Notification time stamped 2023-11-15 20:30:15 UTC
From 8d1a0ebb57f66075bd94cb4fe239c9921a6da5bc Mon Sep 17 00:00:00 2001
From: Milos Malik <mmalik(a)redhat.com>
Date: Nov 15 2023 20:16:35 +0000
Subject: test if definitions of policy interfaces are correct
A recent testing of the sepolgen-ifgen tool revealed that certain
policy interface definitions are not correct. The TC reproduces
the situation.
Even though the problem exists (unnoticed) for some time already,
I believe that we should ship valid and correctly defined policy
interfaces.
The TC covers RHEL-2616.
---
diff --git a/selinux-policy/interface-definitions/main.fmf
b/selinux-policy/interface-definitions/main.fmf
new file mode 100644
index 0000000..0c2b9a3
--- /dev/null
+++ b/selinux-policy/interface-definitions/main.fmf
@@ -0,0 +1,26 @@
+summary: Are all policy interfaces defined correctly?
+contact: Milos Malik <mmalik(a)redhat.com>
+component:
+ - selinux-policy
+ - policycoreutils
+recommend:
+ - /usr/bin/sepolgen-ifgen
+ - selinux-policy
+ - selinux-policy-targeted
+test: ./runtest.sh
+framework: beakerlib
+duration: 10m
+enabled: true
+tag:
+ - NoRHEL4
+ - NoRHEL5
+ - targeted
+link:
+ - verifies:
https://issues.redhat.com/browse/RHEL-2616
+ - verifies:
https://issues.redhat.com/browse/RHEL-16185
+adjust:
+ - enabled: false
+ when: distro == rhel-4, rhel-5
+ because: decision was made not to fix the problem there
+extra-nitrate: TC#0615941
+id: a6785475-8446-47cc-9167-f2d6ad52d58e
diff --git a/selinux-policy/interface-definitions/runtest.sh
b/selinux-policy/interface-definitions/runtest.sh
new file mode 100755
index 0000000..6d80041
--- /dev/null
+++ b/selinux-policy/interface-definitions/runtest.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+rlJournalStart
+ rlPhaseStartSetup
+ rlAssertRpm selinux-policy
+ rlAssertRpm policycoreutils
+ rlPhaseEnd
+
+ rlPhaseStartTest "RHEL-2616 + RHEL-16185"
+ rlRun "sepolgen-ifgen -v -d 2>/dev/null | sort | uniq >
output.txt"
+ rlRun "grep -i missing output.txt" 1
+ rlPhaseEnd
+
+ rlPhaseStartCleanup
+ rm -f output.txt
+ rlPhaseEnd
+rlJournalEnd
+
https://src.fedoraproject.org/tests/selinux/c/8d1a0ebb57f66075bd94cb4fe23...