tests / selinux

Clone
Source Code
GIT

#484 test if stress-ng can create anon_inode objects
Merged a month ago by mmalik. Opened a month ago by mmalik.
tests/ mmalik/selinux test-bz-2270895  into  main

file modified
+2 -1 
@@ -54,7 +54,7 @@ 
 

  	@echo "Type:            Regression" >> $(METADATA)
 

  	@echo "TestTime:        30m" >> $(METADATA)
 

  	@echo "RunFor:          selinux-policy" >> $(METADATA)
 

- 	@echo "Requires:        libselinux policycoreutils selinux-policy selinux-policy-targeted gcc glibc-headers setools-console audit fio grubby" >> $(METADATA)
 

+ 	@echo "Requires:        libselinux policycoreutils selinux-policy selinux-policy-targeted gcc glibc-headers setools-console audit fio grubby stress-ng" >> $(METADATA)
 

  	@echo "RhtsRequires:    library(selinux-policy/common)" >> $(METADATA)
 

  	@echo "Priority:        Normal" >> $(METADATA)
 

  	@echo "License:         GPLv2" >> $(METADATA)
 
@@ -68,6 +68,7 @@ 
 

  	@echo "Bug:             2025714" >> $(METADATA) # Fedora 35
 

  	@echo "Bug:             2187745" >> $(METADATA) # RHEL-9
 

  	@echo "Bug:             RHEL-11792" >> $(METADATA) # RHEL-9
 

+ 	@echo "Bug:             2270895" >> $(METADATA) # Fedora 41
 

  

  	rhts-lint $(METADATA)

file modified
+2 
@@ -17,6 +17,7 @@ 
 

    - audit
 

    - fio
 

    - grubby
 

+   - stress-ng
 

  environment:
 

      AVC_ERROR: +no_avc_check
 

  duration: 30m
 
@@ -36,6 +37,7 @@ 
 

    - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=2025714
 

    - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=2187745
 

    - verifies: https://issues.redhat.com/browse/RHEL-11792
 

+   - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=2270895
 

  adjust:
 

    - enabled: false
 

      when: distro == rhel-4, rhel-5, rhel-6, rhel-7, rhel-8, centos-stream-8

file modified
+5 
@@ -97,6 +97,11 @@ 
 

          rlSESearchRule "allow unconfined_service_t unconfined_service_t : io_uring { cmd } [ ]"
 

      rlPhaseEnd
 

  

+     rlPhaseStartTest "bz#2270895"
 

+         rlSESearchRule "allow unconfined_t unconfined_t : anon_inode { create } [ ]"
 

+         rlRun "stress-ng --resources 16 --timeout 5 --log-file /dev/null"
 

+     rlPhaseEnd
 

+ 

      rlPhaseStartCleanup
 

          sleep 2
 

          rlSECheckAVC

TBA later

The TC run failed because the bug is not yet fixed. SELinux denials appeared as expected.

rebased onto af629f9
a month ago

Pull-Request has been merged by mmalik
a month ago
Metadata
None
No Tags
Changes Summary 3
+2 -1
file changed
selinux-policy/anon_inode-and-similar/Makefile
+2 -0
file changed
selinux-policy/anon_inode-and-similar/main.fmf
+5 -0
file changed
selinux-policy/anon_inode-and-similar/runtest.sh
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.