
> + tst_res TINFO "AppArmor enabled, this may affect test results. Disable it with TST_DISABLE_APPARMOR=1 (requires super/root)"
> + tst_selinux_enabled && \
> + tst_res TINFO "SELinux enabled, this may affect test results. Disable it with TST_DISABLE_SELINUX=1 (requires super/root)"
> + fi
> +
> tst_test_cmds $TST_NEEDS_CMDS
Since it may not affect test results, I don't think we should complicate
the tests with TST_SECURITY_WARN parameter. The usage is not obvious either.
Whether the test used dnsmasq or ping, for example, can be obtained from
$TST_NEEDS_CMDS.
And it's better to write these messages only if the test fails, suggesting
to change configuration.
next prev parent reply other threads:[~2018-12-12 11:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-07 12:35 [LTP] [PATCH v2 0/6] DHCP tests and AppArmor/SELinux improvements Petr Vorel
2018-12-07 12:35 ` [LTP] [PATCH v2 1/6] net/dhcp: Rename setup & cleanup functions Petr Vorel
2018-12-07 12:35 ` [LTP] [PATCH v2 2/6] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel
2018-12-11 17:00 ` Petr Vorel
2018-12-07 12:35 ` [LTP] [PATCH v2 3/6] net/dhcp: Move print_dhcp_log() into dhcp library Petr Vorel
2018-12-07 12:35 ` [LTP] [PATCH v2 4/6] ver_linux: Print AppArmor and SELinux status Petr Vorel
2018-12-07 12:35 ` [LTP] [PATCH v2 5/6] shell: Add tst_security.sh helper Petr Vorel
2018-12-12 11:54 ` Alexey Kodanev [this message]
2018-12-13 17:38 ` Petr Vorel
2018-12-07 12:35 ` [LTP] [PATCH v2 6/6] net: Add security warning flag to some net tests Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0fabb62a-e758-80f8-79e1-e3d4ccec7ede@oracle.com \
--to=alexey.kodanev@oracle.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.