From patchwork Tue Jan 7 13:45:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928927 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAF191EF0B5 for ; Tue, 7 Jan 2025 13:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; cv=none; b=SC49EIa+uXy5DinJqln/KPGQfVQshAsvROLo0xDTqq3MhlknImnooxMt5sfUM8ubwXLWZNsWXSI/hz4vu7AdyF2pNXdHmUNhGVzpK5D54YnUvZaH6NAMdxXJAgT0a8KwXvMlpr/Bp4DIgEzdKwJpsoBS4f3L/NBOHailRXy+ceI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; c=relaxed/simple; bh=SIP7CxpILTpLLm7j+l7Al/jY0+BzUw6nFAVyG7O9RhE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=fBxd3803yxpKn1d3t+3OXQ2nUPFfl2+X7pa/RQ60VmCFHHgf8jo90rPFIz3qt+8vAWauNo6bx9B2mvDQxlnvKFrZEk10Why1N9MNzWulSi0vNpiJVRS+SkgAKfdlB3elPciqaT+KaZJ6gD4DJSbQ3okFW7SxnljQvFxNKpDOzSg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=iPbVo7QG; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="iPbVo7QG" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257571; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aRFI6E0lVHxBoyJm1WrpFzbJcyMc7WrXOwqff3s2An0=; b=iPbVo7QGcYCkurVQSyRmebyCXqe+jzsA2+KxMt6eFbOsU6ev8jHM5vQVXbQo6U3+qkFH70 dxfCxhIdTLqmZG5hCENyh/YpXSQrViaOXXAnKuE+MEBb5pYOVYBoJtefinVZdlrb31PQp5 Z8QawVkg6wmTiMBzc4/n7ywCjdEI07n+ObGX7YCk0EhGsInAeaBiorok1wifWyR9zvf3TI T5kQikU9zaNQrTdHq8g+cIwwqbIBl5DLUQ3GyB+2ajinmKZmy789R7GYJUzO/dWzgJNPl5 tDzEFhaMFjxEiiRIDlFG8bmQrzm5IM4SJX4TOySrr8LOJJ3H40ZIYr2Ec+1JdA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 01/17] Fix typos Date: Tue, 7 Jan 2025 14:45:49 +0100 Message-ID: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Found by codespell(1). Signed-off-by: Christian Göttsche --- doc/tests/Makefile | 2 +- doc/tests/socket.sgml | 2 +- policy/test_capable_file.te | 2 +- policy/test_capable_net.te | 2 +- policy/test_capable_sys.te | 2 +- policy/test_mqueue.te | 2 +- tests/binder/service_provider.c | 2 +- tests/bounds/test | 4 ++-- tests/capable_net/test | 2 +- tests/capable_sys/test | 2 +- tests/file/test | 2 +- tests/file/test_nofcntl.c | 2 +- tests/file/test_sigiotask.c | 2 +- tests/ioctl/test | 4 ++-- tests/ioctl/test_noioctl.c | 2 +- tests/mqueue/mqmgr.c | 2 +- tests/mqueue/test | 2 +- tests/overlay/setup-overlay | 2 +- tests/task_setscheduler/test | 2 +- tests/userfaultfd/userfaultfd.c | 2 +- 20 files changed, 22 insertions(+), 22 deletions(-) diff --git a/doc/tests/Makefile b/doc/tests/Makefile index ead6af2..6b85905 100644 --- a/doc/tests/Makefile +++ b/doc/tests/Makefile @@ -10,7 +10,7 @@ TEX := $(patsubst %.sgml, %.tex, $(TOP)) LOG := $(patsubst %.sgml, %.log, $(TOP)) OUT := $(patsubst %.sgml, %.out, $(TOP)) -all: $(PS) $(PDF) $(HMTL) +all: $(PS) $(PDF) $(HTML) $(PS): $(ALL) custom.dsl jw -f docbook -d custom.dsl -b ps $(TOP) diff --git a/doc/tests/socket.sgml b/doc/tests/socket.sgml index ca203ac..d1293ad 100644 --- a/doc/tests/socket.sgml +++ b/doc/tests/socket.sgml @@ -242,7 +242,7 @@ The socket scripts test the following hooks: -Secure Socket Sytem Call Tests +Secure Socket System Call Tests The tests in the socket_secure and unix_secure subdirectories create a single server diff --git a/policy/test_capable_file.te b/policy/test_capable_file.te index 2377279..2ee5d8f 100644 --- a/policy/test_capable_file.te +++ b/policy/test_capable_file.te @@ -29,7 +29,7 @@ type test_nofcap_t; typeattribute test_nofcap_t capabledomain; testsuite_domain_type(test_nofcap_t) -# Allow these domains to create a temporay file. +# Allow these domains to create a temporary file. allow capabledomain test_file_t:file { setattr rw_file_perms }; allow capabledomain test_file_t:chr_file { create }; allow capabledomain test_file_t:dir { setattr rw_dir_perms }; diff --git a/policy/test_capable_net.te b/policy/test_capable_net.te index a01ba8f..8ec4782 100644 --- a/policy/test_capable_net.te +++ b/policy/test_capable_net.te @@ -1,7 +1,7 @@ ################################# # # Policy for testing network related capabilities. The test_capable_file.te -# policy is a prequisite for this file. +# policy is a prerequisite for this file. # # Type for process that is allowed certain capabilities diff --git a/policy/test_capable_sys.te b/policy/test_capable_sys.te index 70717f1..05d6da5 100644 --- a/policy/test_capable_sys.te +++ b/policy/test_capable_sys.te @@ -1,7 +1,7 @@ ################################# # # Policy for testing system related capabilities. The test_capable_file.te -# policy is a prequisite for this file. +# policy is a prerequisite for this file. # # Type for process that is allowed certain capabilities diff --git a/policy/test_mqueue.te b/policy/test_mqueue.te index b938a6b..0d6df7a 100644 --- a/policy/test_mqueue.te +++ b/policy/test_mqueue.te @@ -18,7 +18,7 @@ testsuite_domain_type(test_mqreadop_t) domain_obj_id_change_exemption(test_mqreadop_t) typeattribute test_mqreadop_t mqopdomain; -# Domain for process that is allowed to wirte to write posix mqueues +# Domain for process that is allowed to write the write posix mqueues type test_mqwriteop_t; testsuite_domain_type(test_mqwriteop_t) domain_obj_id_change_exemption(test_mqwriteop_t) diff --git a/tests/binder/service_provider.c b/tests/binder/service_provider.c index f47365c..97c59dd 100644 --- a/tests/binder/service_provider.c +++ b/tests/binder/service_provider.c @@ -286,7 +286,7 @@ int main(int argc, char **argv) if (fd_type == BPF_TEST) exit(0); - /* If BPF enabed, then need to set limits */ + /* If BPF enabled, then need to set limits */ if (fd_type == BPF_MAP_FD || fd_type == BPF_PROG_FD) bpf_setrlimit(); #else diff --git a/tests/bounds/test b/tests/bounds/test index dd41115..3bf1b6a 100755 --- a/tests/bounds/test +++ b/tests/bounds/test @@ -76,8 +76,8 @@ $result = system( ); ok($result); -# It ensure the child domain shall be bounded to the parent. -# So, we expect all the alloed actiona are intersection with test_bounds_parent_t +# It ensures the child domain shall be bounded to the parent. +# So, we expect all the allowed actions are intersections with test_bounds_parent_t $result = system( "runcon -t test_bounds_child_t -- dd if=$basedir/bounds_file_red of=/dev/null count=1 2>&1 > /dev/null" diff --git a/tests/capable_net/test b/tests/capable_net/test index 8ef9ecc..dc0b57a 100755 --- a/tests/capable_net/test +++ b/tests/capable_net/test @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# This test performs checks for network-related capabilties. +# This test performs checks for network-related capabilities. # use Test; diff --git a/tests/capable_sys/test b/tests/capable_sys/test index 34ed8c8..132c732 100755 --- a/tests/capable_sys/test +++ b/tests/capable_sys/test @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# This test performs checks for system-related capabilties. +# This test performs checks for system-related capabilities. # use Test; diff --git a/tests/file/test b/tests/file/test index fa28b7c..64dc813 100755 --- a/tests/file/test +++ b/tests/file/test @@ -148,7 +148,7 @@ ok($result); system "chcon -t nofileop_rw_file_t $basedir/temp_file2 2>&1 > /dev/null"; # -# Check the fcntl for the bad domain. This uses the read-only accessable file. +# Check the fcntl for the bad domain. This uses the read-only accessible file. # $result = system "runcon -t test_nofileop_t -- $basedir/test_nofcntl $basedir/temp_file3 2>&1"; diff --git a/tests/file/test_nofcntl.c b/tests/file/test_nofcntl.c index 3554dec..40976c5 100644 --- a/tests/file/test_nofcntl.c +++ b/tests/file/test_nofcntl.c @@ -29,7 +29,7 @@ int main(int argc, char **argv) exit(2); } - /* The next two acesses should fail, so if that happens, we return success. */ + /* The next two accesses should fail, so if that happens, we return success. */ rc = fcntl(fd, F_SETFL, 0); if( rc != -1 ) { diff --git a/tests/file/test_sigiotask.c b/tests/file/test_sigiotask.c index 97d343b..5a5efc5 100644 --- a/tests/file/test_sigiotask.c +++ b/tests/file/test_sigiotask.c @@ -18,7 +18,7 @@ /* * Test the sigio operations by creating a child and registering that process * for SIGIO signals for the terminal. The main process forces a SIGIO - * on the terminal by sending a charcter to that device. + * on the terminal by sending a character to that device. */ int main(int argc, char **argv) { diff --git a/tests/ioctl/test b/tests/ioctl/test index 84e9d35..4e2955c 100755 --- a/tests/ioctl/test +++ b/tests/ioctl/test @@ -37,14 +37,14 @@ $result = system "touch $basedir/temp_file 2>&1"; $result = system "chcon -t test_ioctl_file_t $basedir/temp_file 2>&1"; # -# Attempt to perform the ioctls on the temproary file as the good domain +# Attempt to perform the ioctls on the temporary file as the good domain # $result = system "runcon -t test_ioctl_t -- $basedir/test_ioctl $basedir/temp_file 2>&1"; ok( $result, 0 ); # -# Attempt to perform the ioctls on the temproary file as the bad domain +# Attempt to perform the ioctls on the temporary file as the bad domain # The test program, test_noioctl.c, determines success/failure for the # individual calls, so we expect success always from that program. # diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c index 319d90f..ea9f120 100644 --- a/tests/ioctl/test_noioctl.c +++ b/tests/ioctl/test_noioctl.c @@ -18,7 +18,7 @@ * argument. This version of the program expects some of the ioctl() * calls to fail, so if one does succeed, we exit with a bad return code. * This program expects the domain it is running