- 07 3月, 2014 1 次提交
-
-
由 Michael Chapman 提交于
With the previous commit's securityselinuxhelper enhancements, the SELinux security manager can be tested even without SELinux enabled on the test system. Signed-off-by: NMichael Chapman <mike@very.puzzling.org>
-
- 08 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The test case average timing code has not been used by any test case ever. Delete it to remove complexity. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 11 6月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
This fixes a crash: https://bugzilla.redhat.com/show_bug.cgi?id=969878
-
- 04 6月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
-
- 11 5月, 2013 1 次提交
-
-
由 Laine Stump 提交于
These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
-
- 10 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 14 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Normally libvirtd should run with a SELinux label system_u:system_r:virtd_t:s0-s0:c0.c1023 If a user manually runs libvirtd though, it is sometimes possible to get into a situation where it is running system_u:system_r:init_t:s0 The SELinux security driver isn't expecting this and can't parse the security label since it lacks the ':c0.c1023' part causing it to complain internal error Cannot parse sensitivity level in s0 This updates the parser to cope with this, so if no category is present, libvirtd will hardcode the equivalent of c0.c1023. Now this won't work if SELinux is in Enforcing mode, but that's not an issue, because the user can only get into this problem if in Permissive mode. This means they can now start VMs in Permissive mode without hitting that parsing error Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 2月, 2013 1 次提交
-
-
由 Eric Blake 提交于
testutils.c likes to print summaries after a test completes, including if it failed. But if the test outright exit()s, this summary is skipped. Enforce that we return instead of exit. * cfg.mk (sc_prohibit_exit_in_tests): New syntax check. * tests/commandhelper.c (main): Fix offenders. * tests/qemumonitorjsontest.c (mymain): Likewise. * tests/seclabeltest.c (main): Likewise. * tests/securityselinuxlabeltest.c (mymain): Likewise. * tests/securityselinuxtest.c (mymain): Likewise. * tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise. * tests/testutils.c (virtTestMain): Likewise. (virtTestCaptureProgramOutput): Use symbolic name.
-
- 21 12月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 19 12月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
If securityselinuxtest was run on a system with newer SELinux policy it would fail, due to using svirt_tcg_t instead of svirt_t. Fixing the domain type to be KVM avoids this issue.
-
- 12 10月, 2012 1 次提交
-
-
由 Martin Kletzander 提交于
We are currently able to work only with non-translated SELinux contexts, but we are using functions that work with translated contexts throughout the code. This patch swaps all SELinux context translation relative calls with their raw sisters to avoid parsing problems. The problems can be experienced with mcstrans for example. The difference is that if you have translations enabled (yum install mcstrans; service mcstrans start), fgetfilecon_raw() will get you something like 'system_u:object_r:virt_image_t:s0', whereas fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow' that we cannot parse. I was trying to confirm that the _raw variants were here since the dawn of time, but the only thing I see now is that it was imported together in the upstream repo [1] from svn, so before 2008. Thanks Laurent Bigonville for finding this out. [1] http://oss.tresys.com/git/selinux.git
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 21 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-