From: James Czyzak <czyzak2@linux.vnet.ibm.com>
To: Shubham <shubham@linux.vnet.ibm.com>, ltp-list@lists.sourceforge.net
Cc: debora@linux.vnet.ibm.com
Subject: [LTP] [PATCH 1/1] fix ssh03 on system running mls policy
Date: Wed, 17 Aug 2011 16:38:45 -0500 [thread overview]
Message-ID: <4E4C34E5.1090702@linux.vnet.ibm.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1470 bytes --]
Modified ssh03 to unset TCtmp. On a system running the latest selinux
mls policy the call to tst_setup in the cmdlib.sh script with the TCtmp
variable still set with the TEST_USER directory will result in the
directory being created with the context of the logged in user (i.e.
administrator running the test
...staff_u:object_r:home_root_t:SystemLow) when the useradd is run
afterwords the directory will already exist but the context of directory
/home/ssh_user3 should be
user_u:object_r:user_home_dir_t:SystemLow-SystemHigh. Now when the test
is run to ssh login with the valid password the test will fail due to
not being able to change to the user directory which is caused by a
mismatched context. The unset of TCtmp will prevent this. This does not
appear to be detrimental to systems running with a targeted policy and
should have no ill affect systems not running selinux, although a test
could be placed around the unset to determine if selinux is running and
the mls policy is in use.
Signed-off-by James Czyzak <czyzak2@linux.vnet.ibm.com>
<mailto:czyzak2@linux.vnet.ibm.com>
diff --git a/testcases/network/tcp_cmds/ssh/ssh03
b/testcases/network/tcp_cmds/s
index 8fbca34..a75032c 100755
--- a/testcases/network/tcp_cmds/ssh/ssh03
+++ b/testcases/network/tcp_cmds/ssh/ssh03
@@ -42,7 +42,7 @@ do_setup()
TCtmp=/home/$TEST_USER
rm -Rf $TCtmp
-
+ unset TCtmp
tst_setup
exists expect ssh ssh03_s1 useradd userdel
[-- Attachment #1.2: Type: text/html, Size: 2113 bytes --]
[-- Attachment #2: Type: text/plain, Size: 332 bytes --]
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
[-- Attachment #3: Type: text/plain, Size: 155 bytes --]
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next reply other threads:[~2011-08-17 21:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-17 21:38 James Czyzak [this message]
2011-08-25 14:57 ` [LTP] [PATCH 1/1] fix ssh03 on system running mls policy Cyril Hrubis
[not found] <4E5D276C.3020505@linux.vnet.ibm.com>
2011-09-01 13:03 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E4C34E5.1090702@linux.vnet.ibm.com \
--to=czyzak2@linux.vnet.ibm.com \
--cc=debora@linux.vnet.ibm.com \
--cc=ltp-list@lists.sourceforge.net \
--cc=shubham@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox