From: Petr Vorel <pvorel@suse.cz>
To: Andrea Cervesato <andrea.cervesato@suse.com>
Cc: ltp@lists.linux.it, linux-integrity@vger.kernel.org
Subject: Re: [LTP] [PATCH 1/2] tst_security.sh: Fix SELinux detection
Date: Mon, 17 Feb 2025 15:35:26 +0100 [thread overview]
Message-ID: <20250217143526.GA2402962@pevik> (raw)
In-Reply-To: <f8d6c3fd-7b1d-4d16-b034-a2b01f956870@suse.com>
Hi Andrea,
> Hi!
Thanks for your review, merged as a needed fix.
Kind regards,
Petr
> Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>
> On 2/17/25 14:08, Petr Vorel wrote:
> > Some SLES15 versions create /selinux directory which fails the detection
> > if SELinux is actually not enabled. Therefore detect if directory
> > actually contains the 'enforce' file.
> > Also drop /selinux directory detection and detect only /sys/fs/selinux,
> > /sys/fs/selinux mount point was added in kernel 3.0 in commit
> > 7a627e3b9a2b ("SELINUX: add /sys/fs/selinux mount point to put selinuxfs")
> > 14 years is enough, kernel 3.0 is not even supported in current LTP and
> > we don't even support /selinux in C API (tst_security.c).
> > Fixes: e7b804df65 ("shell: Add tst_security.sh helper")
> > Signed-off-by: Petr Vorel <pvorel@suse.cz>
> > ---
> > testcases/lib/tst_security.sh | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> > diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh
> > index 05640234ea..356c28fc73 100644
> > --- a/testcases/lib/tst_security.sh
> > +++ b/testcases/lib/tst_security.sh
> > @@ -127,8 +127,7 @@ tst_get_selinux_dir()
> > {
> > local dir="/sys/fs/selinux"
> > - [ -d "$dir" ] || dir="/selinux"
> > - [ -d "$dir" ] && echo "$dir"
> > + [ -f "$dir/enforce" ] && echo "$dir"
> > }
> > # Get SELinux enforce file path
prev parent reply other threads:[~2025-02-17 14:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-17 13:08 [PATCH 1/2] tst_security.sh: Fix SELinux detection Petr Vorel
2025-02-17 13:08 ` [PATCH 2/2] ima_selinux.sh: Detect SELinux before loading policy Petr Vorel
2025-02-17 13:26 ` [LTP] " Andrea Cervesato
2025-02-17 14:16 ` Petr Vorel
2025-02-17 13:47 ` Petr Vorel
2025-02-17 13:16 ` [LTP] [PATCH 1/2] tst_security.sh: Fix SELinux detection Andrea Cervesato
2025-02-17 14:35 ` Petr Vorel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250217143526.GA2402962@pevik \
--to=pvorel@suse.cz \
--cc=andrea.cervesato@suse.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox