BUG: Fix/restore broken NFS fscontext mount tests #91
Labels
Comments
stephensmalley
added a commit
to stephensmalley/selinux-testsuite
that referenced
this issue
May 30, 2024
These tests currently fail on mount(2) calls due to the directory being unlabeled at the point where search access is checked. Until we can resolve the underlying issue, comment out these tests to allow the NFS tests to be run. It is unclear that these tests ever passed and retaining them prevents enabling the NFS tests in automated testing. This bug is tracked in SELinuxProject#91 Before: Run 'filesystem' tests with mount context option: fscontext=system_u:object_r:test_filesystem_file_t:s0 filesystem/test .. 1/41 Failed mount(2): Permission denied # Failed test at filesystem/test line 709. Failed umount(2): Permission denied # Failed test at filesystem/test line 720. Failed mount(2): Permission denied # Failed test at filesystem/test line 744. Failed umount(2): Permission denied # Failed test at filesystem/test line 756. Failed mount(2): Permission denied # Failed test at filesystem/test line 780. Failed umount(2): No such file or directory # Failed test at filesystem/test line 793. Failed mount(2): Permission denied # Failed test at filesystem/test line 851. Failed umount(2): Permission denied # Failed test at filesystem/test line 863. Failed mount(2): Permission denied # Failed test at filesystem/test line 887. Failed umount(2): Permission denied # Failed test at filesystem/test line 899. Failed mount(2): Permission denied # Failed test at filesystem/test line 923. Failed umount(2): Permission denied # Failed test at filesystem/test line 935. # Failed test at filesystem/test line 978. # Looks like you failed 13 tests of 41. filesystem/test .. Dubious, test returned 13 (wstat 3328, 0xd00) Failed 13/41 subtests Test Summary Report ------------------- filesystem/test (Wstat: 3328 (exited 13) Tests: 41 Failed: 13) Failed tests: 23, 25-26, 28-29, 31-32, 34-35, 37-38, 40-41 Non-zero exit status: 13 Files=1, Tests=41, 1 wallclock secs ( 0.02 usr 0.00 sys + 0.22 cusr 0.36 csys = 0.60 CPU) Result: FAIL Failed 1/1 test programs. 13/41 subtests failed. Test failed on line: 85 - Closing down NFS NFS Closed down $ sudo ausearch -m AVC -ts recent | grep unlabeled type=AVC msg=audit(1716989714.176:42466): avc: denied { search } for pid=170755 comm="mount" name="mntpoint" dev="0:60" ino=822109802 scontext=unconfined_u:unconfined_r:test_filesystem_no_watch_mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 After: No failing tests. Signed-off-by: Stephen Smalley <[email protected]>
WOnder93
pushed a commit
to WOnder93/selinux-testsuite
that referenced
this issue
Jun 3, 2024
These tests currently fail on mount(2) calls due to the directory being unlabeled at the point where search access is checked. Until we can resolve the underlying issue, comment out these tests to allow the NFS tests to be run. It is unclear that these tests ever passed and retaining them prevents enabling the NFS tests in automated testing. This bug is tracked in SELinuxProject#91 Before: Run 'filesystem' tests with mount context option: fscontext=system_u:object_r:test_filesystem_file_t:s0 filesystem/test .. 1/41 Failed mount(2): Permission denied # Failed test at filesystem/test line 709. Failed umount(2): Permission denied # Failed test at filesystem/test line 720. Failed mount(2): Permission denied # Failed test at filesystem/test line 744. Failed umount(2): Permission denied # Failed test at filesystem/test line 756. Failed mount(2): Permission denied # Failed test at filesystem/test line 780. Failed umount(2): No such file or directory # Failed test at filesystem/test line 793. Failed mount(2): Permission denied # Failed test at filesystem/test line 851. Failed umount(2): Permission denied # Failed test at filesystem/test line 863. Failed mount(2): Permission denied # Failed test at filesystem/test line 887. Failed umount(2): Permission denied # Failed test at filesystem/test line 899. Failed mount(2): Permission denied # Failed test at filesystem/test line 923. Failed umount(2): Permission denied # Failed test at filesystem/test line 935. # Failed test at filesystem/test line 978. # Looks like you failed 13 tests of 41. filesystem/test .. Dubious, test returned 13 (wstat 3328, 0xd00) Failed 13/41 subtests Test Summary Report ------------------- filesystem/test (Wstat: 3328 (exited 13) Tests: 41 Failed: 13) Failed tests: 23, 25-26, 28-29, 31-32, 34-35, 37-38, 40-41 Non-zero exit status: 13 Files=1, Tests=41, 1 wallclock secs ( 0.02 usr 0.00 sys + 0.22 cusr 0.36 csys = 0.60 CPU) Result: FAIL Failed 1/1 test programs. 13/41 subtests failed. Test failed on line: 85 - Closing down NFS NFS Closed down $ sudo ausearch -m AVC -ts recent | grep unlabeled type=AVC msg=audit(1716989714.176:42466): avc: denied { search } for pid=170755 comm="mount" name="mntpoint" dev="0:60" ino=822109802 scontext=unconfined_u:unconfined_r:test_filesystem_no_watch_mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 After: No failing tests. Signed-off-by: Stephen Smalley <[email protected]>
