| 1 |
Hi guys, |
| 2 |
|
| 3 |
The new SELinux userspace release is now in the tree, ~arch. I have to |
| 4 |
apologise to you guys, but I also made a stupid mistake: while running my |
| 5 |
regression tests, I accidentally ran them on a VM that didn't have the new |
| 6 |
utilities yet, so I wronly assumed that everything is working fine. |
| 7 |
|
| 8 |
When upgrading my main laptop, I quickly found out that that wasn't the |
| 9 |
case. The biggest breakage (a missing definition) has been fixed (and is of |
| 10 |
course also in the tree), a smaller one is still remaining (toggling |
| 11 |
permissive domains doesn't work yet, but that shouldn't be hard to fix |
| 12 |
tomorrow) and a new feature in the release is not working yet (sepolicy, as |
| 13 |
it seems to require yum python bindings - don't ask). |
| 14 |
|
| 15 |
I've sent the current set of problems I got to the SELinux development |
| 16 |
mailinglist as well, hopefully some of the developers on the other side of |
| 17 |
the world might be able to help me out by tomorrow evening. |
| 18 |
|
| 19 |
Beyond the permissive stuff, the tests I have seem to work again so if you |
| 20 |
could give a few tests as well (and report bugs as you see them) please go |
| 21 |
ahead. |
| 22 |
|
| 23 |
# infratest -s |
| 24 |
[semanage] testing for base policy defined contexts |
| 25 |
[semanage] testing for substitutions (/lib32 = /lib) |
| 26 |
[semanage] creating additional file context rule |
| 27 |
[semanage] removing additional file context rule |
| 28 |
[semanage] listing SELinux users |
| 29 |
[semodule] disable dontaudit statements |
| 30 |
[semodule] rebuild base policy (re-enable dontaudit too) |
| 31 |
[audit2allow] generating simple test module based on AVC denial |
| 32 |
[audit2allow] generating interface info (sepolgen-ifgen, needed for next |
| 33 |
test) |
| 34 |
[audit2allow] generating refpolicy style test module based on AVC denial |
| 35 |
[audit2allow] generating SELinux statements for dmesg output |
| 36 |
[rlpkg] relabeling package policycoreutils |
| 37 |
[sesearch] looking for direct policy allow statements |
| 38 |
[sesearch] looking for allow statements on target attribute |
| 39 |
[sesearch] looking for allow statements on source attribute |
| 40 |
[sesearch] looking for allow statements on source/target attribute |
| 41 |
[sesearch] looking for boolean-triggered policy rules |
| 42 |
[sesearch] looking for file transitions |
| 43 |
[sesearch] looking for role allow statements |
| 44 |
[sesearch] looking for dontaudit statements |
| 45 |
[findcon] matching file context |
| 46 |
[seinfo] checking existance of domain |
| 47 |
[seinfo] viewing attributes of domain |
| 48 |
[seinfo] checking existance of attribute |
| 49 |
[seinfo] looking for types matching attribute |
| 50 |
[seinfo] checking stats |
| 51 |
[seinfo] checking existance of role |
| 52 |
[seinfo] looking for types matching role |
| 53 |
[seinfo] checking existance of user |
| 54 |
[seinfo] checking roles matching user |
| 55 |
|
| 56 |
I'll also look into the test possibilities in the ebuilds and packages to |
| 57 |
have this done more. If anyone is able to help me out on bug #465846 (seems |
| 58 |
to stem from the python eclass usage, which I'm probably doing wrong) that'd |
| 59 |
be greatly appreciated. |
| 60 |
|
| 61 |
Wkr, |
| 62 |
Sven Vermeulen |
Archives