1 |
Hi guys, |
2 |
|
3 |
The new SELinux userspace release is now in the tree, ~arch. I have to |
4 |
apologise to you guys, but I also made a stupid mistake: while running my |
5 |
regression tests, I accidentally ran them on a VM that didn't have the new |
6 |
utilities yet, so I wronly assumed that everything is working fine. |
7 |
|
8 |
When upgrading my main laptop, I quickly found out that that wasn't the |
9 |
case. The biggest breakage (a missing definition) has been fixed (and is of |
10 |
course also in the tree), a smaller one is still remaining (toggling |
11 |
permissive domains doesn't work yet, but that shouldn't be hard to fix |
12 |
tomorrow) and a new feature in the release is not working yet (sepolicy, as |
13 |
it seems to require yum python bindings - don't ask). |
14 |
|
15 |
I've sent the current set of problems I got to the SELinux development |
16 |
mailinglist as well, hopefully some of the developers on the other side of |
17 |
the world might be able to help me out by tomorrow evening. |
18 |
|
19 |
Beyond the permissive stuff, the tests I have seem to work again so if you |
20 |
could give a few tests as well (and report bugs as you see them) please go |
21 |
ahead. |
22 |
|
23 |
# infratest -s |
24 |
[semanage] testing for base policy defined contexts |
25 |
[semanage] testing for substitutions (/lib32 = /lib) |
26 |
[semanage] creating additional file context rule |
27 |
[semanage] removing additional file context rule |
28 |
[semanage] listing SELinux users |
29 |
[semodule] disable dontaudit statements |
30 |
[semodule] rebuild base policy (re-enable dontaudit too) |
31 |
[audit2allow] generating simple test module based on AVC denial |
32 |
[audit2allow] generating interface info (sepolgen-ifgen, needed for next |
33 |
test) |
34 |
[audit2allow] generating refpolicy style test module based on AVC denial |
35 |
[audit2allow] generating SELinux statements for dmesg output |
36 |
[rlpkg] relabeling package policycoreutils |
37 |
[sesearch] looking for direct policy allow statements |
38 |
[sesearch] looking for allow statements on target attribute |
39 |
[sesearch] looking for allow statements on source attribute |
40 |
[sesearch] looking for allow statements on source/target attribute |
41 |
[sesearch] looking for boolean-triggered policy rules |
42 |
[sesearch] looking for file transitions |
43 |
[sesearch] looking for role allow statements |
44 |
[sesearch] looking for dontaudit statements |
45 |
[findcon] matching file context |
46 |
[seinfo] checking existance of domain |
47 |
[seinfo] viewing attributes of domain |
48 |
[seinfo] checking existance of attribute |
49 |
[seinfo] looking for types matching attribute |
50 |
[seinfo] checking stats |
51 |
[seinfo] checking existance of role |
52 |
[seinfo] looking for types matching role |
53 |
[seinfo] checking existance of user |
54 |
[seinfo] checking roles matching user |
55 |
|
56 |
I'll also look into the test possibilities in the ebuilds and packages to |
57 |
have this done more. If anyone is able to help me out on bug #465846 (seems |
58 |
to stem from the python eclass usage, which I'm probably doing wrong) that'd |
59 |
be greatly appreciated. |
60 |
|
61 |
Wkr, |
62 |
Sven Vermeulen |