From: Paul Moore <paul@paul-moore.com>
To: Jan Stancek <jstancek@redhat.com>
Cc: selinux@tycho.nsa.gov, sds@tycho.nsa.gov
Subject: Re: [selinux-testsuite PATCH 2/4] inet_socket: secon: use current pid
Date: Fri, 06 Nov 2015 13:07:53 -0500 [thread overview]
Message-ID: <8567804.nFH5H7f4bC@sifl> (raw)
In-Reply-To: <29545986657bf9e30f1e66630c20db84d22ed66d.1446805443.git.jstancek@redhat.com>
On Friday, November 06, 2015 02:07:22 PM Jan Stancek wrote:
> When running selinux-testsuite in automated environment,
> such as Beaker, stdin is usually /dev/null. This causes
> problem for inet_socket test:
> secon: Couldn't read security context: Inappropriate ioctl for device
>
> Signed-off-by: Jan Stancek <jstancek@redhat.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> tests/inet_socket/ipsec-load | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Looks good to me, merged.
> diff --git a/tests/inet_socket/ipsec-load b/tests/inet_socket/ipsec-load
> index ded6efb04722..b9d2c6e43544 100755
> --- a/tests/inet_socket/ipsec-load
> +++ b/tests/inet_socket/ipsec-load
> @@ -3,8 +3,8 @@ echo 0 > /proc/sys/net/ipv4/conf/lo/disable_xfrm
> echo 0 > /proc/sys/net/ipv4/conf/lo/disable_policy
> ip xfrm policy flush
> ip xfrm state flush
> -goodclientcon=`secon -u`:`secon -r`:test_inet_client_t:`secon -m`
> -badclientcon=`secon -u`:`secon -r`:test_inet_bad_client_t:`secon -m`
> +goodclientcon=`secon -u --pid $$`:`secon -r --pid
> $$`:test_inet_client_t:`secon -m --pid $$` +badclientcon=`secon -u --pid
> $$`:`secon -r --pid $$`:test_inet_bad_client_t:`secon -m --pid $$` ip xfrm
> state add src 127.0.0.1 dst 127.0.0.1 proto ah spi 0x200 ctx $goodclientcon
> auth md5 0123456789012345 ip xfrm state add src 127.0.0.1 dst 127.0.0.1
> proto ah spi 0x250 ctx $badclientcon auth md5 0123456789012345 ip xfrm
> policy add src 127.0.0.1 dst 127.0.0.1 proto tcp dir out ctx
> "system_u:object_r:test_spd_t:s0" tmpl proto ah mode transport level
> required
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2015-11-06 18:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-06 13:07 [selinux-testsuite PATCH 0/4] inet_socket and mmap patches Jan Stancek
2015-11-06 13:07 ` [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support Jan Stancek
2015-11-06 17:58 ` Paul Moore
2015-11-06 21:44 ` Jan Stancek
2015-11-19 21:04 ` Paul Moore
2015-11-06 13:07 ` [selinux-testsuite PATCH 2/4] inet_socket: secon: use current pid Jan Stancek
2015-11-06 18:07 ` Paul Moore [this message]
2015-11-06 13:07 ` [selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap Jan Stancek
2015-11-06 18:14 ` Paul Moore
2015-11-06 21:57 ` Jan Stancek
2015-11-16 9:46 ` [selinux-testsuite PATCH v2 " Jan Stancek
2015-11-19 20:46 ` Paul Moore
2015-11-06 13:07 ` [selinux-testsuite PATCH 4/4] mmap/mprotect_file_private_execmod: clear READ_IMPLIES_EXEC Jan Stancek
2015-11-06 18:25 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8567804.nFH5H7f4bC@sifl \
--to=paul@paul-moore.com \
--cc=jstancek@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.