1 |
Hi guys, |
2 |
|
3 |
I've committed sec-policy/selinux-base-policy-2.20101213-r9 to the |
4 |
hardened-development overlay. It has the following fixes since -r8: |
5 |
- Allow Portage sandbox to ptrace (some package installs require this) |
6 |
- Use xserver_domtrans instead of allowing siginh (cleaner policy) |
7 |
- Fix issue that dhcpcd didn't work (could not find interfaces) |
8 |
- Allow unconfined_t domain to transition to portage domains |
9 |
|
10 |
The latter should fix bugs #355745 and #356533. |
11 |
|
12 |
This is also the first (but definitely not the last) commit which I'm now |
13 |
also testing various stuff with. The testing approach I use is to set up |
14 |
Gentoo Hardened base, then update to SELinux (strict), install mysql, |
15 |
install postgresql and then run some administrative tests: |
16 |
|
17 |
portage - - - - Performing portage activities - |
18 |
portage - 001 - Run emerge --info - success |
19 |
portage - 002 - Run emerge -puDN world - success |
20 |
portage - 003 - Run emerge cowsay - success |
21 |
portage - 004 - Run emerge -C cowsay (remove) - success |
22 |
portage - 005 - Run eselect profile list - success |
23 |
portage - 006 - Run gcc-config -l - success |
24 |
inittest - - - - Create temporary working database (gentoo) - |
25 |
inittest - 001 - Load SQL file (restore database dump) - success |
26 |
mysql - - - - Performing mysql command activities - |
27 |
mysql - 001 - Create table (as admin) through mysql command - success |
28 |
mysql - 002 - Show tables (as admin) - success |
29 |
mysql - 003 - Drop table (as admin) - success |
30 |
mysql - 004 - Describe table (as guest) - success |
31 |
mysql - 005 - Select data from table (as guest) - success |
32 |
mysql - 006 - Select data from table (as test) - success |
33 |
mysql - 007 - Create table (as guest) - success |
34 |
exittest - - - - Cleanup temporary working database (gentoo) - |
35 |
exittest - 001 - Drop database gentoo - success |
36 |
exittest - 002 - Revoke all (gentoo) privileges from guest account - success |
37 |
exittest - 003 - Revoke all (gentoo) privileges from admin account - success |
38 |
inittest - - - - Create temporary working database - |
39 |
inittest - 001 - Create admin role - success |
40 |
inittest - 002 - Create guest role - success |
41 |
inittest - 003 - Load SQL file (restore database dump) - success |
42 |
postgres - - - - Performing psql command activities - |
43 |
postgres - 001 - Create table (as admin) through psql command - success |
44 |
postgres - 002 - Describe test table (as admin) through psql command - success |
45 |
postgres - 003 - Drop test table (as admin) through psql command - success |
46 |
postgres - 004 - Describe table (as guest) through psql command - success |
47 |
postgres - 005 - Query test data (as guest) through psql command - success |
48 |
postgres - 006 - Testing invalid user access - success |
49 |
exittest - - - - Cleanup temporary working database - |
50 |
exittest - 001 - Drop test database - success |
51 |
exittest - 002 - Drop admin user - success |
52 |
exittest - 003 - Drop guest user - success |
53 |
|
54 |
|
55 |
These tests are done for both strict and targeted policy (but always in |
56 |
enforcing mode). The idea I have is to try and reproduce issues reported or |
57 |
seen on the forums and try to automate those. If they can be automated, I |
58 |
add them to the test scripts so that (1.) the issue is confirmed, and (2.) |
59 |
regressions can be detected. |
60 |
|
61 |
For the time being you'll see that the tests aren't advanced, but at least |
62 |
it's a start and it can grow more easily ;-) |
63 |
|
64 |
Wkr, |
65 |
Sven Vermeulen |