* [PATCH] Add creation of dev/mapper/control to nightly tests.
@ 2010-04-15 20:39 Dave Wysochanski
2010-04-15 22:15 ` Alasdair G Kergon
2010-04-16 0:58 ` Alasdair G Kergon
0 siblings, 2 replies; 4+ messages in thread
From: Dave Wysochanski @ 2010-04-15 20:39 UTC (permalink / raw)
To: lvm-devel
This works around a problem with using the /tmp directory for
the dev/mapper/control node. The failure I saw was this.
When LVM_TEST_DIR was rooted at /tmp/..., the first dmsetup
command would fail with this error:
/tmp/LVMTEST26998.J29FayOVWy/dev/mapper/control: matchpathcon 0020000 failed:
The second dmsetup command would always succeed though. Also,
when LVM_TEST_DIR was rooted at /root/..., this failure would not
occur.
I stepped through this in gdb and found that mknod was indeed
creating the control node correctly, however, matchpathcon
would fail. The reason it did not fail the second or subsequent
iterations of dmsetup is that the control node was already there,
and dmsetup does not try to set the selinux security context
in that case. One clue may be in the fact that it seems the
default security context for files in /tmp/... is <<none>>:
matchpathcon /root/LVMTEST26998.J29FayOVWy/dev/mapper/control
/root/LVMTEST26998.J29FayOVWy/dev/mapper/control system_u:object_r:admin_home_t:s0
matchpathcon /tmp/LVMTEST26998.J29FayOVWy/dev/mapper/control
/tmp/LVMTEST26998.J29FayOVWy/dev/mapper/control <<none>>
matchpathcon /tmp/LVMTEST26998.J29FayOVWy/dev/mapper/control
/tmp/LVMTEST26998.J29FayOVWy/dev/mapper/control <<none>>
matchpathcon /dev/mapper/control
/dev/mapper/control system_u:object_r:lvm_control_t:s0
I would imagine this is why the matchpathcon() call fails.
There may be a better fix for this but at this point for the
nightly tests we can create the 'control' node explicitly.
Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
---
test/test-utils.sh | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/test/test-utils.sh b/test/test-utils.sh
index c2755c6..92b5047 100644
--- a/test/test-utils.sh
+++ b/test/test-utils.sh
@@ -83,6 +83,8 @@ prepare_testroot() {
export LVM_SYSTEM_DIR=$TESTDIR/etc
export DM_DEV_DIR=$TESTDIR/dev
mkdir $LVM_SYSTEM_DIR $DM_DEV_DIR $DM_DEV_DIR/mapper $TESTDIR/lib
+ minor=`cat /proc/misc | grep device-mapper | awk '{print $1}'`
+ mknod $DM_DEV_DIR/mapper/control c 10 $minor
cd $TESTDIR
--
1.6.2.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] Add creation of dev/mapper/control to nightly tests.
2010-04-15 20:39 [PATCH] Add creation of dev/mapper/control to nightly tests Dave Wysochanski
@ 2010-04-15 22:15 ` Alasdair G Kergon
2010-04-16 0:58 ` Alasdair G Kergon
1 sibling, 0 replies; 4+ messages in thread
From: Alasdair G Kergon @ 2010-04-15 22:15 UTC (permalink / raw)
To: lvm-devel
On Thu, Apr 15, 2010 at 04:39:58PM -0400, Dave Wysochanski wrote:
> /tmp/LVMTEST26998.J29FayOVWy/dev/mapper/control: matchpathcon 0020000 failed:
So after creating the subdir in /tmp, set its selinux label to something more
appropriate.
Alasdair
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] Add creation of dev/mapper/control to nightly tests.
2010-04-15 20:39 [PATCH] Add creation of dev/mapper/control to nightly tests Dave Wysochanski
2010-04-15 22:15 ` Alasdair G Kergon
@ 2010-04-16 0:58 ` Alasdair G Kergon
2010-04-16 11:07 ` Dave Wysochanski
1 sibling, 1 reply; 4+ messages in thread
From: Alasdair G Kergon @ 2010-04-16 0:58 UTC (permalink / raw)
To: lvm-devel
On Thu, Apr 15, 2010 at 04:39:58PM -0400, Dave Wysochanski wrote:
> + minor=`cat /proc/misc | grep device-mapper | awk '{print $1}'`
> + mknod $DM_DEV_DIR/mapper/control c 10 $minor
Just to be clear, I don't want to see this hack enter the tree, and the problem
is in the machine's configuration, not the test scripts. At this stage we are
not trying to test the selinux policy through these scripts. Maybe we can
do that soon: I don't think it would be very hard to do.
If you enable selinux, then you abide by its restrictions.
If you really don't like the default policy (which sensibly doesn't let
you run tests like these in /tmp) you change it ('semanage fcontext' on
the top-level testing dir).
Alasdair
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] Add creation of dev/mapper/control to nightly tests.
2010-04-16 0:58 ` Alasdair G Kergon
@ 2010-04-16 11:07 ` Dave Wysochanski
0 siblings, 0 replies; 4+ messages in thread
From: Dave Wysochanski @ 2010-04-16 11:07 UTC (permalink / raw)
To: lvm-devel
On Fri, 2010-04-16 at 01:58 +0100, Alasdair G Kergon wrote:
> On Thu, Apr 15, 2010 at 04:39:58PM -0400, Dave Wysochanski wrote:
> > + minor=`cat /proc/misc | grep device-mapper | awk '{print $1}'`
> > + mknod $DM_DEV_DIR/mapper/control c 10 $minor
>
> Just to be clear, I don't want to see this hack enter the tree, and the problem
> is in the machine's configuration, not the test scripts. At this stage we are
> not trying to test the selinux policy through these scripts. Maybe we can
> do that soon: I don't think it would be very hard to do.
>
> If you enable selinux, then you abide by its restrictions.
> If you really don't like the default policy (which sensibly doesn't let
> you run tests like these in /tmp) you change it ('semanage fcontext' on
> the top-level testing dir).
>
Sure - I will work on a better patch.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-04-16 11:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-15 20:39 [PATCH] Add creation of dev/mapper/control to nightly tests Dave Wysochanski
2010-04-15 22:15 ` Alasdair G Kergon
2010-04-16 0:58 ` Alasdair G Kergon
2010-04-16 11:07 ` Dave Wysochanski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.