On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > Quoting Stephen Smalley (sds@xxxxxxxxxxxxx): > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > Hi All, > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > discussing about the Policy Reference support for Se-linux available in > > > > LTP under the directory: > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > have not seen the testcases under: > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > updated for more than an year. I am not aware exactly about the reason > > > > for the same. I would like to request you send me any updates that you > > > > may want to give to LTP for your selinux-testsuite. > > > > > > Can somebody give me some direction on this ?? > > > > What kind of direction are you seeking? > > > > We gave the selinux testsuite to IBM at their request, and they ported > > it over to the LTP and submitted it there. Joy Latten was involved in > > the porting; I've cc'd her above. Well i have not received any selinux testcases updates for reference policy for the last 3 quarters. What i have received and released is EAL4+ Certification Test Suite, which includes rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to find whether there are any se-linux testcases included here, which are apparently present in ltp/testcases/kernel/security/selinux-testsuite/ directory of ltp-full-20073011.tgz (can be downloaded from http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). I did not find either of them. They seemed different to me. > > So the question is who should update the testsuite. This is not just an > issue for selinux, but for all the ltp tests. > > One could say it's Joy because she submitted the testcases. But let me > warn you that that attitude will definitely decrease the likelyhood of > testcases being submitted to LTP. (It'll certainly deter me) > > One could say it should be the selinux community in general, but that > community is too large for such an answer to be helpful, and it may not > be fair since they can say "we didn't submit that." > > One could say it should be the reference policy maintainer, because I > suspect refpolicy updates will be the biggest cause of breakage - but > that isn't fair to him since again he didn't submit it. > > One might say it should be the ltp community - after the biggest > advantage of submitting to LTP should be some free maintenance. However > it likely doesn't have the needed expertise. Ok. This is i would say as a collective responsibility rather than somebodyś alone. It is the responsibility of the maintainer (here LTP and hence myself) to find out the validity of test cases in his/her project he/she is maintaining, and, then try to contact the author(s) of that particular test case component to provide updates if even he/she (Author(s)) has the updates themselves. Now it is upto their (Author(s)) interest to write back if they are interested. Else the Maintainer is helpless. I initiated this mail as i found it my responsibility to find out authors who actually wrote these reference policy test cases for se-linux, and which are part of LTP in ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the author(s) respond, then i would work hard to integrate the same. After interaction with James Morris at FOSS.in, Bangalore, India, i came to know that he is also working on se-linux and he mentioned about the presence of reference policy support in LTP. I pointed him the release that i made this year (EAL4+ Certification Test Suite) and also requested him whether he can update me on the se-linux reference policy test cases of se-linux available inside Main LTP, he pointed me to write to se-linux test suite mailing list. Hence this mail. Now i myself has never executed these test case, so not aware of them much. But that should not prevent me from requesting updates of the same. I would be extremely happy even if we can reach the final updates through some pointer-to-pointer and that will serve my purpose of having all updates in LTP. Just to cite an example, i recently found out that there are updates being made to pounder21 test suite(present inside LTP), by somebody for his/her internal project use. Now, the same has never been updated in LTP for quite long time. I immediately mailed to him requesting him for updates. Now my purpose will be served if i get updates from him, let alone it comes to me after long time is not the question. > > Anyway I think there is value to having the selinux testsuite. Though > one problem with having it in LTP is that most LTP runs are done on > machines which are not set up right for selinux. I personally haven't > had enough potential target machines to be able to run the tests > regularly. So I don't even know whether anyone has run > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > might know though. > > So given that I personally don't know who to pin down, and given that I > don't have time to maintain the testsuite by myself, if I could get two > or three other people to volunteer to help out, I wouldn't mind being > part of a group responsible for the maintenance. > > For starters, I finally have a fedora 8 vm set up which once I'm done > with another test i can use to try out the existing testsuite. > Hopefully that'll be later this week (no guarantees). I'll report on > the results. > > -serge Thanks Serge. Will wait for your results. Regards-- Subrata -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
