diff mbox series

[2/2,testsuite] tools/nfs.sh: comment out the fscontext= tests for now

Message ID 20240506174948.26314-2-stephen.smalley.work@gmail.com (mailing list archive)
State Superseded
Delegated to: Ondrej Mosnáček
Headers show
Series [1/2,testsuite] tests/nfs_filesystem: remove failing mount | expand

Commit Message

Stephen Smalley May 6, 2024, 5:49 p.m. UTC 
These tests currently fail on mount(2) calls due to the directory being
unlabeled at the point where search access is checked. Until we can resolve
the underlying issue, comment out these tests to allow the NFS tests to
be run.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 tools/nfs.sh | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

Comments

Stephen Smalley May 15, 2024, 2:54 p.m. UTC | #1 
On Mon, May 6, 2024 at 1:51 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> These tests currently fail on mount(2) calls due to the directory being
> unlabeled at the point where search access is checked. Until we can resolve
> the underlying issue, comment out these tests to allow the NFS tests to
> be run.

With these two patches, I can run the nfs.sh script to completion with
all tests passing on not only the latest kernel w/ the fix but also
Linux v5.14 with no changes. So it is unclear to me that the tests
being disabled by these two patches ever worked...

>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
>  tools/nfs.sh | 40 ++++++++++++++++++++--------------------
>  1 file changed, 20 insertions(+), 20 deletions(-)
>
> diff --git a/tools/nfs.sh b/tools/nfs.sh
> index cf4912c..688903e 100755
> --- a/tools/nfs.sh
> +++ b/tools/nfs.sh
> @@ -77,27 +77,27 @@ POPD=0
>  popd >/dev/null 2>&1
>  umount /mnt/selinux-testsuite
>  #
> -echo -e "Run 'filesystem' tests with mount context option:\n\t$FS_CTX"
> -mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> -pushd /mnt/selinux-testsuite >/dev/null 2>&1
> -POPD=1
> -cd tests
> -./nfsruntests.pl filesystem/test
> -cd ../
> -POPD=0
> -popd >/dev/null 2>&1
> -umount /mnt/selinux-testsuite
> +#echo -e "Run 'filesystem' tests with mount context option:\n\t$FS_CTX"
> +#mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> +#pushd /mnt/selinux-testsuite >/dev/null 2>&1
> +#POPD=1
> +#cd tests
> +#./nfsruntests.pl filesystem/test
> +#cd ../
> +#POPD=0
> +#popd >/dev/null 2>&1
> +#umount /mnt/selinux-testsuite
>  #
> -echo -e "Run 'fs_filesystem' tests with mount context option:\n\t$FS_CTX"
> -mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> -pushd /mnt/selinux-testsuite >/dev/null 2>&1
> -POPD=1
> -cd tests
> -./nfsruntests.pl fs_filesystem/test
> -cd ../
> -POPD=0
> -popd >/dev/null 2>&1
> -umount /mnt/selinux-testsuite
> +#echo -e "Run 'fs_filesystem' tests with mount context option:\n\t$FS_CTX"
> +#mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> +#pushd /mnt/selinux-testsuite >/dev/null 2>&1
> +#POPD=1
> +#cd tests
> +#./nfsruntests.pl fs_filesystem/test
> +#cd ../
> +#POPD=0
> +#popd >/dev/null 2>&1
> +#umount /mnt/selinux-testsuite
>  #
>  echo "Run NFS context specific tests"
>  cd tests
> --
> 2.40.1
>
Stephen Smalley May 23, 2024, 12:59 p.m. UTC | #2 
On Wed, May 15, 2024 at 10:54 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Mon, May 6, 2024 at 1:51 PM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > These tests currently fail on mount(2) calls due to the directory being
> > unlabeled at the point where search access is checked. Until we can resolve
> > the underlying issue, comment out these tests to allow the NFS tests to
> > be run.
>
> With these two patches, I can run the nfs.sh script to completion with
> all tests passing on not only the latest kernel w/ the fix but also
> Linux v5.14 with no changes. So it is unclear to me that the tests
> being disabled by these two patches ever worked...

