Hi guys,
The new SELinux userspace release is now in the tree, ~arch. I have to
apologise to you guys, but I also made a stupid mistake: while running my
regression tests, I accidentally ran them on a VM that didn't have the new
utilities yet, so I wronly assumed that everything is working fine.
When upgrading my main laptop, I quickly found out that that wasn't the
case. The biggest breakage (a missing definition) has been fixed (and is of
course also in the tree), a smaller one is still remaining (toggling
permissive domains doesn't work yet, but that shouldn't be hard to fix
tomorrow) and a new feature in the release is not working yet (sepolicy, as
it seems to require yum python bindings - don't ask).
I've sent the current set of problems I got to the SELinux development
mailinglist as well, hopefully some of the developers on the other side of
the world might be able to help me out by tomorrow evening.
Beyond the permissive stuff, the tests I have seem to work again so if you
could give a few tests as well (and report bugs as you see them) please go
ahead.
# infratest -s
[semanage] testing for base policy defined contexts
[semanage] testing for substitutions (/lib32 = /lib)
[semanage] creating additional file context rule
[semanage] removing additional file context rule
[semanage] listing SELinux users
[semodule] disable dontaudit statements
[semodule] rebuild base policy (re-enable dontaudit too)
[audit2allow] generating simple test module based on AVC denial
[audit2allow] generating interface info (sepolgen-ifgen, needed for next
test)
[audit2allow] generating refpolicy style test module based on AVC denial
[audit2allow] generating SELinux statements for dmesg output
[rlpkg] relabeling package policycoreutils
[sesearch] looking for direct policy allow statements
[sesearch] looking for allow statements on target attribute
[sesearch] looking for allow statements on source attribute
[sesearch] looking for allow statements on source/target attribute
[sesearch] looking for boolean-triggered policy rules
[sesearch] looking for file transitions
[sesearch] looking for role allow statements
[sesearch] looking for dontaudit statements
[findcon] matching file context
[seinfo] checking existance of domain
[seinfo] viewing attributes of domain
[seinfo] checking existance of attribute
[seinfo] looking for types matching attribute
[seinfo] checking stats
[seinfo] checking existance of role
[seinfo] looking for types matching role
[seinfo] checking existance of user
[seinfo] checking roles matching user
I'll also look into the test possibilities in the ebuilds and packages to
have this done more. If anyone is able to help me out on bug #465846 (seems
to stem from the python eclass usage, which I'm probably doing wrong) that'd
be greatly appreciated.
Wkr,
Sven Vermeulen
The new SELinux userspace release is now in the tree, ~arch. I have to
apologise to you guys, but I also made a stupid mistake: while running my
regression tests, I accidentally ran them on a VM that didn't have the new
utilities yet, so I wronly assumed that everything is working fine.
When upgrading my main laptop, I quickly found out that that wasn't the
case. The biggest breakage (a missing definition) has been fixed (and is of
course also in the tree), a smaller one is still remaining (toggling
permissive domains doesn't work yet, but that shouldn't be hard to fix
tomorrow) and a new feature in the release is not working yet (sepolicy, as
it seems to require yum python bindings - don't ask).
I've sent the current set of problems I got to the SELinux development
mailinglist as well, hopefully some of the developers on the other side of
the world might be able to help me out by tomorrow evening.
Beyond the permissive stuff, the tests I have seem to work again so if you
could give a few tests as well (and report bugs as you see them) please go
ahead.
# infratest -s
[semanage] testing for base policy defined contexts
[semanage] testing for substitutions (/lib32 = /lib)
[semanage] creating additional file context rule
[semanage] removing additional file context rule
[semanage] listing SELinux users
[semodule] disable dontaudit statements
[semodule] rebuild base policy (re-enable dontaudit too)
[audit2allow] generating simple test module based on AVC denial
[audit2allow] generating interface info (sepolgen-ifgen, needed for next
test)
[audit2allow] generating refpolicy style test module based on AVC denial
[audit2allow] generating SELinux statements for dmesg output
[rlpkg] relabeling package policycoreutils
[sesearch] looking for direct policy allow statements
[sesearch] looking for allow statements on target attribute
[sesearch] looking for allow statements on source attribute
[sesearch] looking for allow statements on source/target attribute
[sesearch] looking for boolean-triggered policy rules
[sesearch] looking for file transitions
[sesearch] looking for role allow statements
[sesearch] looking for dontaudit statements
[findcon] matching file context
[seinfo] checking existance of domain
[seinfo] viewing attributes of domain
[seinfo] checking existance of attribute
[seinfo] looking for types matching attribute
[seinfo] checking stats
[seinfo] checking existance of role
[seinfo] looking for types matching role
[seinfo] checking existance of user
[seinfo] checking roles matching user
I'll also look into the test possibilities in the ebuilds and packages to
have this done more. If anyone is able to help me out on bug #465846 (seems
to stem from the python eclass usage, which I'm probably doing wrong) that'd
be greatly appreciated.
Wkr,
Sven Vermeulen