WOnder93
pushed a commit
that referenced
this issue
Jun 3, 2024
These tests currently fail on mount(2) calls due to the directory being unlabeled at the point where search access is checked. Until we can resolve the underlying issue, comment out these tests to allow the NFS tests to be run. It is unclear that these tests ever passed and retaining them prevents enabling the NFS tests in automated testing. This bug is tracked in #91 Before: Run 'filesystem' tests with mount context option: fscontext=system_u:object_r:test_filesystem_file_t:s0 filesystem/test .. 1/41 Failed mount(2): Permission denied # Failed test at filesystem/test line 709. Failed umount(2): Permission denied # Failed test at filesystem/test line 720. Failed mount(2): Permission denied # Failed test at filesystem/test line 744. Failed umount(2): Permission denied # Failed test at filesystem/test line 756. Failed mount(2): Permission denied # Failed test at filesystem/test line 780. Failed umount(2): No such file or directory # Failed test at filesystem/test line 793. Failed mount(2): Permission denied # Failed test at filesystem/test line 851. Failed umount(2): Permission denied # Failed test at filesystem/test line 863. Failed mount(2): Permission denied # Failed test at filesystem/test line 887. Failed umount(2): Permission denied # Failed test at filesystem/test line 899. Failed mount(2): Permission denied # Failed test at filesystem/test line 923. Failed umount(2): Permission denied # Failed test at filesystem/test line 935. # Failed test at filesystem/test line 978. # Looks like you failed 13 tests of 41. filesystem/test .. Dubious, test returned 13 (wstat 3328, 0xd00) Failed 13/41 subtests Test Summary Report ------------------- filesystem/test (Wstat: 3328 (exited 13) Tests: 41 Failed: 13) Failed tests: 23, 25-26, 28-29, 31-32, 34-35, 37-38, 40-41 Non-zero exit status: 13 Files=1, Tests=41, 1 wallclock secs ( 0.02 usr 0.00 sys + 0.22 cusr 0.36 csys = 0.60 CPU) Result: FAIL Failed 1/1 test programs. 13/41 subtests failed. Test failed on line: 85 - Closing down NFS NFS Closed down $ sudo ausearch -m AVC -ts recent | grep unlabeled type=AVC msg=audit(1716989714.176:42466): avc: denied { search } for pid=170755 comm="mount" name="mntpoint" dev="0:60" ino=822109802 scontext=unconfined_u:unconfined_r:test_filesystem_no_watch_mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 After: No failing tests. Signed-off-by: Stephen Smalley <[email protected]> Signed-off-by: Ondrej Mosnacek <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
These tests currently fail on mount(2) calls due to the directory being
unlabeled at the point where search access is checked. Until we can resolve
the underlying issue, comment out these tests to allow the NFS tests to
be run. It is unclear that these tests ever passed and retaining them
prevents enabling the NFS tests in automated testing.
Output:
Run 'filesystem' tests with mount context option:
fscontext=system_u:object_r:test_filesystem_file_t:s0
filesystem/test .. 1/41 Failed mount(2): Permission denied
Failed test at filesystem/test line 709.
Failed umount(2): Permission denied
Failed test at filesystem/test line 720.
Failed mount(2): Permission denied
Failed test at filesystem/test line 744.
Failed umount(2): Permission denied
Failed test at filesystem/test line 756.
Failed mount(2): Permission denied
Failed test at filesystem/test line 780.
Failed umount(2): No such file or directory
Failed test at filesystem/test line 793.
Failed mount(2): Permission denied
Failed test at filesystem/test line 851.
Failed umount(2): Permission denied
Failed test at filesystem/test line 863.
Failed mount(2): Permission denied
Failed test at filesystem/test line 887.
Failed umount(2): Permission denied
Failed test at filesystem/test line 899.
Failed mount(2): Permission denied
Failed test at filesystem/test line 923.
Failed umount(2): Permission denied
Failed test at filesystem/test line 935.
Failed test at filesystem/test line 978.
Looks like you failed 13 tests of 41.
filesystem/test .. Dubious, test returned 13 (wstat 3328, 0xd00)
Failed 13/41 subtests
Test Summary Report
filesystem/test (Wstat: 3328 (exited 13) Tests: 41 Failed: 13)
Failed tests: 23, 25-26, 28-29, 31-32, 34-35, 37-38, 40-41
Non-zero exit status: 13
Files=1, Tests=41, 1 wallclock secs ( 0.02 usr 0.00 sys + 0.22 cusr 0.36 csys = 0.60 CPU)
Result: FAIL
Failed 1/1 test programs. 13/41 subtests failed.
Test failed on line: 85 - Closing down NFS
NFS Closed down
$ sudo ausearch -m AVC -ts recent | grep unlabeled
type=AVC msg=audit(1716989714.176:42466): avc: denied { search } for pid=170755 comm="mount" name="mntpoint" dev="0:60" ino=822109802 scontext=unconfined_u:unconfined_r:test_filesystem_no_watch_mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0
The text was updated successfully, but these errors were encountered: