* [PATCH] tests/mac_admin: skip another test on nfs
@ 2025-06-18 16:29 Stephen Smalley
2025-06-23 13:37 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Stephen Smalley @ 2025-06-18 16:29 UTC (permalink / raw)
To: selinux; +Cc: paul, omosnace, Stephen Smalley
Skip another test of undefined label handling that is not guaranteed to
work over labeled NFS and breaks if SELinux namespaces are enabled due
to the global SID table correctly preserving the undefined context value,
producing an error within NFSv4 for which no error handling path exists.
Possibly consider disabling this entire set of tests.
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
tests/mac_admin/test | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/tests/mac_admin/test b/tests/mac_admin/test
index c28a7bc..8ecb48b 100755
--- a/tests/mac_admin/test
+++ b/tests/mac_admin/test
@@ -11,7 +11,7 @@ BEGIN {
plan tests => 8;
}
else {
- plan tests => 7;
+ plan tests => 6;
}
}
@@ -49,12 +49,13 @@ if ( $isnfs ne "nfs" ) {
`runcon -t test_mac_admin_t -- secon -t -f $basedir/test_dir 2>&1`;
chomp($result);
ok( $result, "UNDEFINED" );
-}
-# Verify that test_no_mac_admin_t sees the unlabeled context.
-$result = `runcon -t test_no_mac_admin_t -- secon -t -f $basedir/test_dir 2>&1`;
-chomp($result);
-ok( $result, "unlabeled_t" );
+ # Verify that test_no_mac_admin_t sees the unlabeled context.
+ $result =
+ `runcon -t test_no_mac_admin_t -- secon -t -f $basedir/test_dir 2>&1`;
+ chomp($result);
+ ok( $result, "unlabeled_t" );
+}
# Delete the test directory
system("rm -rf $basedir/test_dir");
--
2.49.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] tests/mac_admin: skip another test on nfs
2025-06-18 16:29 [PATCH] tests/mac_admin: skip another test on nfs Stephen Smalley
@ 2025-06-23 13:37 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2025-06-23 13:37 UTC (permalink / raw)
To: selinux; +Cc: paul, omosnace
On Wed, Jun 18, 2025 at 12:31 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> Skip another test of undefined label handling that is not guaranteed to
> work over labeled NFS and breaks if SELinux namespaces are enabled due
> to the global SID table correctly preserving the undefined context value,
> producing an error within NFSv4 for which no error handling path exists.
> Possibly consider disabling this entire set of tests.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Applied.
> ---
> tests/mac_admin/test | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/tests/mac_admin/test b/tests/mac_admin/test
> index c28a7bc..8ecb48b 100755
> --- a/tests/mac_admin/test
> +++ b/tests/mac_admin/test
> @@ -11,7 +11,7 @@ BEGIN {
> plan tests => 8;
> }
> else {
> - plan tests => 7;
> + plan tests => 6;
> }
> }
>
> @@ -49,12 +49,13 @@ if ( $isnfs ne "nfs" ) {
> `runcon -t test_mac_admin_t -- secon -t -f $basedir/test_dir 2>&1`;
> chomp($result);
> ok( $result, "UNDEFINED" );
> -}
>
> -# Verify that test_no_mac_admin_t sees the unlabeled context.
> -$result = `runcon -t test_no_mac_admin_t -- secon -t -f $basedir/test_dir 2>&1`;
> -chomp($result);
> -ok( $result, "unlabeled_t" );
> + # Verify that test_no_mac_admin_t sees the unlabeled context.
> + $result =
> + `runcon -t test_no_mac_admin_t -- secon -t -f $basedir/test_dir 2>&1`;
> + chomp($result);
> + ok( $result, "unlabeled_t" );
> +}
>
> # Delete the test directory
> system("rm -rf $basedir/test_dir");
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-06-23 13:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-18 16:29 [PATCH] tests/mac_admin: skip another test on nfs Stephen Smalley
2025-06-23 13:37 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).