Last call - any objections to me applying these two patches?

>
> >
> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > ---
> >  tools/nfs.sh | 40 ++++++++++++++++++++--------------------
> >  1 file changed, 20 insertions(+), 20 deletions(-)
> >
> > diff --git a/tools/nfs.sh b/tools/nfs.sh
> > index cf4912c..688903e 100755
> > --- a/tools/nfs.sh
> > +++ b/tools/nfs.sh
> > @@ -77,27 +77,27 @@ POPD=0
> >  popd >/dev/null 2>&1
> >  umount /mnt/selinux-testsuite
> >  #
> > -echo -e "Run 'filesystem' tests with mount context option:\n\t$FS_CTX"
> > -mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> > -pushd /mnt/selinux-testsuite >/dev/null 2>&1
> > -POPD=1
> > -cd tests
> > -./nfsruntests.pl filesystem/test
> > -cd ../
> > -POPD=0
> > -popd >/dev/null 2>&1
> > -umount /mnt/selinux-testsuite
> > +#echo -e "Run 'filesystem' tests with mount context option:\n\t$FS_CTX"
> > +#mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> > +#pushd /mnt/selinux-testsuite >/dev/null 2>&1
> > +#POPD=1
> > +#cd tests
> > +#./nfsruntests.pl filesystem/test
> > +#cd ../
> > +#POPD=0
> > +#popd >/dev/null 2>&1
> > +#umount /mnt/selinux-testsuite
> >  #
> > -echo -e "Run 'fs_filesystem' tests with mount context option:\n\t$FS_CTX"
> > -mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> > -pushd /mnt/selinux-testsuite >/dev/null 2>&1
> > -POPD=1
> > -cd tests
> > -./nfsruntests.pl fs_filesystem/test
> > -cd ../
> > -POPD=0
> > -popd >/dev/null 2>&1
> > -umount /mnt/selinux-testsuite
> > +#echo -e "Run 'fs_filesystem' tests with mount context option:\n\t$FS_CTX"
> > +#mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
> > +#pushd /mnt/selinux-testsuite >/dev/null 2>&1
> > +#POPD=1
> > +#cd tests
> > +#./nfsruntests.pl fs_filesystem/test
> > +#cd ../
> > +#POPD=0
> > +#popd >/dev/null 2>&1
> > +#umount /mnt/selinux-testsuite
> >  #
> >  echo "Run NFS context specific tests"
> >  cd tests
> > --
Paul Moore May 23, 2024, 7:59 p.m. UTC | #3 
On Thu, May 23, 2024 at 8:59 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
> On Wed, May 15, 2024 at 10:54 AM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > On Mon, May 6, 2024 at 1:51 PM Stephen Smalley
> > <stephen.smalley.work@gmail.com> wrote:
> > >
> > > These tests currently fail on mount(2) calls due to the directory being
> > > unlabeled at the point where search access is checked. Until we can resolve
> > > the underlying issue, comment out these tests to allow the NFS tests to
> > > be run.
> >
> > With these two patches, I can run the nfs.sh script to completion with
> > all tests passing on not only the latest kernel w/ the fix but also
> > Linux v5.14 with no changes. So it is unclear to me that the tests
> > being disabled by these two patches ever worked...
>
> Last call - any objections to me applying these two patches?

