| 1 |
Hi guys, |
| 2 |
|
| 3 |
I've committed sec-policy/selinux-base-policy-2.20101213-r9 to the |
| 4 |
hardened-development overlay. It has the following fixes since -r8: |
| 5 |
- Allow Portage sandbox to ptrace (some package installs require this) |
| 6 |
- Use xserver_domtrans instead of allowing siginh (cleaner policy) |
| 7 |
- Fix issue that dhcpcd didn't work (could not find interfaces) |
| 8 |
- Allow unconfined_t domain to transition to portage domains |
| 9 |
|
| 10 |
The latter should fix bugs #355745 and #356533. |
| 11 |
|
| 12 |
This is also the first (but definitely not the last) commit which I'm now |
| 13 |
also testing various stuff with. The testing approach I use is to set up |
| 14 |
Gentoo Hardened base, then update to SELinux (strict), install mysql, |
| 15 |
install postgresql and then run some administrative tests: |
| 16 |
|
| 17 |
portage - - - - Performing portage activities - |
| 18 |
portage - 001 - Run emerge --info - success |
| 19 |
portage - 002 - Run emerge -puDN world - success |
| 20 |
portage - 003 - Run emerge cowsay - success |
| 21 |
portage - 004 - Run emerge -C cowsay (remove) - success |
| 22 |
portage - 005 - Run eselect profile list - success |
| 23 |
portage - 006 - Run gcc-config -l - success |
| 24 |
inittest - - - - Create temporary working database (gentoo) - |
| 25 |
inittest - 001 - Load SQL file (restore database dump) - success |
| 26 |
mysql - - - - Performing mysql command activities - |
| 27 |
mysql - 001 - Create table (as admin) through mysql command - success |
| 28 |
mysql - 002 - Show tables (as admin) - success |
| 29 |
mysql - 003 - Drop table (as admin) - success |
| 30 |
mysql - 004 - Describe table (as guest) - success |
| 31 |
mysql - 005 - Select data from table (as guest) - success |
| 32 |
mysql - 006 - Select data from table (as test) - success |
| 33 |
mysql - 007 - Create table (as guest) - success |
| 34 |
exittest - - - - Cleanup temporary working database (gentoo) - |
| 35 |
exittest - 001 - Drop database gentoo - success |
| 36 |
exittest - 002 - Revoke all (gentoo) privileges from guest account - success |
| 37 |
exittest - 003 - Revoke all (gentoo) privileges from admin account - success |
| 38 |
inittest - - - - Create temporary working database - |
| 39 |
inittest - 001 - Create admin role - success |
| 40 |
inittest - 002 - Create guest role - success |
| 41 |
inittest - 003 - Load SQL file (restore database dump) - success |
| 42 |
postgres - - - - Performing psql command activities - |
| 43 |
postgres - 001 - Create table (as admin) through psql command - success |
| 44 |
postgres - 002 - Describe test table (as admin) through psql command - success |
| 45 |
postgres - 003 - Drop test table (as admin) through psql command - success |
| 46 |
postgres - 004 - Describe table (as guest) through psql command - success |
| 47 |
postgres - 005 - Query test data (as guest) through psql command - success |
| 48 |
postgres - 006 - Testing invalid user access - success |
| 49 |
exittest - - - - Cleanup temporary working database - |
| 50 |
exittest - 001 - Drop test database - success |
| 51 |
exittest - 002 - Drop admin user - success |
| 52 |
exittest - 003 - Drop guest user - success |
| 53 |
|
| 54 |
|
| 55 |
These tests are done for both strict and targeted policy (but always in |
| 56 |
enforcing mode). The idea I have is to try and reproduce issues reported or |
| 57 |
seen on the forums and try to automate those. If they can be automated, I |
| 58 |
add them to the test scripts so that (1.) the issue is confirmed, and (2.) |
| 59 |
regressions can be detected. |
| 60 |
|
| 61 |
For the time being you'll see that the tests aren't advanced, but at least |
| 62 |
it's a start and it can grow more easily ;-) |
| 63 |
|
| 64 |
Wkr, |
| 65 |
Sven Vermeulen |
Archives