PTS v8.6.0 docker image: SELinux alert + typo + suggestion

blueweb replied

13 May 2019, 07:41 PM

Another SELinux alert, this time for each run of pts/npb:

Code:

SELinux is preventing mpiexec from write access on the file mtrr.

Additional Information:
Source Context                system_u:system_r:container_t:s0:c857,c921
Target Context                system_u:object_r:mtrr_device_t:s0
Target Objects                mtrr [ file ]
Source                        mpiexec
Source Path                   mpiexec

Policy RPM                    selinux-policy-3.14.3-35.fc30.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Platform                      Linux ssb2 5.0.13-300.fc30.x86_64 #1 SMP Mon May 6
                              00:39:45 UTC 2019 x86_64 x86_64

Raw Audit Messages
type=AVC msg=audit(1557789757.904:4834): avc:  denied  { write } for  pid=1792 comm="mpiexec" name="mtrr" dev="proc" ino=4026531996 scontext=system_u:system_r:container_t:s0:c857,c921 tcontext=system_u:object_r:mtrr_device_t:s0 tclass=file permissive=0

Leave a comment:

blueweb replied

13 May 2019, 03:53 PM
`pts/startup-time` is another one that does not run, presumably due to dependencies (xterm, gnome terminal, libreoffice writer).

Would it be helpful to report somewhere the tests that don't run? I picked some randomly to try with PTS docker and inevitably some fail.
Leave a comment:
Michael replied

13 May 2019, 03:40 PM
Not sure about that SELinux alert.

Typo has been fixed in Git for a while but the phoronix/pts respin coming out hopefully later today for Phoronix Test Suite 8.8 will have it in.

The list-test behavior should be good in general about not showing e.g. graphical tests and other complexities around unmet dependencies. In the case of Scipy and sklearn, that isn't as easy as due to some of Clear's Python changes there are issues there at the moment so they are exceptions.
Leave a comment:
blueweb started a topic PTS v8.6.0 docker image: SELinux alert + typo + suggestion

13 May 2019, 12:02 AM
PTS v8.6.0 docker image: SELinux alert + typo + suggestion

1. Running the PTS v8.6.0 docker image on my Fedora 30 machine with SELinux enforcing gives me an SELinux alert. As far as I can tell, functionality is not affected. Is this expected?

SELinux is preventing dmesg from syslog_read access on the system labeled kernel_t.

Additional Information:
Source Context system_u:system_r:container_t:s0:c78,c614
Target Context system_u:system_r:kernel_t:s0
Target Objects Unknown [ system ]
Source dmesg
Source Path dmesg

Policy RPM selinux-policy-3.14.3-35.fc30.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing

Raw Audit Messages
type=AVC msg=audit(1557715586.600:2941): avc: denied { syslog_read } for pid=20588 comm="dmesg" scontext=system_u:system_r:container_t:s0:c78,c614 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0

2. Also, there is a typo in the box plot text when showing results:

Box plut of sampling:

3. Lastly, a longer term suggestion: listing, or restricting to, tests that are possible to run in the docker image. Eg. the scikit-learn test fails to run since Python Scipy and Python Sklearn dependencies are not installed, and I'm not sure how to install them within the container.
Tags: None

Announcement

PTS v8.6.0 docker image: SELinux alert + typo + suggestion

Leave a comment:

Leave a comment:

Leave a comment:

PTS v8.6.0 docker image: SELinux alert + typo + suggestion