Do we have any hope of resolving the issues anytime soon?  It might be
nice to see an in-depth discussion/brain-dump of the issues in the
commit description so that someone looking at this at a later date has
some hope of understanding the problem.
Stephen Smalley May 24, 2024, 12:24 p.m. UTC | #4 
On Thu, May 23, 2024 at 4:00 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Thu, May 23, 2024 at 8:59 AM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> > On Wed, May 15, 2024 at 10:54 AM Stephen Smalley
> > <stephen.smalley.work@gmail.com> wrote:
> > >
> > > On Mon, May 6, 2024 at 1:51 PM Stephen Smalley
> > > <stephen.smalley.work@gmail.com> wrote:
> > > >
> > > > These tests currently fail on mount(2) calls due to the directory being
> > > > unlabeled at the point where search access is checked. Until we can resolve
> > > > the underlying issue, comment out these tests to allow the NFS tests to
> > > > be run.
> > >
> > > With these two patches, I can run the nfs.sh script to completion with
> > > all tests passing on not only the latest kernel w/ the fix but also
> > > Linux v5.14 with no changes. So it is unclear to me that the tests
> > > being disabled by these two patches ever worked...
> >
> > Last call - any objections to me applying these two patches?
>
> Do we have any hope of resolving the issues anytime soon?  It might be
> nice to see an in-depth discussion/brain-dump of the issues in the
> commit description so that someone looking at this at a later date has
> some hope of understanding the problem.

I already put what I knew into the commit messages, unless I missed something.
I am not sure the tests I am commenting out ever worked, and Ondrej
said earlier that he never enabled the NFS tests as part of his
automated testing because they still weren't working fully last he
tried. Meanwhile, we've had two separate regressions in labeled NFS
since that time, one from Neil Brown's patches and one from Ondrej's
patches, and only just discovered the one long after it was
introduced. Hence, to me the value of getting the tests running so we
can turn them on in automated testing far outweighs any benefit we get
from retaining these tests that may have never worked at all.
Stephen Smalley May 28, 2024, 2:46 p.m. UTC | #5 
On Fri, May 24, 2024 at 8:24 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Thu, May 23, 2024 at 4:00 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > On Thu, May 23, 2024 at 8:59 AM Stephen Smalley
> > <stephen.smalley.work@gmail.com> wrote:
> > > On Wed, May 15, 2024 at 10:54 AM Stephen Smalley
> > > <stephen.smalley.work@gmail.com> wrote:
> > > >
> > > > On Mon, May 6, 2024 at 1:51 PM Stephen Smalley
> > > > <stephen.smalley.work@gmail.com> wrote:
> > > > >
> > > > > These tests currently fail on mount(2) calls due to the directory being
> > > > > unlabeled at the point where search access is checked. Until we can resolve
> > > > > the underlying issue, comment out these tests to allow the NFS tests to
> > > > > be run.
> > > >
> > > > With these two patches, I can run the nfs.sh script to completion with
> > > > all tests passing on not only the latest kernel w/ the fix but also
> > > > Linux v5.14 with no changes. So it is unclear to me that the tests
> > > > being disabled by these two patches ever worked...
> > >
> > > Last call - any objections to me applying these two patches?
> >
> > Do we have any hope of resolving the issues anytime soon?  It might be
> > nice to see an in-depth discussion/brain-dump of the issues in the
> > commit description so that someone looking at this at a later date has
> > some hope of understanding the problem.
>
> I already put what I knew into the commit messages, unless I missed something.
> I am not sure the tests I am commenting out ever worked, and Ondrej
> said earlier that he never enabled the NFS tests as part of his
> automated testing because they still weren't working fully last he
> tried. Meanwhile, we've had two separate regressions in labeled NFS
> since that time, one from Neil Brown's patches and one from Ondrej's
> patches, and only just discovered the one long after it was
> introduced. Hence, to me the value of getting the tests running so we
> can turn them on in automated testing far outweighs any benefit we get
> from retaining these tests that may have never worked at all.

