Announcement

Collapse
No announcement yet.

PTS v8.6.0 docker image: SELinux alert + typo + suggestion

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PTS v8.6.0 docker image: SELinux alert + typo + suggestion

    1. Running the PTS v8.6.0 docker image on my Fedora 30 machine with SELinux enforcing gives me an SELinux alert. As far as I can tell, functionality is not affected. Is this expected?

    SELinux is preventing dmesg from syslog_read access on the system labeled kernel_t.

    Additional Information:
    Source Context system_u:system_r:container_t:s0:c78,c614
    Target Context system_u:system_r:kernel_t:s0
    Target Objects Unknown [ system ]
    Source dmesg
    Source Path dmesg

    Policy RPM selinux-policy-3.14.3-35.fc30.noarch
    Selinux Enabled True
    Policy Type targeted
    Enforcing Mode Enforcing

    Raw Audit Messages
    type=AVC msg=audit(1557715586.600:2941): avc: denied { syslog_read } for pid=20588 comm="dmesg" scontext=system_u:system_r:container_t:s0:c78,c614 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0
    2. Also, there is a typo in the box plot text when showing results:
    Box plut of sampling:
    3. Lastly, a longer term suggestion: listing, or restricting to, tests that are possible to run in the docker image. Eg. the scikit-learn test fails to run since Python Scipy and Python Sklearn dependencies are not installed, and I'm not sure how to install them within the container.

  • blueweb
    replied
    Another SELinux alert, this time for each run of pts/npb:

    Code:
    SELinux is preventing mpiexec from write access on the file mtrr.
    
    Additional Information:
    Source Context                system_u:system_r:container_t:s0:c857,c921
    Target Context                system_u:object_r:mtrr_device_t:s0
    Target Objects                mtrr [ file ]
    Source                        mpiexec
    Source Path                   mpiexec
    
    Policy RPM                    selinux-policy-3.14.3-35.fc30.noarch
    Selinux Enabled               True
    Policy Type                   targeted
    Enforcing Mode                Enforcing
    Platform                      Linux ssb2 5.0.13-300.fc30.x86_64 #1 SMP Mon May 6
                                  00:39:45 UTC 2019 x86_64 x86_64
    
    Raw Audit Messages
    type=AVC msg=audit(1557789757.904:4834): avc:  denied  { write } for  pid=1792 comm="mpiexec" name="mtrr" dev="proc" ino=4026531996 scontext=system_u:system_r:container_t:s0:c857,c921 tcontext=system_u:object_r:mtrr_device_t:s0 tclass=file permissive=0

    Leave a comment:


  • blueweb
    replied
    `pts/startup-time` is another one that does not run, presumably due to dependencies (xterm, gnome terminal, libreoffice writer).

    Would it be helpful to report somewhere the tests that don't run? I picked some randomly to try with PTS docker and inevitably some fail.

    Leave a comment:


  • Michael
    replied
    Not sure about that SELinux alert.

    Typo has been fixed in Git for a while but the phoronix/pts respin coming out hopefully later today for Phoronix Test Suite 8.8 will have it in.

    The list-test behavior should be good in general about not showing e.g. graphical tests and other complexities around unmet dependencies. In the case of Scipy and sklearn, that isn't as easy as due to some of Clear's Python changes there are issues there at the moment so they are exceptions.

    Leave a comment:

Working...
X