as to have only read - * acess to the given file. + * access to the given file. */ int main(int argc, char **argv) { diff --git a/tests/mqueue/mqmgr.c b/tests/mqueue/mqmgr.c index 5a08ce5..d03bf85 100644 --- a/tests/mqueue/mqmgr.c +++ b/tests/mqueue/mqmgr.c @@ -10,7 +10,7 @@ #include /* - * Managed the creation and distruction of a posix mqueue. + * Managed the creation and destruction of a posix mqueue. * The first argument is the name of the mqueue to be managed * (including starting '/'). The second argument is the * operation. '1' to create, '0' to remove. diff --git a/tests/mqueue/test b/tests/mqueue/test index 8334b9b..0cb9c22 100755 --- a/tests/mqueue/test +++ b/tests/mqueue/test @@ -8,7 +8,7 @@ use Test::More; BEGIN { # check if kernel supports posix mqueues file system is mounted if ( system("mount | grep -q mqueue") ) { - plan skip_all => "mqueue fileystem not supported/mounted"; + plan skip_all => "mqueue filesystem not supported/mounted"; } else { plan tests => 13; diff --git a/tests/overlay/setup-overlay b/tests/overlay/setup-overlay index 3f33499..c08a3dd 100755 --- a/tests/overlay/setup-overlay +++ b/tests/overlay/setup-overlay @@ -29,7 +29,7 @@ setup () { # (test_overlay_mounter_t, test_overlay_client_t) chcon -R -t test_overlay_files_ro_t $BASEDIR/lower - # Label noaccessfile and noaccessdir, with types not accessable to either the + # Label noaccessfile and noaccessdir, with types not accessible to either the # mounter or the client types chcon -t test_overlay_files_noaccess_t $BASEDIR/lower/noaccessfile $BASEDIR/lower/noaccessdir $BASEDIR/lower/null_noaccess chcon -t test_overlay_mounter_files_t $BASEDIR/lower/mounterfile $BASEDIR/lower/mounterdir $BASEDIR/lower/null_mounter diff --git a/tests/task_setscheduler/test b/tests/task_setscheduler/test index c2fe8c6..3730ff7 100755 --- a/tests/task_setscheduler/test +++ b/tests/task_setscheduler/test @@ -23,7 +23,7 @@ close($f); $cgroup_cpu = "/sys/fs/cgroup/cpu/tasks"; if ( -w $cgroup_cpu ) { - # We can only set the scheduler policy fo SCHED_{RR,FIFO} in the root + # We can only set the scheduler policy to SCHED_{RR,FIFO} in the root # cgroup so move our target process to the root cgroup. open( my $fd, ">>", $cgroup_cpu ); print $fd $pid; diff --git a/tests/userfaultfd/userfaultfd.c b/tests/userfaultfd/userfaultfd.c index b788f72..2d58b08 100644 --- a/tests/userfaultfd/userfaultfd.c +++ b/tests/userfaultfd/userfaultfd.c @@ -177,7 +177,7 @@ int main (int argc, char *argv[]) return -1; } - /* Acces to the registered memory range should invoke the 'missing' + /* Access to the registered memory range should invoke the 'missing' * userfaultfd page fault, which should get handled by the thread * created above. */ From patchwork Tue Jan 7 13:45:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928929 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB7C41EE026 for ; Tue, 7 Jan 2025 13:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257976; cv=none; b=OvH9ZFq4rIDvBZv3iKJ7/m4uErgllYo9FIhpu/IDFu87nH5J0qCZW665UiS/pnD9NdUDAXkZ3TxKTC8bBW4xuDrj7jCnNPPr2SZLl/XQx8HsB1gf2SVPeMKInFjIB54A8/xdYZxaiosLmtKurNdUm0NxpLTnL13G0eT7BWDWGRg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257976; c=relaxed/simple; bh=0/qmHCb/DmIUdOE+NSCKf1USE/12wn7xITYwPloOo3U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gzm5XW/yuVJSzno+Nb1/p82AKeO3X9tM991glNOcBqhT/6NFT+QTMdFL/lhvgbScbDsuHu/hrAtxSkYKf/sHO8l7PRH5jHunFbKGaMONVIx6v3dThuJFGTannB1RFU9KiYst7uyITJcvUBMMd/4Zsg0+DGmSclhbh20v+w45cnM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=m+AJRkO1; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="m+AJRkO1" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257572; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x5j/ooeukgKd26zwX8yrYkx5Hqd92cEXz0P41zNMtbI=; b=m+AJRkO14xAwfgNmyZZEXnW5awIfkVhPxBAvwkNw6JphEeO67e1NjnO3YHAV+kS+ztc4O+ 2ChUkx3NyAdmQozMeWSBUCtJilyv6fIyRlTFq/rUq/SOP9M5hKykujHG21BC42k+h+5rc5 UupNDi+QB0GR38juEbmzdizzBP3d2Gjew6VxrnemqCBIPKyplj4gNrlyu+6P1PIkJvJORE Wt9ObKKRHi2ZxXiUznZdphVardZpWuHz85G0lsqA30iNAas+IEvBTkXOUGh1ifa8NzJOWz KOorLr0KHgrzj6WYfhYW9RWr59LSXJ1GWJOL/dIJU8ZWXnF4l4Vsjxxoea+57w== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 02/17] Makefile: use $(MAKE) to pass options Date: Tue, 7 Jan 2025 14:45:50 +0100 Message-ID: <20250107134606.37260-2-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Pass make options, e.g. number of jobs, which allows to build multiple test executables in a single sub-directory in parallel. Signed-off-by: Christian Göttsche --- Makefile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 9081406..8d6227a 100644 --- a/Makefile +++ b/Makefile @@ -4,14 +4,12 @@ all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i all ; done test: - make -C policy load - make -C tests test - make -C policy unload + $(MAKE) -C policy load + $(MAKE) -C tests test + $(MAKE) -C policy unload check-syntax: @./tools/check-syntax clean: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i clean ; done - - From patchwork Tue Jan 7 13:45:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928925 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB6F439FF3 for ; Tue, 7 Jan 2025 13:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; cv=none; b=CQFH7BK6NNagCmifvWhW9GKrjYJ8LRpEiGEmuF0SBd21fCBL/O7JNFrEmu1yKNI+aPnNzJ8t9BCkvciBaK9/MtXQAhuP1OdaMBECNRURbXnDuFW1aM4iTztOsDP7M+O44GHZ4lrvzOySFe4tP9ozQPcVVvvOQ5jwTwCuxqf0Yo0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; c=relaxed/simple; bh=rvJ62eMyNDa1Dx5iMGSBGEnbD1R4vHPiRYYmEaXxiME=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fLCN14S+gq6VzlKCteaENizGIoSQNJvmlFL+0WtYY7irnZKceG6EsY0XvZnxIxL5j4BrWlHlrbTJP7mtZNAFFglzEdbGgy6fBSJwVLQ0Ep4uRpkrQpjU4yMg9FYjg8Eyhe90sfrAdhoZWU7JKxE3vQ6137l4EAx7FhsXceP2B2s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=N4flpv1P; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="N4flpv1P" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257572; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7TJCv6cIzrTCC9p1B7/mbC27dbCxeyKvzJJ3LjVy6Is=; b=N4flpv1PKMxc9efYNBnbrzMnBLJrPFjKDZ4vK/NIkftlHrqlEROz1nidOKi5Ry8wxorbUx X5Np9iqNz7pKFDpKjDWLGMUjnyy7Y1wslTnM3ycpoC4w0Z8ziVxY03Z6FA8h6iZlwIsv/R KMekqgolXZalHpLGAYuIzezte9LLQyF/Pgyztf563PSoZeDXZQyyIhgZn5OYn0LAl+m8QL wmCNKB2dWEBJfanMBP0BDW8iQLEcT6vM/dC65ZUqKyGXD3DBwClDFZHBSnQVTBOFEmdssk InqLshYpiJmr04LVFMTCFjvIgbydbtA/03jpLX3A7H7Q3JQX35lzlKHRLpgpow== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 03/17] tools: quote command to prevent word splitting Date: Tue, 7 Jan 2025 14:45:51 +0100 Message-ID: <20250107134606.37260-3-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Reported by shellcheck(1). Signed-off-by: Christian Göttsche --- tools/check-syntax | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/check-syntax b/tools/check-syntax index 2775eb4..89d74c3 100755 --- a/tools/check-syntax +++ b/tools/check-syntax @@ -111,7 +111,7 @@ function style_fix() { [[ -z "$1" ]] && return [[ -z "$2" || ! -w "$2" ]] && return - tmp="$(mktemp --tmpdir=$(dirname "$2"))" + tmp="$(mktemp --tmpdir="$(dirname "$2")")" case "$1" in c|C) tool_c_style "$2" > "$tmp" From patchwork Tue Jan 7 13:45:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928928 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB7701E3DD3 for ; Tue, 7 Jan 2025 13:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; cv=none; b=OIJUaHzZgJXX9ijy6mkvlwiW73dF/pdkpdIl1ev/FheGZKxf9uhFyo5BQdbivpRvKrNZr5BGgt9p7uOu+fYrwpxY+q2Docy5GpE83u/OHnbobEOf5PXMTQhqBle7S4q7vqwpe/WoY0zMs3qN/O0spuqoDNL6zrA9RV9Gco1uQNQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; c=relaxed/simple; bh=HG8JaOqn1Y5NeQADCrYsfGly98yeGV+qD9no6Ui1mvo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mWDKsu0gtID9uK/Xohumx/L1yH2qLhB7XpoDjcoQ6CQfNUcz6eozhSbnGMIN9bQyUx8GEsJUduwan7/Ru8PqRhKSB85pbyxqXtW3udMucUl+Mp8a5G8XhyAENZtLc0nKV+eWv76TrL60E4JQAlKYzNMCokaEyZka2qlfYqxFefg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=pNA3MlyJ; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="pNA3MlyJ" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257573; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rC7+xGz0QY9RpDpUquh5uboSes6iy4vOltMv86om/e8=; b=pNA3MlyJNhQzgFUA82PDOC3fisZrxMSx+AzbjUAnxSCemafxuL0CfD2rvS/MzpzYLbkfrT j3Hq8GeRh7pTfy6afMBv6VxYWuDfo4QZD9nRoo7c1RMyL8NUsC8ngykQN9ZIq+NEd7YQnI ADWCutgR49Ow5bHBkaR5PJqmtiPV2AbXc7bURQF+yXAYEnMLi0cfsowBOwEmLVMKjVX0FY IjJgXJUstaS2rLzlJCDGwQPNYRNymtT1w0lZeAEnh50uGf4wS6dg/fXD64dqNTN3wazSa4 1UsJW+Otwy9GoDCL0HFZH8cv6wP2PCtoi7GM2cs+FNt0+9tt8P283/b4XZochw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 04/17] tests: port scripts to sh and please shellcheck Date: Tue, 7 Jan 2025 14:45:52 +0100 Message-ID: <20250107134606.37260-4-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Improve portability and avoid actual issues being hidden. Signed-off-by: Christian Göttsche --- tests/kvercmp | 16 +++++++++------- tests/os_detect | 10 ++++++---- tests/pol_detect | 12 +++++++----- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/tests/kvercmp b/tests/kvercmp index 3742f16..4b1e345 100755 --- a/tests/kvercmp +++ b/tests/kvercmp @@ -1,15 +1,17 @@ -#!/bin/bash +#!