Also, FWIW, with these two patches applied to the testsuite, current
linus/master passes all remaining NFS tests.
Stephen Smalley May 29, 2024, 2:07 p.m. UTC | #6 
On Tue, May 28, 2024 at 10:46 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Fri, May 24, 2024 at 8:24 AM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > On Thu, May 23, 2024 at 4:00 PM Paul Moore <paul@paul-moore.com> wrote:
> > >
> > > On Thu, May 23, 2024 at 8:59 AM Stephen Smalley
> > > <stephen.smalley.work@gmail.com> wrote:
> > > > On Wed, May 15, 2024 at 10:54 AM Stephen Smalley
> > > > <stephen.smalley.work@gmail.com> wrote:
> > > > >
> > > > > On Mon, May 6, 2024 at 1:51 PM Stephen Smalley
> > > > > <stephen.smalley.work@gmail.com> wrote:
> > > > > >
> > > > > > These tests currently fail on mount(2) calls due to the directory being
> > > > > > unlabeled at the point where search access is checked. Until we can resolve
> > > > > > the underlying issue, comment out these tests to allow the NFS tests to
> > > > > > be run.
> > > > >
> > > > > With these two patches, I can run the nfs.sh script to completion with
> > > > > all tests passing on not only the latest kernel w/ the fix but also
> > > > > Linux v5.14 with no changes. So it is unclear to me that the tests
> > > > > being disabled by these two patches ever worked...
> > > >
> > > > Last call - any objections to me applying these two patches?
> > >
> > > Do we have any hope of resolving the issues anytime soon?  It might be
> > > nice to see an in-depth discussion/brain-dump of the issues in the
> > > commit description so that someone looking at this at a later date has
> > > some hope of understanding the problem.
> >
> > I already put what I knew into the commit messages, unless I missed something.
> > I am not sure the tests I am commenting out ever worked, and Ondrej
> > said earlier that he never enabled the NFS tests as part of his
> > automated testing because they still weren't working fully last he
> > tried. Meanwhile, we've had two separate regressions in labeled NFS
> > since that time, one from Neil Brown's patches and one from Ondrej's
> > patches, and only just discovered the one long after it was
> > introduced. Hence, to me the value of getting the tests running so we
> > can turn them on in automated testing far outweighs any benefit we get
> > from retaining these tests that may have never worked at all.
>
> Also, FWIW, with these two patches applied to the testsuite, current
> linus/master passes all remaining NFS tests.

Sent a v2 of the patches with further details and output included.
diff mbox series

Patch

diff --git a/tools/nfs.sh b/tools/nfs.sh
index cf4912c..688903e 100755
--- a/tools/nfs.sh
+++ b/tools/nfs.sh
@@ -77,27 +77,27 @@  POPD=0
 popd >/dev/null 2>&1
 umount /mnt/selinux-testsuite
 #
-echo -e "Run 'filesystem' tests with mount context option:\n\t$FS_CTX"
-mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
-pushd /mnt/selinux-testsuite >/dev/null 2>&1
-POPD=1
-cd tests
-./nfsruntests.pl filesystem/test
-cd ../
-POPD=0
-popd >/dev/null 2>&1
-umount /mnt/selinux-testsuite
+#echo -e "Run 'filesystem' tests with mount context option:\n\t$FS_CTX"
+#mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
+#pushd /mnt/selinux-testsuite >/dev/null 2>&1
+#POPD=1
+#cd tests
+#./nfsruntests.pl filesystem/test
+#cd ../
+#POPD=0
+#popd >/dev/null 2>&1
+#umount /mnt/selinux-testsuite
 #
-echo -e "Run 'fs_filesystem' tests with mount context option:\n\t$FS_CTX"
-mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
-pushd /mnt/selinux-testsuite >/dev/null 2>&1
-POPD=1
-cd tests
-./nfsruntests.pl fs_filesystem/test
-cd ../
-POPD=0
-popd >/dev/null 2>&1
-umount /mnt/selinux-testsuite
+#echo -e "Run 'fs_filesystem' tests with mount context option:\n\t$FS_CTX"
+#mount -t nfs -o vers=4.2,$FS_CTX localhost:$TESTDIR /mnt/selinux-testsuite
+#pushd /mnt/selinux-testsuite >/dev/null 2>&1
+#POPD=1
+#cd tests
+#./nfsruntests.pl fs_filesystem/test
+#cd ../
+#POPD=0
+#popd >/dev/null 2>&1
+#umount /mnt/selinux-testsuite
 #
 echo "Run NFS context specific tests"
 cd tests