Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / ltp / a8b1aeef51e99e5577cf1427255ae704cd325199^! / .
commita8b1aeef51e99e5577cf1427255ae704cd325199[log] [tgz]
authorsubrata_modak <subrata_modak>Fri Nov 07 09:19:07 2008 +0000
committersubrata_modak <subrata_modak>Fri Nov 07 09:19:07 2008 +0000
tree0f3a16f6c15a2945e67b62f4a94356f69c23de59
parent66e085088aa898519fe27c92220c5f140c36f6e7 [diff]
Added Kernel .config options for building LTP SECURITY TESTS. Signed-Off-By: Subrata Modak <subrata@linux.vnet.ibm.com>. Reviewd-By: Stephen Smalley <sds@tycho.nsa.gov>.

diff --git a/README b/README
index 624b229..7ffb38e 100644
--- a/README
+++ b/README

@@ -172,4 +172,38 @@
 ---------------------------------
 CONFIG_SECURITY_CAPABILITIES=y
 ---------------------------------
+Enabling Kernel Configuration to test SELinux security feature
+---------------------------------
+Your Kernel should have been built with the following options to
+test SELinux:
 
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_NETWORK_XFRM=y
+CONFIG_SECURITY_FILE_CAPABILITIES=y
+
+CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
+This has to be set to a positive value if you want to test this check.
+Fedora kernels set it to 65536.
+
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y
+
+CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y
+You don't want this one unless you are running Fedora 3 or 4.  
+On anything newer, it will cause unnecessary policy expansion.
+
+CONFIG_SECURITY_SMACK=y
+CONFIG_SECURITY_SELINUX=y
+
+By default, if you boot with multiple LSMs compiled into the kernel, the
+kernel won't boot succesfully - there can be only one (aside from
+explicit internal "stacking" e.g. as is done for combining SELinux or
+Smack with capabilities).  Unless you use the security= option to select
+one at boot.  SELinux and Smack will honor the security= option.
+---------------------------------

diff --git a/testcases/kernel/security/selinux-testsuite/README b/testcases/kernel/security/selinux-testsuite/README
index 15b2d4b..2dc8214 100644
--- a/testcases/kernel/security/selinux-testsuite/README
+++ b/testcases/kernel/security/selinux-testsuite/README

@@ -102,3 +102,36 @@
 running/debugging individual testcases and it is desired to restore
 system policy. None of the testscripts will do this for you when 
 running in "individual" mode.
+
+Your Kernel should have been built with the following options to
+test SELinux:
+
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_NETWORK_XFRM=y
+CONFIG_SECURITY_FILE_CAPABILITIES=y
+
+CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
+This has to be set to a positive value if you want to test this check.
+Fedora kernels set it to 65536.
+
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y
+
+CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y
+You don't want this one unless you are running Fedora 3 or 4.
+On anything newer, it will cause unnecessary policy expansion.
+
+CONFIG_SECURITY_SMACK=y
+CONFIG_SECURITY_SELINUX=y
+
+By default, if you boot with multiple LSMs compiled into the kernel, the
+kernel won't boot succesfully - there can be only one (aside from
+explicit internal "stacking" e.g. as is done for combining SELinux or
+Smack with capabilities).  Unless you use the security= option to select
+one at boot.  SELinux and Smack will honor the security= option.