/bin/sh -function kvercmp() +set -eu + +kvercmp() { - ver1=`echo $1 | sed 's/-/./'` - ver2=`echo $2 | sed 's/-/./'` + ver1=$(echo "$1" | sed 's/-/./') + ver2=$(echo "$2" | sed 's/-/./') ret=0 i=1 - while [ 1 ]; do - digit1=`echo $ver1 | cut -d . -f $i` - digit2=`echo $ver2 | cut -d . -f $i` + while true; do + digit1=$(echo "$ver1" | cut -d . -f $i) + digit2=$(echo "$ver2" | cut -d . -f $i) if [ -z "$digit1" ]; then if [ -z "$digit2" ]; then diff --git a/tests/os_detect b/tests/os_detect index cddcb85..6b723f6 100755 --- a/tests/os_detect +++ b/tests/os_detect @@ -1,8 +1,10 @@ -#!/bin/bash +#!/bin/sh -if [[ -r /etc/redhat-release ]]; then - ver=$(cat /etc/redhat-release | sed -ne '/^Red Hat Enterprise Linux/p') - if [[ -n $ver ]]; then +set -eu + +if [ -r /etc/redhat-release ]; then + ver=$(sed -ne '/^Red Hat Enterprise Linux/p' /etc/redhat-release) + if [ -n "$ver" ]; then echo "$ver" | \ sed -e 's/Red Hat Enterprise Linux[ \ta-zA-Z]*\([0-9]\+\).*/RHEL\1/' fi diff --git a/tests/pol_detect b/tests/pol_detect index ba25b94..8c07997 100755 --- a/tests/pol_detect +++ b/tests/pol_detect @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +set -eu if [ $# -ne 1 ]; then echo "Usage $0 " @@ -8,10 +10,10 @@ fi # This is heuristic but seems unlikely to be wrong, # the kernel initial sid should always be SystemHigh # and SystemHigh is normally s15 -level=$(cat $1/initial_contexts/kernel | tr '\0' '\n' | cut -d: -f4) +level=$(cat "$1/initial_contexts/kernel" | tr '\0' '\n' | cut -d: -f4) -if [ -z $level ]; then echo "NON-MLS" -elif [ $level = 's0' ]; then echo "MCS" -elif [ $level = 's15' ]; then echo "MLS" +if [ -z "$level" ]; then echo "NON-MLS" +elif [ "$level" = 's0' ]; then echo "MCS" +elif [ "$level" = 's15' ]; then echo "MLS" else echo "UNKNOWN" fi From patchwork Tue Jan 7 13:45:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928926 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB6C18C1E for ; Tue, 7 Jan 2025 13:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; cv=none; b=GV6JCibKwrpG77Z7uAnlX8XFnXEEfvwh2SoZJhUHHzZyGmT1fN8FwXrmhuV/Eymn/PKKW3D0vlwdZ00qNjbO5/kqRCsBWK4hvck/R9wlUZ1VVcVhk7kLYRmAVspIJsSPsAugH7eAm7L2xYM7kcLw2wK/WEknzUtVKip0vGxCJNA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257975; c=relaxed/simple; bh=pwUmLeotEeIpNgfqucJYyyYm8ht9gbbxa9u50ujilw0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Hbk/G9XxANnhAHrDskusqWx38ge2HHc5w1hTkICx6dtBkXFdcDNZ9V8XRUBWNAI28EOIgBFNSIGQ6sx01qsaTQE2S78oW90fECGeI8WcWn47UXAiSjxLYpX4eLGgsm1MBLOMCHZ56E1wujHkoL6du0SEyCfB+vunDMPg2ZDYcGE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=btHmIto1; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="btHmIto1" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257573; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i71CyXV7ngSNdjqVGajkhAjfmP/9Md4KrYj/7RLzjkw=; b=btHmIto1F6f/HyiDE0ZM5kB/3vXVox1Aj57+2S8Xd8c6SUZ9jVhvz7Su+JCkU1D28PpBR3 vv6D3CrS2jVl6SM3fMzWtFsEAgEKjHkrQ/LDSwQZi0cDXPkBVQb2yFBYdwXnyYzMQCA+c+ 54N8lVqTu5NFXqgKjXZRuE9hQmQpgBgmFH5wzbZmc6AtI6/rd61k6RIUlIndpr6XWeqe1D dF3gbX8OezVcoEX4JEkK2rRfAhEzGMWAbX3UYk3+b65HMHdszd//DiYLBaCZcZw27gDoqF 8Picqiln5esJJj6IerfZ93FmH3LKyWL5liywr/pwGGWcNfz99J1nNwbZMmHpNg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 05/17] tests: enable strictness for perl scripts Date: Tue, 7 Jan 2025 14:45:53 +0100 Message-ID: <20250107134606.37260-5-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/loop.pl | 9 ++++++--- tests/nfsruntests.pl | 6 +++++- tests/runtests.pl | 16 ++++++++++------ 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/tests/loop.pl b/tests/loop.pl index f5bf6ba..2c97b77 100644 --- a/tests/loop.pl +++ b/tests/loop.pl @@ -1,12 +1,15 @@ #!/usr/bin/perl -$count = shift || 1; +use strict; +use warnings; + +my $count = shift || 1; print "Running all tests $count times\n"; -for ( $i = 0 ; $i < $count ; $i++ ) { +for ( my $i = 0 ; $i < $count ; $i++ ) { print "$i: "; - $foo = `./runtests.pl`; + my $foo = `./runtests.pl`; if ( $foo =~ m|All tests successful.\n| ) { print $'; } diff --git a/tests/nfsruntests.pl b/tests/nfsruntests.pl index c3f0626..fa4e23a 100755 --- a/tests/nfsruntests.pl +++ b/tests/nfsruntests.pl @@ -1,5 +1,9 @@ #!/usr/bin/perl + +use strict; +use warnings; + use Test::Harness; -@test = "$ARGV[0]"; +my @test = "$ARGV[0]"; runtests(@test); diff --git a/tests/runtests.pl b/tests/runtests.pl index a2ed7ea..7654a82 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -1,20 +1,24 @@ #!/usr/bin/perl +use strict; +use warnings; + use Test::Harness; -@dirs = split( / /, $ENV{SUBDIRS} ); +my @dirs = split( / /, $ENV{SUBDIRS} ); +my @scripts = (); for (@dirs) { push @scripts, "$_/test"; } -$output = `id`; +my $output = `id`; $output =~ /uid=\d+\((\w+)\).*context=(\w+):(\w+):(\w+)/ || die("Can't determine user's id\n"); -$unixuser = $1; -$user = $2; -$role = $3; -$type = $4; +my $unixuser = $1; +my $user = $2; +my $role = $3; +my $type = $4; print "Running as user $unixuser with context $2:$3:$4\n\n"; From patchwork Tue Jan 7 13:45:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928916 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD5BF1F0E43 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; cv=none; b=e1UOXyao3tTl4A5xeHg8fi4G8HEEPG7ZAqIP3Qk0+/iUJ5lk/Gjp+9xfcn7DuSTArLIeHrE2gv51XkZUx4uv/QcIUiL9PUAF5rq3XnuHP7dRHHaTXgnOHnCqSOGEjN6kTVBfJJUfZPDuvY1ma2PTNySqwDV/jizfoDZubTx9cfU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; c=relaxed/simple; bh=rw5R5oU0qT2z/xmksjtb1BTirnP+nUPvfpX9Er6B0YQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Qi9QUPXHXevBNpZnSIiQSAsGN6O/vHOxNPviOURoU5YqxTJBZfwRpGCIU6swDn+z9cC1LdiLrhOpUI7O0SEZ8cbVCvFBDvCkZodo50YwDcZKH5U4O4Z2ENn5zdG0+2Y6dQCmqcGfgNNis4BRFdFpWNlTJOUC8CdtRD6nchDtByQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=tVcPwNdv; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="tVcPwNdv" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257573; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Pi/235JYB91dcyL49hlDzmgO/JK3puf4HGqKcrKnWRQ=; b=tVcPwNdvU3U8+rh0cWrVT8T3tWZRDWML0PyybPM5h7NMdXj0Vtvx8Cq0CXV3VXfdNiy3rJ U0R6/+IbkX8Ci9+rJ6QCV2KzzZWip9jhVjyajKENflzWY1oY26H72p7Ml36YLE8ZWTkvM0 DJkeQp0s1Wglci1riN+gOXb2szsKBK+R80dHGPsTtmFd7sTo9or7VnZJ/qq92y4w0o3R/O 0IMcr1HGLsszZuk55RZvH1U9tXTzqIuN3exdg9F0pghy4FHNp372GRUxFYWqOZva86EkyA YP+aU0MJrQmn+PPoNHMv2vx1YwApxlyyskhySyEvp9Ju7dzKfsYU3AgmLLI1nA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 06/17] Makefile: add PHONY targets Date: Tue, 7 Jan 2025 14:45:54 +0100 Message-ID: <20250107134606.37260-6-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- v2: order targets alphabetically --- Makefile | 2 ++ policy/Makefile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 8d6227a..ecde287 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ SUBDIRS = policy tests +.PHONY: all check-syntax clean test + all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i all ; done diff --git a/policy/Makefile b/policy/Makefile index 46e51f3..2896aee 100644 --- a/policy/Makefile +++ b/policy/Makefile @@ -180,6 +180,8 @@ ifeq ($(shell [ $(POL_VERS) -ge 34 -a $(MAX_KERNEL_POLICY) -ge 34 ] && echo true TARGETS += test_ioctl_cond_xperms.te endif +.PHONY: all build clean expand_check load unload + all: build expand_check: From patchwork Tue Jan 7 13:45:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928913 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD5401F0E37 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; cv=none; b=rs1Eb8ckhfTxPtcIgIcbraNDWT5wAjMV10JETRhq68PMP2Ubx+y66px91RMhqYBPjPL+WF4yIIKPTGhirqZMjg46/86ADau/fn8q9kw49fQ8CYtf19ESwIZj0EIiIoc43MpdP1t7TewPFqRcb7buBBCczkDqqOTGJwhQQOGZmP0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; c=relaxed/simple; bh=AteADW5Gqu++tV3O5jmD6virmufRtt/pAHds9qvWvjI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ScD1ZXKVU/wgC8yvxrOH/hKp9t4kj8FF7vV8l51zgTpNPgShQwqFFCUuMcmMqf3qWEiJ5C0ch568rmkhTVi5GqPcNbjXY299kwr4nhfm0PjesbjCVGzv447OLP2AfLZP0ddjRQvxbvV25LxFl3nL5oQt4FNeGNwnpG5bBVffe0g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=uR0Moysu; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="uR0Moysu" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257573; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SXFoif/F6eXyFTpi7lsFq2UGlxsvaOn1j+D2/ugLuyk=; b=uR0MoysuVkPDkqK+/Im22q5OkN5NwQkcikNuV4/dll8gSeSARjSOYErtOgnACt1jCYhSrI 8tgJ1l7CraIXN4ga7Vq2AwYIPAUQqtPhRJncscmr2X1RWwMJWk5KLErkFjPYVPUFQP8Iqa zlZPWwokVQGJ/cFi8QyjDAw02NUXwDPonHaYCtf9YWoklWxTVr/TXfqV6qNEzVIV/pVXsu Q9PJ6d+8sFqP+siNw6tT48Yshpi7JXz2MEBPm1zINSA/y6dNgcfOQpNWHH7wep0boN5XxY ec7xuDxcs582L4wQPx76tpt7YcBOORgu+nrKpJOmfGg01HgCSALaQD29C90hlw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 07/17] test: overlayfs related tweaks Date: Tue, 7 Jan 2025 14:45:55 +0100 Message-ID: <20250107134606.37260-7-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche OverlayFS does not support a couple of ioctl's and other features, like NFS, so skip and tweak relevant tests. Signed-off-by: Christian Göttsche --- v2: fix support for NFS, by using FS_IOC_GETFLAGS only on FIGETBZ failure --- tests/capable_sys/test | 2 +- tests/ioctl/test_ioctl.c | 16 +++++++++++++--- tests/ioctl/test_noioctl.c | 11 +++++++++-- tests/overlay/test | 7 ++++--- 4 files changed, 27 insertions(+), 9 deletions(-) diff --git a/tests/capable_sys/test b/tests/capable_sys/test index 132c732..6fb57a1 100755 --- a/tests/capable_sys/test +++ b/tests/capable_sys/test @@ -10,7 +10,7 @@ BEGIN { $basedir =~ s|(.*)/[^/]*|$1|; $fs = `stat -f --print %T $basedir`; - $test_fibmap = ( $fs ne "btrfs" and $fs ne "nfs" ); + $test_fibmap = ( $fs ne "btrfs" and $fs ne "nfs" and $fs ne "overlayfs" ); $test_count = 7; if ($test_fibmap) { diff --git a/tests/ioctl/test_ioctl.c b/tests/ioctl/test_ioctl.c index 9bf732d..a68c4e0 100644 --- a/tests/ioctl/test_ioctl.c +++ b/tests/ioctl/test_ioctl.c @@ -27,11 +27,21 @@ int main(int argc, char **argv) exit(1); } - /* This one should hit the FILE__GETATTR or FILE__IOCTL test */ + /* + * This one should hit the FILE__GETATTR or FILE__IOCTL test. + * FIGETBSZ is not available on overlayfs, + * and FS_IOC_GETFLAGS is not available on NFS. + */ rc = ioctl(fd, FIGETBSZ, &val); if( rc < 0 ) { - perror("test_ioctl:FIGETBSZ"); - exit(1); + if(errno == EINVAL) { + rc = ioctl(fd, FS_IOC_GETFLAGS, &val); + } + + if( rc < 0 ) { + perror("test_ioctl:FIGETBSZ/FS_IOC_GETFLAGS"); + exit(1); + } } /* This one should hit the FILE__IOCTL test */ diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c index ea9f120..f8cac63 100644 --- a/tests/ioctl/test_noioctl.c +++ b/tests/ioctl/test_noioctl.c @@ -43,10 +43,17 @@ int main(int argc, char **argv) exit(1); } - /* This one should hit the FILE__IOCTL or FILE__GETATTR test and fail. */ + /* + * This one should hit the FILE__GETATTR or FILE__IOCTL test. + * FIGETBSZ is not available on overlayfs, + * and FS_IOC_GETFLAGS is not available on NFS. + */ rc = ioctl(fd, FIGETBSZ, &val); + if( rc == -1 && errno == EINVAL ) { + rc = ioctl(fd, FS_IOC_GETFLAGS, &val); + } if( rc == 0 ) { - printf("test_noioctl:FIGETBSZ"); + printf("test_ioctl:FIGETBSZ/FS_IOC_GETFLAGS"); exit(1); } diff --git a/tests/overlay/test b/tests/overlay/test index c8367dd..744fc9c 100755 --- a/tests/overlay/test +++ b/tests/overlay/test @@ -9,14 +9,15 @@ BEGIN { chop($seuser); $seuser =~ s|^(\w+):.*$|$1|; - $isnfs = `stat -f --print %T $basedir`; + $fs = `stat -f --print %T $basedir`; # check if kernel supports overlayfs and SELinux labeling if ( system("grep -q security_inode_copy_up /proc/kallsyms") ) { plan skip_all => "overlayfs not supported with SELinux in this kernel"; } - elsif ( $isnfs eq "nfs" ) { - plan skip_all => "overlayfs upperdir not supported on NFS"; + elsif ( $fs eq "nfs" or $fs eq "overlayfs" ) { + plan skip_all => + "overlayfs upperdir not supported on NFS and OverlayFS"; } else { plan tests => 119; From patchwork Tue Jan 7 13:45:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928917 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD4E81EF097 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; cv=none; b=HMYrz73+R0AAc+0ckWR52S9w3RWEK3yDdyeFT5ugAg91f5nPnLklhUhNCE5iVxEESAgXKgo6i5SGIinlMduErTCGFz/bdh8GJIIA2Czj8IPeY8o2EIOb+xiOeXAeK+oajzqM/2l4bZu1PGqkLjdXSqESgPIpLR2H5haeiFzRWOk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; c=relaxed/simple; bh=A1VN7N/2Z8J894ixrpvArLa1/VvQBQ4+biisUlcUPDA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X0AeUyKm77j+08Q7ryskI+cohHtEq7Al8VwrKv++N17ywFcCC9UI/PHnXW4ywXsNEff64oBiITnJ272ikHaWDKUdPv4RcF1LhnbgT55PGi8U9DhKgebbqryKVgFgNgZMIo+Hd7Wtrlp6+/EyHztYX7Kn7G9yEuzud1dz6uQXCiY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=oaKHPPr7; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="oaKHPPr7" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257574; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=35kvOfcicU616OViDfVOjBpbGlR6/3BjcUvzKCWH7gs=; b=oaKHPPr7u5sPwdJFBQ/U52cLzhmZ8gmW/5MacKsLnHt5O8rOeboIzwj3y93DjXQhUNeisD /j1jUW0Gr6ULSA/SQvoPZ4vMMaY8RPrj30FyaO9kwzBcml8MqRR3Mi41SXl6Ci5InDUjXo smz7oJlXhsBD+K6y0e55qU6oQ+aZEiEXID/3vGZsg1930zAoPJyjlUzUX3m1l4FTpe/Mca SYte6SpYSgPvUvOhqDKCS/4EEFoTlp5G3Nj3WQxhcorQMuXXFqmk3iRV5AgmKodJNVqIkz ujcVonatFl2KAKboc3fc/o55aWOXEdf5ia0tBjTzjjigi3J/3kH2H2v/mnXtog== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 08/17] tests/notify: work with CONFIG_FANOTIFY disabled Date: Tue, 7 Jan 2025 14:45:56 +0100 Message-ID: <20250107134606.37260-8-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/notify/test | 172 +++++++++++++++++++++-------------- tests/notify/test_fanotify.c | 14 ++- 2 files changed, 114 insertions(+), 72 deletions(-) diff --git a/tests/notify/test b/tests/notify/test index 77db8c2..be28ad1 100755 --- a/tests/notify/test +++ b/tests/notify/test @@ -1,11 +1,25 @@ #!/usr/bin/perl use Test; -BEGIN { plan tests => 18 } # number of tests to run -# help the test script locate itself -$basedir = $0; -$basedir =~ s|(.*)/[^/]*|$1|; +BEGIN { + # help the test script locate itself + $basedir = $0; + $basedir =~ s|(.*)/[^/]*|$1|; + + $fanotify_support = 1; + + $result = system("runcon -t test_watch_t $basedir/test_fanotify -c 2>&1"); + + # check if CONFIG_FANOTIFY is enabled - ENOSYS + if ( $result >> 8 eq 38 ) { + $fanotify_support = 0; + plan tests => 4; + } + else { + plan tests => 18; + } +} # Get rid of a testfile and dir from last run if it's there (just in case) system("rm -f $basedir/watch_me"); @@ -27,45 +41,53 @@ $exit_val = system("runcon -t test_watch_t $basedir/test_inotify $basedir/watch_me 2>&1"); ok( $exit_val, 0 ); -# Should be able to set non-permissions based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); -ok( $exit_val, 0 ); +if ($fanotify_support) { -# Should NOT be able to set permission based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail + # Should be able to set non-permissions based fanotify watch + $exit_val = system( + "runcon -t test_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); + ok( $exit_val, 0 ); -# Should NOT be able to set read based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail + # Should NOT be able to set permission based fanotify watch + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + # Should NOT be able to set read based fanotify watch + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail +} # Should NOT be able to set read based inotify watch $exit_val = system( "runcon -t test_watch_t $basedir/test_inotify -r $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail +ok($exit_val); # this should fail -## TEST PERM WATCH -# Should be able to set permission based fanotify watch -$exit_val = system( +if ($fanotify_support) { + + ## TEST PERM WATCH + # Should be able to set permission based fanotify watch + $exit_val = system( "runcon -t test_perm_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); -# Should NOT be able to set watch of accesses -$exit_val = system( + # Should NOT be able to set watch of accesses + $exit_val = system( "runcon -t test_perm_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1" -); -ok($exit_val); # this should fail + ); + ok($exit_val); # this should fail -## TEST READ NO PERM WATCH PERMSISSIONS -# Should NOT be able to set read and perm watch -$exit_val = system( + ## TEST READ NO PERM WATCH PERMSISSIONS + # Should NOT be able to set read and perm watch + $exit_val = system( "runcon -t test_read_watch_t $basedir/test_fanotify -p -r $basedir/watch_me 2>&1" -); -ok($exit_val); # should fail + ); + ok($exit_val); # should fail +} # Should be able to set read inotify watch $exit_val = system( @@ -73,12 +95,15 @@ $exit_val = system( ); ok( $exit_val, 0 ); -## TEST READ WITH PERM WATCH PERMSISSIONS -# Should be able to set read and perm watch -$exit_val = system( +if ($fanotify_support) { + + ## TEST READ WITH PERM WATCH PERMSISSIONS + # Should be able to set read and perm watch + $exit_val = system( "runcon -t test_perm_read_watch_t $basedir/test_fanotify -p -r $basedir/watch_me 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); +} ## TEST NO WATCH PERMSISSIONS # Should NOT be able to set inotify watch @@ -86,45 +111,52 @@ $exit_val = system( "runcon -t test_no_watch_t $basedir/test_inotify $basedir/watch_me 2>&1"); ok($exit_val); # this should fail -# Should NOT be able to set any fanotify watch -$exit_val = system( - "runcon -t test_no_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail - -## TEST READ ONLY -# Should NOT be able to get read-write descriptor -$exit_val = system( - "runcon -t test_rdonly_t $basedir/test_fanotify -l $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail - -# Should be able to get read-write descriptor -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -l $basedir/watch_me 2>&1"); -ok( $exit_val, 0 ); - -## TEST MOUNT WATCHES -# Should NOT be able to set a watch on a mount point -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1"); -ok($exit_val); # this should fail - -# Should be able to set a watch on mount point -$exit_val = system( +if ($fanotify_support) { + + # Should NOT be able to set any fanotify watch + $exit_val = system( +"runcon -t test_no_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + ## TEST READ ONLY + # Should NOT be able to get read-write descriptor + $exit_val = system( +"runcon -t test_rdonly_t $basedir/test_fanotify -l $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + # Should be able to get read-write descriptor + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -l $basedir/watch_me 2>&1" + ); + ok( $exit_val, 0 ); + + ## TEST MOUNT WATCHES + # Should NOT be able to set a watch on a mount point + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1" + ); + ok($exit_val); # this should fail + + # Should be able to set a watch on mount point + $exit_val = system( "runcon -t test_mount_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); -# Should NOT be able to set a perm watch on a mount -$exit_val = system( + # Should NOT be able to set a perm watch on a