Loading...

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-9.5, rhel-10.0.beta
Component/s: qemu-kvm / Storage / virtio-fs
Labels:

Severity:
Normal

Pool Team:

sst_virtualization_storage
Sub-System Group:

ssg_virtualization

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

selinux_testsuits fails with list index out of range

Please provide the package NVR for which bug is seen:

qemu-kvm-9.0.0-2.el9

kernel-5.14.0-460.el9

virtiofsd-1.10.1-1.el9

How reproducible:

100%

Steps to reproduce

1.Set selinux to enforcing status on host

(host)# getenforce
Enforcing

2.Run the virtiofsd daemon with security_label enabled

#/usr/libexec/virtiofsd --socket-path=/var/tmp/avocado_exbc0y_k/avocado-vt-vm1-fs-virtiofsd.sock -o source=/root/avocado/data/avocado-vt/virtio_fs_test/ --xattr --security-label --xattrmap=:map:security.selinux:trusted.virtiofsd.: --modcaps=+sys_admin --sandbox=chroot

3.Boot a guest with the virtiofs device

4.Enable selinux inside guest

#setenforce 1

5.Download selinux-testsuite and test it

#git clone https://github.com/rhvgoyal/selinux-testsuite.git

#cd selinux-testsuite ; git checkout virtiofs-support; make test

Note: Before executing make test innstall pkg described in github projecet and jfsutes

#dnf install perl-Test perl-Test-Harness perl-Test-Simple perl-lib selinux-policy-devel gcc libselinux-devel net-tools netlabel_tools iptables lksctp-tools-devel attr libbpf-devel
keyutils-libs-devel quota xfsprogs-devel libuuid-devel e2fsprogs jfsutils dosfstools
nftables kernel-devel-$(uname ~~r) kernel-modules~~$(uname -r) -y

#dnf install [http://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/jfsutils/1.1.15/
18.el9.1/x86_64/jfsutils-1.1.15-18.el9.1.x86_64.rp |http://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/jfsutils/1.1.15/18.el9.1/x86_64/jfsutils-1.1.15-18.el9.1.x86_64.rpm]-y

The complete log:

http://virtqetools.lab.eng.pek2.redhat.com/autotest_static_job_log/9415218/test-results/40-Host_RHEL.m10.u0.ovmf.qcow2.virtio_scsi.up.virtio_net.Guest.RHEL.10.0.x86_64.io-github-autotest-qemu.virtio_fs_security_label.selinux_testsuits.q35/debug.log

Expected results

The 'make execute' can be executed.

Actual results

# make test
make -C policy load
make[1]: Entering directory '/home/selinux-testsuite/policy'
# Test for "expand-check = 0" in /etc/selinux/semanage.conf
# General policy build
make[2]: Entering directory '/home/selinux-testsuite/policy/test_policy'
Compiling targeted test_policy module
Creating targeted test_policy.pp policy package
rm tmp/test_policy.mod tmp/test_policy.mod.fc
make[2]: Leaving directory '/home/selinux-testsuite/policy/test_policy'
# General policy load
domain_fd_use --> off
/usr/sbin/semodule -i test_policy/test_policy.pp test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil test_add_levels.cil test_glblub.cil
make[1]: Leaving directory '/home/selinux-testsuite/policy'
make -C tests test
make[1]: Entering directory '/home/selinux-testsuite/tests'
make[2]: Entering directory '/home/selinux-testsuite/tests/domain_trans'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/selinux-testsuite/tests/domain_trans'
make[2]: Entering directory '/home/selinux-testsuite/tests/entrypoint'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/selinux-testsuite/tests/entrypoint'
make[2]: Entering directory '/home/selinux-testsuite/tests/execshare'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/selinux-testsuite/tests/execshare'
make[2]: Entering directory '/home/selinux-testsuite/tests/exectrace'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/selinux-testsuite/tests/exectrace'
make[2]: Entering directory '/home/selinux-testsuite/tests/execute_no_trans'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/selinux-testsuite/tests/execute_no_trans'
make[2]: Entering directory '/home/selinux-testsuite/tests/fdreceive'
cc -g -O0 -Wall -D_GNU_SOURCE -DHAVE_BPF -DHAVE_FS_WATCH_PERM    client.c ../bpf/bpf_common.c ../bpf/bpf_common.h  -lbpf -o client
../bpf/bpf_common.c: In function ‘create_bpf_map’:
../bpf/bpf_common.c:8:18: warning: implicit declaration of function ‘bpf_create_map’ [-Wimplicit-function-declaration]
    8 |         map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(key),
      |                  ^~~~~~~~~~~~~~
../bpf/bpf_common.c: In function ‘create_bpf_prog’:
../bpf/bpf_common.c:30:19: warning: implicit declaration of function ‘bpf_load_program’ [-Wimplicit-function-declaration]
   30 |         prog_fd = bpf_load_program(BPF_PROG_TYPE_SOCKET_FILTER, prog,
      |                   ^~~~~~~~~~~~~~~~
/usr/bin/ld: /tmp/ccY2Sur9.o: in function `create_bpf_map':
/home/selinux-testsuite/tests/fdreceive/../bpf/bpf_common.c:8: undefined reference to `bpf_create_map'
/usr/bin/ld: /tmp/ccY2Sur9.o: in function `create_bpf_prog':
/home/selinux-testsuite/tests/fdreceive/../bpf/bpf_common.c:30: undefined reference to `bpf_load_program'
collect2: error: ld returned 1 exit status
make[2]: *** [<builtin>: client] Error 1
make[2]: Leaving directory '/home/selinux-testsuite/tests/fdreceive'
make[1]: *** [Makefile:165: all] Error 1
make[1]: Leaving directory '/home/selinux-testsuite/tests'
make: *** [Makefile:8: test] Error 2

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Activity

People

Dates