mount + $exit_val = system( "runcon -t test_mount_watch_t $basedir/test_fanotify -m -p $basedir/watch_dir 2>&1" -); -ok($exit_val); # this should fail + ); + ok($exit_val); # this should fail -# Should be able to set a perm watch on a mount object -$exit_val = system( + # Should be able to set a perm watch on a mount object + $exit_val = system( "runcon -t test_mount_perm_t $basedir/test_fanotify -p -m $basedir/watch_dir 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); +} # Clean up test file system("rm -f $basedir/watch_me"); diff --git a/tests/notify/test_fanotify.c b/tests/notify/test_fanotify.c index bc3b4c3..fe89265 100644 --- a/tests/notify/test_fanotify.c +++ b/tests/notify/test_fanotify.c @@ -5,6 +5,7 @@ #include +#include #include #include #include @@ -12,7 +13,7 @@ void printUsage() { - fprintf(stderr, "Usage: test_fanotify [-p] [-r] [-l] [-m] file_name\n"); + fprintf(stderr, "Usage: test_fanotify [-p] [-r] [-l] [-m] [-c] file_name\n"); exit(1); } @@ -26,13 +27,14 @@ int main(int argc, char *argv[]) int mask = FAN_OPEN; // default mask int flags = FAN_MARK_ADD; int listening = 0; + int check = 0; // the -p flag will test for watch_with_perm // the mask used at mark will contain FAN_OPEN_PERM // // the -r flag will test for watching accesses to files for reads // the mask will contain FAN_ACCESS - while ((arg = getopt(argc, argv, "prlm")) != -1) { + while ((arg = getopt(argc, argv, "prlmc")) != -1) { switch (arg) { case 'p': mask |= FAN_OPEN_PERM; @@ -46,6 +48,9 @@ int main(int argc, char *argv[]) case 'm': flags |= FAN_MARK_MOUNT; break; + case 'c': + check = 1; + break; default: printUsage(); } @@ -53,6 +58,11 @@ int main(int argc, char *argv[]) // get file descriptor for new fanotify event queue fd = fanotify_init(FAN_CLASS_CONTENT, O_RDWR); + if (check) { + if (fd < 0 && errno == ENOSYS) + exit(ENOSYS); + exit(0); + } if (fd < 0) { perror("fanotify_init:bad file descriptor"); exit(1); From patchwork Tue Jan 7 13:45:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928912 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD6BC1F0E46 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257585; cv=none; b=SSVkydpsV2PMhuXdvmeqo9jcEA32ZBoCvoXL/3+VygwqkFwYx1x8okMqKRO3kO3YUt4Twro+Wkbk4OOi0nGVsAXU16hE+OTsae/ZiUIlxZUBPjzFlegjf0TGWAhsAirNqCSlatLgATts/AP1SYq2IYayWagMlav745/tztnyM5k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257585; c=relaxed/simple; bh=7+GdtblkCbLM4lpaUtDGhHp/+dshmcdooPw9ByEgetw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pktCdUPqejZ0sjZRH/ZgKNnUzOG72216WK5SaGN+IHPWkihQ17TbuuN7wzO6lq7OUXSwUXtMZUpRrIffO3Z139xxsWvIWVK5/FCXdrZAxhkmYwGDuWrUtZP2gUeJHKCIq54rqlgQiClSIQeR6H2OLKvrEP3rhY+u1G0yAgSic48= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=TUFRvKTf; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="TUFRvKTf" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257574; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Kk68S0wjF97uYCP0Agj7VdN7nnRK5PHjibC1P7a91J4=; b=TUFRvKTfp+XaM9VR6W9tyeoOxfmpSmw1WXIJhKlKfUfZ7Qp5dQJMn495gJw59hGR1264jd GILZkWzzKDq89dVEtDzJTUEkHAd718HpMeILk2mrB1rkuVj3pE7zjmwloF65F2GDJqXAdS GmA6ZytGcHI75WuBHV6QvAxoFTKHtxX9X87kQqBlpr11PZ2Nz2i871JpMGO3gSlAVEjQFA H/5GTZlUtyj4WnToTC9qj7/Rdn2SpEJLHVQw+5qJDrx/BGTMYdZgK9c3Tso8EbkUWWwqGH eENrgsqqNEq6B/4H9jDH0259j7uj/XS4jn9AuUSK2OB0a/zT8BcfZ1btI+JSiQ== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled Date: Tue, 7 Jan 2025 14:45:57 +0100 Message-ID: <20250107134606.37260-9-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/extended_socket_class/test | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/tests/extended_socket_class/test b/tests/extended_socket_class/test index 1e6299f..f85243a 100755 --- a/tests/extended_socket_class/test +++ b/tests/extended_socket_class/test @@ -3,10 +3,11 @@ use Test; BEGIN { - $test_count = 6; + $test_count = 4; $test_bluetooth = 0; $test_sctp = 0; $test_smc = 0; + $test_alg = 0; # check if SCTP is enabled if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) { @@ -26,6 +27,12 @@ BEGIN { $test_smc = 1; } + # check if ALG is supported + if ( system("modprobe af_alg 2>/dev/null") eq 0 ) { + $test_count += 2; + $test_alg = 1; + } + plan tests => $test_count; } @@ -127,17 +134,20 @@ if ($test_bluetooth) { ok($result); } -# Verify that test_alg_socket_t can create a Crypto API socket. -$result = system( +if ($test_alg) { + + # Verify that test_alg_socket_t can create a Crypto API socket. + $result = system( "runcon -t test_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" -); -ok( $result, 0 ); + ); + ok( $result, 0 ); -# Verify that test_no_alg_socket_t cannot create a Crypto API socket. -$result = system( + # Verify that test_no_alg_socket_t cannot create a Crypto API socket. + $result = system( "runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" -); -ok($result); + ); + ok($result); +} if ($test_smc) { From patchwork Tue Jan 7 13:45:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928915 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 133821F03C2 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; cv=none; b=SvVp7vaUPhXk8DZFHYfccP796LgHn9sUrJWCh+mhvQkN55B0D+Op+Ze+BN4l5LtSRiYiXuL/KsLg7RGNOgzQUQlZpydvEQnTt1aZJ+SpqyaWPq9cjwkpkO07WFH0bFQgI8r51gLbY9brxkDCyZSstpLeYV92oyTxMjdtRF5DjRI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; c=relaxed/simple; bh=N9IJmBkn3nfPsuDmmuOLlzze6wEECvmAbP6D7O4cn18=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Dw/YYfFH8iPQYVUCSbfC5P59ru4V0kTkrfgIWHKFjujs87OAOPr0W8NdOEcsevIvGDrZqiZ3qtFMdKm1o2UCmbNT30eJHNNy8ULwJ6FYBE9J+qttvRUUq4XEcnN4gd2P2q/9R9oGcp3YbNzmimQaTB/vob+2D/jqr7Nj47R+uFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=lt6GuZ6r; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="lt6GuZ6r" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257574; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RFz9Uq3lDPnvKhXlYcpeT8kw62E/5Ik2BLrolGzg0IE=; b=lt6GuZ6rUzkzpQfTl8D0FbeBMY3N/Cvd3CX5ycM9fNPrHQzDvZScNUwA9gDFmEj8SxnTVL Jj/NzRGFbdAdoZIie1eUis6BCwsaIfS41HjG8X3WsrGU9qyZYsUXlxBryGHkTTyHsabTRb gq725qHS3j1A+dBTEgPuDTaS1S2cPq+yktdoOo6PzPr9O2jI8ALEUBb3rWc7B/iWEzBIB+ a03b7+t1fNwkyFW5q0umNuaRliGQRq7I+TEg04pbLMDXKH0JoXv+OWxPMs78/0+lcGSJg4 VnkOWTH4Kt7hx9dUD1WRxXUoVHR9abG3OwGZxFsMgWxXBfEMSP/I1hq7AbA5UA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 10/17] tests/tun_tap: skip if not supported Date: Tue, 7 Jan 2025 14:45:58 +0100 Message-ID: <20250107134606.37260-10-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- tests/tun_tap/test | 10 +++++++++- tests/tun_tap/tun_common.c | 2 +- tests/tun_tap/tun_tap.c | 10 +++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/tests/tun_tap/test b/tests/tun_tap/test index 3daf2eb..87956c5 100755 --- a/tests/tun_tap/test +++ b/tests/tun_tap/test @@ -16,7 +16,15 @@ BEGIN { $v = " "; } - plan tests => 14; + $result = system("runcon -t test_tun_tap_t $basedir/tun_tap $v -c 2>&1"); + + # check for TUN/TAP support - ENOENT + if ( $result >> 8 eq 2 ) { + plan skip_all => "No TUN/TAP support"; + } + else { + plan tests => 14; + } } ############ Test tun_socket TUN ############# diff --git a/tests/tun_tap/tun_common.c b/tests/tun_tap/tun_common.c index 9a3c5de..86e41df 100644 --- a/tests/tun_tap/tun_common.c +++ b/tests/tun_tap/tun_common.c @@ -5,7 +5,7 @@ int open_dev(int *fd, char *test_str, bool verbose) char *tun_dev = "/dev/net/tun"; *fd = open(tun_dev, O_RDWR); - if (fd < 0) { + if (*fd < 0) { fprintf(stderr, "Failed to open device: %s\n", strerror(errno)); return errno; diff --git a/tests/tun_tap/tun_tap.c b/tests/tun_tap/tun_tap.c index a3db6c9..c1b8590 100644 --- a/tests/tun_tap/tun_tap.c +++ b/tests/tun_tap/tun_tap.c @@ -5,6 +5,7 @@ static void print_usage(char *progname) fprintf(stderr, "usage: %s [-p] [-s ] [-v]\n" "Where:\n\t" + "-c Check if TUN/TAP features are available.\n\t" "-p Test TAP driver, default is TUN driver.\n\t" "-s If -v, then show TUN/TAP Features.\n\t" "-v Print information.\n", progname); @@ -16,14 +17,17 @@ int main(int argc, char *argv[]) char *context, *test_str; int opt, result, fd, bit, count, test; unsigned int features, f_switch; - bool verbose = false, show = false; + bool verbose = false, show = false, check = false; struct ifreq ifr; test = IFF_TUN; test_str = "TUN"; - while ((opt = getopt(argc, argv, "psv")) != -1) { + while ((opt = getopt(argc, argv, "cpsv")) != -1) { switch (opt) { + case 'c': + check = true; + break; case 'p': test = IFF_TAP; test_str = "TAP"; @@ -52,7 +56,7 @@ int main(int argc, char *argv[]) /* Start TUN/TAP */ result = open_dev(&fd, test_str, verbose); - if (result != 0) + if (check || result != 0) exit(result); if (verbose && show) { From patchwork Tue Jan 7 13:45:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928919 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 132B01EE004 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257587; cv=none; b=PivVjv9xyKkxCh4JNbtGbm5ohKivizgNS9i5mfF7J8cF5alLx88S7fwEx6jJt1/TW8G80df+mLYdy6r8mpTvay7aUZ7b+JM7r2IsSnX12/oaoSJv9PLesZR5Q0Bt2EyJjufi5LfSB2WLEzJlkrsr/LxvRCeFzX/B2cw36qs6v8c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257587; c=relaxed/simple; bh=BQz1lOJi7ohU+XD1SNQFNpkjbIG4O7ewzzIUDiJesx0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gyv4pDI2oADL9gaIl9NtJoKG0VrpN6jMENo9raDzlnA+dD4/mxXnVmZuGaqVvI610Af0czqy/VbYxWGUD+pys1DA5tdxrweqyMr1ARjBpG3dYYCRkn30z0fN0PcrOJXha1RTOoN1+/X22r3K+wInfp3gPvgUetpxZY6SBIcnmgQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=pqVj9ElA; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="pqVj9ElA" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257575; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fhQ0cC17Zp9i6MTbcnqFntOdWP6BygOzE2LlMi5Y4hA=; b=pqVj9ElAhRVQ02riRr9iBnuczNZRjhhELfvjdcwkJ0Yx4zFVsf3FS0M+nRE6kP5pNZGj96 GbuL82u3tUqqbHK0bsJXfPp1KtzRRYBcZQw2+PbIl6zpayXSjDo3diUmI7FQuk6A9Xt6jx GzLgpPPP9kJTjKtqyh48eVaDumQ3ojd6rDWzy4ngI9Zu/Z75+4Nh/NAVt/M+nAjJGzziNW nsgfJDwZiAtNr3zUx1Pa9jTLRe3tN9JO7C4Glnsh7UF0Oipn6ragHxerA5h85VyuMMuyaX MgFnCBBY8fFkzPKOUdilMu6dA5NEPgv5bYguc8gcP1C/2AS3r79biqY+bnPePw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 11/17] tests/inet_socket: skip mptcp if not supported Date: Tue, 7 Jan 2025 14:45:59 +0100 Message-ID: <20250107134606.37260-11-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Also fix a typo in the unknown protocol case. Signed-off-by: Christian Göttsche --- tests/inet_socket/test | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/inet_socket/test b/tests/inet_socket/test index 08c7b1d..71bc7dd 100755 --- a/tests/inet_socket/test +++ b/tests/inet_socket/test @@ -9,6 +9,9 @@ BEGIN { $proto = basename($basedir); if ( $proto eq "tcp" or $proto eq "mptcp" ) { + if ( $proto eq "mptcp" && system("modprobe mptcp 2>/dev/null") ne 0 ) { + plan skip_all => "protocol mptcp not supported"; + } $is_stream = 1; $fail_value1 = 5; $fail_value2 = 5; @@ -21,7 +24,7 @@ BEGIN { $test_count = 11; } else { - plan skip => "unknown protocol name \'$proto\'"; + plan skip_all => "unknown protocol name \'$proto\'"; } $test_ipsec = 0; From patchwork Tue Jan 7 13:46:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928920 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 230821F0E20 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257587; cv=none; b=BGs3HQFB6dFVUrjII4GhNLCmJLeqXp2v2FCf8w+2w+ClM1Q3wP99cfuI3X45D/H90cfo57kDff+R69yeaZi2wzpwyI9tIKNxksnXDw3JYHtgu/idq99IHiuL5s1RyT0Hg+K5uMcZl6g51vPAZFTIbIgSaiJJUOlW/I+cP5zSEQ8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257587; c=relaxed/simple; bh=e5ZuGC72oFzMvSgy1qKb6QI+qPupvXxtmhOCH6Rli9U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=PCKqmqkTm4hLq02LrpKTOmfwCafozzXyKy4Zt6/2HGfSQ4w7MO00xPAD6pnHGXiZc2viZL0Ad4FzA7lggi50NSc53/5SrZzO2XbLji0MnaaGRNxkq3ZOaUrQYqehTb35QnvAOnifFf69gYhoMuJg7wvW5B/ZKRklwyjGHXgiYmo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=pbFijOSX; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="pbFijOSX" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257575; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nC9Qa2vMKF4MHk570KCB7wjtI+pwpSP+Ldg3tti1WsA=; b=pbFijOSXb7kuv8qo1X4KxPdG0Wv28fFwZDFk9BSh7/NdN8gzqv+zIjOclbjzrEmJ+zaiQA xp37FliUDuY4ZGWawh2X3tAhiJW7IqHbZRNMRuy3mKUtAh/gBgkvUMDiKv7a5wzXiebxB5 i5aLE6TaQY7K5u/+HAyijPiDW5Hjg8DXTU3N1oXUuubNGDjmvV9666IQInPztXYN2x3TXM oRZH++DYV7t7KeppmjFZoRjvRhxLuVI0pgkeqjpMFVpiYqZB6f/Q7/juVo610HI4NBSquq cqnfCVStz4P3kjSe4taAaLriIl5TQwba7/7900tkHGthAzrfZCr+6bIv31Y9eg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 12/17] tests/filesystem: improve fsnotify check and preload loop module Date: Tue, 7 Jan 2025 14:46:00 +0100 Message-ID: <20250107134606.37260-12-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche fsnotify support might be missing from the running kernel. Pre-load the loop module to ensure creating a loop device succeeds. Signed-off-by: Christian Göttsche --- tests/filesystem/Filesystem.pm | 2 +- tests/filesystem/test | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/filesystem/Filesystem.pm b/tests/filesystem/Filesystem.pm index f169464..ab5db31 100644 --- a/tests/filesystem/Filesystem.pm +++ b/tests/filesystem/Filesystem.pm @@ -15,7 +15,7 @@ sub check_config { $watch = 0; $result = `$base/../kvercmp $kvercur $kverminstream`; - if ( $result > 0 && -e $fanotify_fs ) { + if ( $result > 0 && -e $fanotify_fs && -d "/proc/sys/fs/fanotify/" ) { $watch = 1; $tst_count += 11; } diff --git a/tests/filesystem/test b/tests/filesystem/test index a7d8b24..c12fed2 100755 --- a/tests/filesystem/test +++ b/tests/filesystem/test @@ -176,6 +176,9 @@ ok( $result >> 8 eq 13 ); system("rm -rf $basedir/mntpoint 2>/dev/null"); +# Preload module +system("modprobe loop 2>/dev/null"); + ############### Test Basic Mount/Unmount ########################## mk_mntpoint_1($private_path); From patchwork Tue Jan 7 13:46:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928918 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 133291EF0B7 for ; Tue, 7 Jan 2025 13:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257587; cv=none; b=uQzbDF+hX9bZU6QhLJkma/L1Mv4nd/mIFKuaAFb4DSqNSHhcMGljPWvn6wDT3MAP4Jpp80kxVbPFo5ZD8qWs7uow9Zexpd0oJNisRoqVdrBF3BLqF/hEpFNv8hDZDgj3THBhktVh265+Efv9N08uWzzPf4NOqJ/yIDyP3qdotp4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257587; c=relaxed/simple; bh=XN8+VHKCjrLNcUjNZC6WEyqOZSyTuyha/+R/XHtk+9A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DF4UOtKIMspLViiCU46mG05dyfyV25hlDYp99Hkp785tSJaQKpu83XZs4/cbI8QKZQ/S/EjMESf1M4RlPteMCkElcDVLZQrcZYdMydZB8PMDC57Q95F8AHk5x/GWXKQonMIiSK7w+d+wy4mqmS4iqJDaAlrwVrd3Kf0xJQcVYAw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=P5ofDScy; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="P5ofDScy" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257575; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K2buxpvgNvi1xv1xbtyYsi1+3SpnFzu17Ui/rU0vLnA=; b=P5ofDScy4BeKUN3whE14Vxf1EzbaEC2zu7HxXmvOtrpQIdUbRZCLk2D1n/etgDOO+RTMTD TojdoQ9Qp8yek6V4+dj06gqm8s9z8Xy3Bhu7NMeBihPRJnRiDO9wbRHHVvwGYWvnU2rkex F9Wa/XTHIONU+Vy8pt5Bs+3aLX/fHOht7vbHUPFaCxEDYtD8Tg5wnmeVv7iOnh/UbPEkRA Bdg2KE/UXPL1Px9+f4XJSRUlARHFxDrNI0GHavGA+Zk4IyHy4QiQ7NYe3zSQKgehiGGTvU P47TlIKEmYCE8W9dMuyThMyWak8PJ2Qx699UfHIv9VRvUF+i0NBChzD+0v0BXA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 13/17] defconfig: enable CONFIG_XFRM_USER Date: Tue, 7 Jan 2025 14:46:01 +0100 Message-ID: <20250107134606.37260-13-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Required for inet_socket/tcp checks. Signed-off-by: Christian Göttsche --- defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/defconfig b/defconfig index b2d4a90..b86a1dc 100644 --- a/defconfig +++ b/defconfig @@ -10,6 +10,7 @@ CONFIG_SECURITY_SELINUX=y # For testing of labeled IPSEC, NetLabel, and SECMARK functionality. # Not strictly required for basic SELinux operation. CONFIG_SECURITY_NETWORK_XFRM=y +CONFIG_XFRM_USER=y CONFIG_NETLABEL=y CONFIG_IP_NF_SECURITY=m CONFIG_INET_XFRM_MODE_TRANSPORT=m From patchwork Tue Jan 7 13:46:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928921 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FA281E3DF2 for ; Tue, 7 Jan 2025 13:46:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257588; cv=none; b=P2uzAC3IPlshgQX2XFrsJRqZ5lLXj7z6RUT+QgFDDjRPe5LePZatL2oUukdKEOjv1abbGzfALxx3amiVLGm9yVzTJhQFm4dmTNLPX+jf3FWIpdy2F0h4P+t0ejtUbZ80HH3gzCrhf7qeqqXSOEkS4VGF+7LxK2HSP9CF/pKzGNk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257588; c=relaxed/simple; bh=d+cBR0nPqh3j7UzYfMra9jPKIb/0VilWlb6UfxZjCPA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YuzFK3J4+pxDE+aWEbJNyYRRiS6xi1AssGgdq62DSwleIIGt2USQ6l2pg3Mq1Jn3DqUdeJcsHYAL8y4TuYzu5ObDN3PLFHgxWShKKkaOSVHLaHa2e00I2ISz5PNSm9OlGselGstaGTjKJTdHFE8ZmVFJMClsAx3RZlfNP09cKwI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=Yg6oiKAq; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="Yg6oiKAq" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257576; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bm7Ijh2LR0L2AVVJLndbgQi8cXwLcclyfgfNHc6pUt4=; b=Yg6oiKAqDjJhBG6N+ztoBe3XzUh29GdvJolmMPr3/EFfVqkVMJ6XHfVdNUv7qM7LkHh2Z8 pLrue9JlymJH29Q9vIgHRDwLqwX/qn6RcZU6WW94xTm13wuowq16OAkxfevbqnI73p9JS2 VkvQzMO2P2MsrRhzeANLGtfa/RwqqkLOGyYhklO9fsAz8JFl8ojiFDYoEPbOlitxL50XeU 1oaq+KviVaWimhLqB5T1fJNwtJ699IPhUe20spSVEvBfxgJJ2nS0ERXBeH24a3280vxH+m vH8YqkJdK5C88G+ZseQYVA5wL8qag005sBL289fUwSZoOPS9Y8TGWGhsMRz4vg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG Date: Tue, 7 Jan 2025 14:46:02 +0100 Message-ID: <20250107134606.37260-14-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Required for netlink_socket tests. Signed-off-by: Christian Göttsche --- defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/defconfig b/defconfig index b86a1dc..d4100c0 100644 --- a/defconfig +++ b/defconfig @@ -20,6 +20,9 @@ CONFIG_INET6_AH=m CONFIG_CRYPTO_SHA1=m # used for testing, could be updated if desired CONFIG_NETWORK_SECMARK=y CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_MATCH_STATE=m From patchwork Tue Jan 7 13:46:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928914 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FAC01EBFEB for ; Tue, 7 Jan 2025 13:46:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; cv=none; b=tZLaHrIxYg8Wlvworlit43vs2W5Xs/Pwf2XfRRAxPBTwBSwlUDOZqW3R7m+VWCcIino4WijY9onjuvrBhS1gNSim+NuPtkhMnzpCptG/AqpF38S7V+DKsMzJmVq5h71CBmjDPcOghyYmpHBBptil6KYVvvvveWkuj+zT0Q805vs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257586; c=relaxed/simple; bh=3vvwlgtA6ZYnH1LCLWk/e+0fd6lEsDMiEVV+wsNtQlM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Oqya2teTyckhJr8Tg67Gs7FELfo6UZ2ZuNkVDWgJhJXljjG/isZPniRhnqHpWfp9Za3+iAjYhOccHRt5zC17GIa9CNvs7sr/mHTDMUt5HVXwwHKFZbiUMjBwV1axEFEUEb2dtcVzF5SoocHJQxKz/LoLuNjq3sUiUpgi3mUDBlU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=iP+LH8LV; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="iP+LH8LV" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257576; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ms6eHJoOXgzW/jGMZ9czm+uUVXEbWPWjbYZMVFtJJ/g=; b=iP+LH8LV6l+AZ1Iu3X0BDo+kDsmxViNMA9pzZsHR6lak8c3sz05XDtwz5nPoP0mpE/LSyK Lhouwobx8TwteOA9BoGR+4wODDXTly/wYijy5esTIw8HQ8+to+fHRDVKhfKjbSgDEC857Y uwC4mKWTxMAVp84IqLs9KkzuyGw85AvPNiaZAhJUpV8GRtOWnheFB5b6FAuvMmbvvNPmKX ysRuIWNX0PVvOxh5+f34atqGYRw85dhnot10sGK/zbYeTzmgKmpHrYn8kOojCPAfLcJgoC iHHueC7GxjOO5zDyeylaPDEa/wPHwMyPkiHpl6tHb9GvgeCEuNa6XQa93SoCnA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 15/17] tests: test code tweaks Date: Tue, 7 Jan 2025 14:46:03 +0100 Message-ID: <20250107134606.37260-15-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Be more cautious on unexpected failures and input: binder Avoid returning garbage value from binder_parse() in case of an unexpected (impossible?) empty buffer. Store create_bpf_*() results temporarily in an int to actually perform the error checks (they are currently no-ops on unsigned). bpf Initialize variable in case the program gets called without the associated option. cap_userns Use appropriate types and casts to avoid implicit conversions. execshare Avoid use of void pointer arithmetic. fdreceive Do not call non async-safe exit(3) in signal handler. Drop dead assignment. filesystem Initialize variables in case the programs get called without the associated options. inet_socket/unix_socket Declare usage() as noreturn to help compilers avoid issuing inaccurate warnings. inherit Use a large enough buffer for a potential huge PID. key_socket Avoid comparison of signed with unsigned integer. module_load Correctly check for an open(2) failure. nnp_nosuid Check if wait(2) succeeded before checking the child status. notify Check if opening file was successful. Use appropriate type for read(2) return value. prlimit Set all members of the new limit structure. sctp Use appropriate iterator type. Signed-off-by: Christian Göttsche --- tests/binder/client.c | 2 +- tests/binder/manager.c | 2 +- tests/binder/service_provider.c | 12 +++++++----- tests/bpf/bpf_test.c | 2 +- tests/cap_userns/userns_child_exec.c | 6 +++--- tests/execshare/parent.c | 2 +- tests/fdreceive/server.c | 3 +-- tests/filesystem/fs_relabel.c | 2 +- tests/filesystem/grim_reaper.c | 2 +- tests/inet_socket/bind.c | 1 + tests/inet_socket/connect.c | 1 + tests/inherit/parent.c | 2 +- tests/key_socket/key_sock.c | 2 +- tests/module_load/init_load.c | 2 +- tests/nnp_nosuid/execnnp.c | 2 +- tests/notify/test_fanotify.c | 8 ++++++-- tests/prlimit/parent.c | 2 ++ tests/sctp/sctp_common.c | 4 ++-- tests/unix_socket/client.c | 1 + tests/unix_socket/server.c | 1 + tests/unix_socket/socketpair.c | 1 + 21 files changed, 36 insertions(+), 24 deletions(-) diff --git a/tests/binder/client.c b/tests/binder/client.c index 4965563..220d37a 100644 --- a/tests/binder/client.c +++ b/tests/binder/client.c @@ -231,7 +231,7 @@ static void extract_handle_and_acquire(int fd, static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/binder/manager.c b/tests/binder/manager.c index 8e5f446..f7f1723 100644 --- a/tests/binder/manager.c +++ b/tests/binder/manager.c @@ -156,7 +156,7 @@ static void reply_with_handle(int fd, struct binder_transaction_data *txn_in) static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/binder/service_provider.c b/tests/binder/service_provider.c index 97c59dd..1e6b490 100644 --- a/tests/binder/service_provider.c +++ b/tests/binder/service_provider.c @@ -76,14 +76,16 @@ static void request_service_provider_fd(int fd, break; #if HAVE_BPF case BPF_MAP_FD: - obj.fd = create_bpf_map(); - if (obj.fd < 0) + result = create_bpf_map(); + if (result < 0) exit(70); + obj.fd = result; break; case BPF_PROG_FD: - obj.fd = create_bpf_prog(); - if (obj.fd < 0) + result = create_bpf_prog(); + if (result < 0) exit(71); + obj.fd = result; break; #else case BPF_MAP_FD: @@ -122,7 +124,7 @@ static void request_service_provider_fd(int fd, static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/bpf/bpf_test.c b/tests/bpf/bpf_test.c index 3c6a29c..f43440a 100644 --- a/tests/bpf/bpf_test.c +++ b/tests/bpf/bpf_test.c @@ -20,7 +20,7 @@ int main(int argc, char *argv[]) enum { MAP_FD = 1, PROG_FD - } bpf_fd_type; + } bpf_fd_type = -1; while ((opt = getopt(argc, argv, "mpv")) != -1) { switch (opt) { diff --git a/tests/cap_userns/userns_child_exec.c b/tests/cap_userns/userns_child_exec.c index cdbf120..e65e615 100644 --- a/tests/cap_userns/userns_child_exec.c +++ b/tests/cap_userns/userns_child_exec.c @@ -89,8 +89,8 @@ usage(char *pname) static void update_map(char *mapping, char *map_file) { - int fd, j; - size_t map_len; /* Length of 'mapping' */ + int fd; + size_t j, map_len; /* Length of 'mapping' */ /* Replace commas in mapping string with newlines */ @@ -106,7 +106,7 @@ update_map(char *mapping, char *map_file) exit(EXIT_FAILURE); } - if (write(fd, mapping, map_len) != map_len) { + if (write(fd, mapping, map_len) != (ssize_t)map_len) { fprintf(stderr, "ERROR: write %s: %s\n", map_file, strerror(errno)); exit(EXIT_FAILURE); diff --git a/tests/execshare/parent.c b/tests/execshare/parent.c index db2e127..a0e815b 100644 --- a/tests/execshare/parent.c +++ b/tests/execshare/parent.c @@ -43,7 +43,7 @@ int main(int argc, char **argv) perror("malloc"); exit(-1); } - clone_stack = page + pagesize; + clone_stack = (unsigned char *)page + pagesize; rc = getcon(&context_tmp); if (rc < 0) { diff --git a/tests/fdreceive/server.c b/tests/fdreceive/server.c index ff91532..bbe1c63 100644 --- a/tests/fdreceive/server.c +++ b/tests/fdreceive/server.c @@ -9,7 +9,7 @@ #include char my_path[1024]; -#define CLEANUP_AND_EXIT do { unlink(my_path); exit(1); } while (0) +#define CLEANUP_AND_EXIT do { unlink(my_path); _exit(1); } while (0) void handler(int sig) { @@ -43,7 +43,6 @@ int main(int argc, char **argv) } sun.sun_family = AF_UNIX; - sunlen = sizeof(struct sockaddr_un); strcpy(sun.sun_path, argv[2]); sunlen = strlen(sun.sun_path) + 1 + sizeof(short); strcpy(my_path, sun.sun_path); diff --git a/tests/filesystem/fs_relabel.c b/tests/filesystem/fs_relabel.c index 4daf70c..229fcb5 100644 --- a/tests/filesystem/fs_relabel.c +++ b/tests/filesystem/fs_relabel.c @@ -27,7 +27,7 @@ int main(int argc, char **argv) { int opt, result, save_err; const char *newcon; - char *context, *fs_con = NULL, *base_dir, *type; + char *context, *fs_con = NULL, *base_dir = NULL, *type = NULL; char fs_mount[PATH_MAX]; bool verbose = false; context_t con_t; diff --git a/tests/filesystem/grim_reaper.c b/tests/filesystem/grim_reaper.c index 340546a..167441d 100644 --- a/tests/filesystem/grim_reaper.c +++ b/tests/filesystem/grim_reaper.c @@ -26,7 +26,7 @@ int main(int argc, char *argv[]) size_t len; ssize_t num; int opt, index = 0, i, result = 0; - char *mount_info[2], *buf = NULL, *item, *tgt; + char *mount_info[2], *buf = NULL, *item, *tgt = NULL; bool verbose = false; while ((opt = getopt(argc, argv, "t:v")) != -1) { diff --git a/tests/inet_socket/bind.c b/tests/inet_socket/bind.c index 389ca20..51dae02 100644 --- a/tests/inet_socket/bind.c +++ b/tests/inet_socket/bind.c @@ -12,6 +12,7 @@ #define IPPROTO_MPTCP 262 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, "usage: %s protocol port\n", progname); diff --git a/tests/inet_socket/connect.c b/tests/inet_socket/connect.c index e2d02da..c4defa6 100644 --- a/tests/inet_socket/connect.c +++ b/tests/inet_socket/connect.c @@ -15,6 +15,7 @@ #define IPPROTO_MPTCP 262 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, "usage: %s protocol port\n", progname); diff --git a/tests/inherit/parent.c b/tests/inherit/parent.c index d37bcfe..c218b42 100644 --- a/tests/inherit/parent.c +++ b/tests/inherit/parent.c @@ -66,7 +66,7 @@ int main(int argc, char **argv) fprintf(stderr, "%s: out of memory\n", argv[0]); exit(-1); } - childargv[1] = malloc(6); + childargv[1] = malloc(11); if (!childargv[1]) { fprintf(stderr, "%s: out of memory\n", argv[0]); exit(-1); diff --git a/tests/key_socket/key_sock.c b/tests/key_socket/key_sock.c index 29beb0e..3333fa0 100644 --- a/tests/key_socket/key_sock.c +++ b/tests/key_socket/key_sock.c @@ -111,7 +111,7 @@ int main(int argc, char *argv[]) r_msg.sadb_msg_type != w_msg.sadb_msg_type || r_msg.sadb_msg_satype != w_msg.sadb_msg_satype || r_msg.sadb_msg_seq != w_msg.sadb_msg_seq || - r_msg.sadb_msg_pid != getpid()) { + (pid_t)r_msg.sadb_msg_pid != getpid()) { fprintf(stderr, "Failed to read correct sadb_msg data:\n"); fprintf(stderr, "\tSent - ver: %d type: %d sa_type: %d seq: %d pid: %d\n", w_msg.sadb_msg_version, w_msg.sadb_msg_type, diff --git a/tests/module_load/init_load.c b/tests/module_load/init_load.c index 0422c19..821c4bd 100644 --- a/tests/module_load/init_load.c +++ b/tests/module_load/init_load.c @@ -52,7 +52,7 @@ int main(int argc, char *argv[]) } fd = open(file_name, O_RDONLY); - if (!fd) { + if (fd < 0) { fprintf(stderr, "Failed to open %s: %s\n", file_name, strerror(errno)); exit(-1); diff --git a/tests/nnp_nosuid/execnnp.c b/tests/nnp_nosuid/execnnp.c index 78b5ab5..b4e4928 100644 --- a/tests/nnp_nosuid/execnnp.c +++ b/tests/nnp_nosuid/execnnp.c @@ -67,7 +67,7 @@ int main(int argc, char **argv) } pid = wait(&status); - if (WIFEXITED(status)) { + if (pid >= 0 && WIFEXITED(status)) { if (WEXITSTATUS(status) && nobounded) { printf("%s: Kernels < v3.18 do not support bounded transitions under NNP.\n", argv[0]); diff --git a/tests/notify/test_fanotify.c b/tests/notify/test_fanotify.c index fe89265..c771a8d 100644 --- a/tests/notify/test_fanotify.c +++ b/tests/notify/test_fanotify.c @@ -86,6 +86,10 @@ int main(int argc, char *argv[]) FILE *f; f = fopen(argv[optind], "r"); // open file for reading + if (!f) { + perror("test_fanotify:bad listen file"); + exit(1); + } fgetc(f); // read char from file fclose(f); @@ -100,9 +104,9 @@ int main(int argc, char *argv[]) if (fds.revents & POLLIN) { struct fanotify_event_metadata buff[200]; - size_t len = read(fd, (void *)&buff, sizeof(buff)); + ssize_t len = read(fd, (void *)&buff, sizeof(buff)); if (len == -1) { - perror("test_fanotify:can't open file"); + perror("test_fanotify:can't read file"); exit(1); } else { listening = 0; diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c index 649aecf..70daefb 100644 --- a/tests/prlimit/parent.c +++ b/tests/prlimit/parent.c @@ -138,12 +138,14 @@ int main(int argc, char **argv) newrlimp = &newrlim; if (soft) { newrlim.rlim_max = oldrlim.rlim_max; + newrlim.rlim_cur = oldrlim.rlim_cur; if (newrlim.rlim_cur == RLIM_INFINITY) newrlim.rlim_cur = 1024; else newrlim.rlim_cur = oldrlim.rlim_cur / 2; } else { newrlim.rlim_cur = oldrlim.rlim_cur; + newrlim.rlim_max = oldrlim.rlim_max; if (newrlim.rlim_max == RLIM_INFINITY) newrlim.rlim_max = 1024; else diff --git a/tests/sctp/sctp_common.c b/tests/sctp/sctp_common.c index d10225c..527cda3 100644 --- a/tests/sctp/sctp_common.c +++ b/tests/sctp/sctp_common.c @@ -105,9 +105,9 @@ void print_addr_info(struct sockaddr *sin, char *text) char *get_ip_option(int fd, bool ipv4, socklen_t *opt_len) { - int result, i; + int result; unsigned char ip_options[1024]; - socklen_t len = sizeof(ip_options); + socklen_t i, len = sizeof(ip_options); char *ip_optbuf; if (ipv4) diff --git a/tests/unix_socket/client.c b/tests/unix_socket/client.c index 093c319..eaf83ee 100644 --- a/tests/unix_socket/client.c +++ b/tests/unix_socket/client.c @@ -11,6 +11,7 @@ #include #include +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, diff --git a/tests/unix_socket/server.c b/tests/unix_socket/server.c index bd85e4c..1ec9db5 100644 --- a/tests/unix_socket/server.c +++ b/tests/unix_socket/server.c @@ -16,6 +16,7 @@ #define SCM_SECURITY 0x03 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, diff --git a/tests/unix_socket/socketpair.c b/tests/unix_socket/socketpair.c index d547d10..a9ac873 100644 --- a/tests/unix_socket/socketpair.c +++ b/tests/unix_socket/socketpair.c @@ -17,6 +17,7 @@ #define SCM_SECURITY 0x03 #endif +__attribute__((noreturn)) void print_usage(char *progname) { fprintf(stderr, From patchwork Tue Jan 7 13:46:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928923 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80A081F0E43 for ; Tue, 7 Jan 2025 13:46:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257591; cv=none; b=GvPoVY2L61kAQzis/yUnAUciQZo051OnoVu5QWAHmYhdbPpnF2vT4dO8xMtQDZNtk7QyxHUl+PscuXWsnXde62oUvzvKyQyaDbXNdM4l+znmFD3NqVD8VcieFodYJxePB6Wxcy10Rtjfk40cESDJ3mCkVqNRp/+8xA17nOALLtM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257591; c=relaxed/simple; bh=CaqiiZYzGlHjDug07HFX1gdVtGu63dL4ptdRSORiNJQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bVsSbCh1ewicVwnIStP+kyqNKN8jxrpLJdDGMUPoemon4X1Wcxb6fgbMEALKpHAUEvk80CDhtHheOcnpmGsltanCKQJFKpYIMYf/R1zQVloptI2rQnUKJ9d7wqcJLGBU0aC0YNSRPToKy7ByhEjQfOtFSX/j/qhlTA3S1jeyUxE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=HpiC7mqK; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="HpiC7mqK" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257576; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MCleUBSyKVUpIu4hNRxZIH+tgtEvF4lAKmkNc57uduk=; b=HpiC7mqK5q3NFNLDJa7hkxjeAWqQvW8nRdhhM2sXaHPOYh9L+eGkj8W5oSq5aineSs0wGs xTBElnb4Zmll7EyO/Baf2ZaprgwKGNY433QWC/TagH1fB6B1xY+1FD09QagsqP3oNgYvTh kvZ7xJOqAvr7llOkHCFWARQGtPmCj4dJxV1H13rLotR1vsSbOeVKJlx6RGx2RnDVHTuwQP ZATC9gfOE6xQyjScge1vYsBdGGBPlDMMZsXdgNcUXPk40aid6czNpVuGBoMKQePJj8FN3V q76EANgIXKT9JjX6gxQaJI+hwc9VoZcgFFtJCCHmBb2FkfoYJrd2zVBhxgTg/w== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 16/17] tests: fail on compiler warnings and enable Wextra Date: Tue, 7 Jan 2025 14:46:04 +0100 Message-ID: <20250107134606.37260-16-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Warnings issued by -Wall and -Wextra most of the time point to actual issues in the code. Treat the as error, so the resulting test run failure will be investigated and the issue handled. Signed-off-by: Christian Göttsche --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 35bb358..6af7651 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,7 +6,7 @@ INCLUDEDIR ?= $(PREFIX)/include SELINUXFS ?= /sys/fs/selinux FILESYSTEMS ?= ext4 xfs jfs vfat -export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE +export CFLAGS+=-g -O0 -Werror -Wall -Wextra -Wno-unused-parameter -D_GNU_SOURCE DISTRO=$(shell ./os_detect) SELINUXFS := $(shell cat /proc/mounts | grep selinuxfs | cut -f 2 -d ' ') From patchwork Tue Jan 7 13:46:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13928922 X-Patchwork-Delegate: omosnacek@gmail.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 809711EE7B7 for ; Tue, 7 Jan 2025 13:46:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257590; cv=none; b=WsxIGGsjMzHuuPmuVBPs/LZWxNFxGNGp45T6AIBBjHNmI9MbX9m9b3+y6STWWv9CA1jseD2Kx/EohA4mWxI5MPhQQrGhf/PJ92dy7s5/iJiZO/IXBPa+Wc2YuJJ3XCL0Iax4nZGO3rftbwlGHGAZ8r9lrEzW6h0OwPVxW+URknM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736257590; c=relaxed/simple; bh=7oezcl/Bo2psRCMGInV4m9bfwL73Bk3ns/eyxKdQPQM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=c4LoDcUgwj90GTXrbc4f6DSuGes6t/3H5QaOfruFfPujsJO3qfFryngwKdGRG0y2OvDP4xAO56hrJGCbPyqbbmVsQHfsG90f+IrSAvDLGTcvSTAAoQpVNDeXKb20ohkXJpH293rpHsTWbqODPf0QyVBAt0PlSh8wUJh4iRgozAo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=oRQjdEdn; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="oRQjdEdn" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736257576; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eXQaCbOJELuQrxOB1Xnp7TwhfTVJar55uWLDJQf77iI=; b=oRQjdEdn5mLCSYU61d6Xrn4JoFQoFwHKQ1M17wY1q0zvz/iZXxuV/HaeOGknS3/ZYLBHL1 grn6hVjWNR7EcRnC2D55K+0DOXffH9PqUOFwkJA3lDJ4P2ZS0dd7pdhamJwGMRIeqLvujx HckW57Q2YXR5P/JtlQ1O/qu8HtsYi86ru3iPshD/onGwaw1bCp9vyG4ewzZXwvMXeigRcg xO+AKjQBsssD8geSPvcXbKdyNLy/tPaCQ8Ig192khkaWAQ+Bc8TdDftxDtKWz+Y0n7Jm2N aLM6JF0snLEeZTstPfJnw6/ufLM7JLEQxGWA31VQj1NEtgopB/O+u8fZ3BhUjw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [RFC PATCH v2 17/17] tests: drop headers from Makefile dependencies Date: Tue, 7 Jan 2025 14:46:05 +0100 Message-ID: <20250107134606.37260-17-cgoettsche@seltendoof.de> In-Reply-To: <20250107134606.37260-1-cgoettsche@seltendoof.de> References: <20250107134606.37260-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Clang does not support header files included in the compile command: clang -g -O2 -Werror -Wall -Wextra -Wno-error=unused-parameter -D_GNU_SOURCE -DHAVE_BPF -DHAVE_FS_WATCH_PERM -DHAVE_BPF bpf_test.c bpf_common.c bpf_common.h -lselinux -lbpf -o bpf_test clang: error: cannot specify -o when generating multiple output files Signed-off-by: Christian Göttsche --- tests/binder/Makefile | 4 ++-- tests/bpf/Makefile | 2 +- tests/fdreceive/Makefile | 2 +- tests/keys/Makefile | 2 -- tests/tun_tap/Makefile | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/binder/Makefile b/tests/binder/Makefile index b89d4db..5c3a589 100644 --- a/tests/binder/Makefile +++ b/tests/binder/Makefile @@ -3,7 +3,7 @@ INCLUDEDIR ?= /usr/include TARGETS = check_binder client manager service_provider LDLIBS += -lselinux -lrt -DEPS = binder_common.c binder_common.h +DEPS = binder_common.c ifeq ($(shell test -e $(INCLUDEDIR)/linux/android/binderfs.h && echo true),true) CFLAGS += -DHAVE_BINDERFS @@ -11,7 +11,7 @@ TARGETS += check_binderfs endif ifneq (,$(findstring -DHAVE_BPF,$(CFLAGS))) - DEPS += ../bpf/bpf_common.c ../bpf/bpf_common.h + DEPS += ../bpf/bpf_common.c LDLIBS += -lbpf endif diff --git a/tests/bpf/Makefile b/tests/bpf/Makefile index 1ae8ce9..6b26ff9 100644 --- a/tests/bpf/Makefile +++ b/tests/bpf/Makefile @@ -1,5 +1,5 @@ TARGETS = bpf_test -DEPS = bpf_common.c bpf_common.h +DEPS = bpf_common.c LDLIBS += -lselinux -lbpf # export so that BPF_ENABLED entries get built correctly on local build diff --git a/tests/fdreceive/Makefile b/tests/fdreceive/Makefile index d9f8927..4b1fb8c 100644 --- a/tests/fdreceive/Makefile +++ b/tests/fdreceive/Makefile @@ -1,7 +1,7 @@ TARGETS = client server ifneq (,$(findstring -DHAVE_BPF,$(CFLAGS))) - DEPS = ../bpf/bpf_common.c ../bpf/bpf_common.h + DEPS = ../bpf/bpf_common.c LDLIBS += -lbpf endif diff --git a/tests/keys/Makefile b/tests/keys/Makefile index d9f36ff..d3793db 100644 --- a/tests/keys/Makefile +++ b/tests/keys/Makefile @@ -1,8 +1,6 @@ TARGETS = keyctl keyctl_relabel keyring_service request_keys LDLIBS += -lselinux -lkeyutils -$(TARGETS): keys_common.h - all: $(TARGETS) clean: diff --git a/tests/tun_tap/Makefile b/tests/tun_tap/Makefile index 11f5b03..f4b69d5 100644 --- a/tests/tun_tap/Makefile +++ b/tests/tun_tap/Makefile @@ -1,5 +1,5 @@ TARGETS = tun_tap tun_relabel -DEPS = tun_common.c tun_common.h +DEPS = tun_common.c LDLIBS += -lselinux all: $(TARGETS)