Quoting Subrata Modak (subrata@xxxxxxxxxxxxxxxxxx): > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > Quoting Stephen Smalley (sds@xxxxxxxxxxxxx): > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > Hi All, > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > LTP under the directory: > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > have not seen the testcases under: > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > for the same. I would like to request you send me any updates that you > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > Can somebody give me some direction on this ?? > > > > > > What kind of direction are you seeking? > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > the porting; I've cc'd her above. > > Well i have not received any selinux testcases updates for reference > policy for the last 3 quarters. What i have received and released is > EAL4+ Certification Test Suite, which includes > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > find whether there are any se-linux testcases included here, which are > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > directory of ltp-full-20073011.tgz (can be downloaded from > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > I did not find either of them. They seemed different to me. > > > > > So the question is who should update the testsuite. This is not just an > > issue for selinux, but for all the ltp tests. > > > > One could say it's Joy because she submitted the testcases. But let me > > warn you that that attitude will definitely decrease the likelyhood of > > testcases being submitted to LTP. (It'll certainly deter me) > > > > One could say it should be the selinux community in general, but that > > community is too large for such an answer to be helpful, and it may not > > be fair since they can say "we didn't submit that." > > > > One could say it should be the reference policy maintainer, because I > > suspect refpolicy updates will be the biggest cause of breakage - but > > that isn't fair to him since again he didn't submit it. > > > > One might say it should be the ltp community - after the biggest > > advantage of submitting to LTP should be some free maintenance. However > > it likely doesn't have the needed expertise. > > Ok. This is i would say as a collective responsibility rather than > somebody?? alone. It is the responsibility of the maintainer (here LTP > and hence myself) to find out the validity of test cases in his/her > project he/she is maintaining, and, then try to contact the author(s) of > that particular test case component to provide updates if even he/she > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > interest to write back if they are interested. Else the Maintainer is > helpless. > I initiated this mail as i found it my responsibility to find out > authors who actually wrote these reference policy test cases for > se-linux, and which are part of LTP in > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > author(s) respond, then i would work hard to integrate the same. > After interaction with James Morris at FOSS.in, Bangalore, India, i came > to know that he is also working on se-linux and he mentioned about the > presence of reference policy support in LTP. I pointed him the release > that i made this year (EAL4+ Certification Test Suite) and also > requested him whether he can update me on the se-linux reference policy > test cases of se-linux available inside Main LTP, he pointed me to write > to se-linux test suite mailing list. Hence this mail. Reasonable. And it looks like the prod was needed. > Now i myself has never executed these test case, so not aware of them > much. But that should not prevent me from requesting updates of the > same. I would be extremely happy even if we can reach the final updates > through some pointer-to-pointer and that will serve my purpose of having > all updates in LTP. > > Just to cite an example, i recently found out that there are updates > being made to pounder21 test suite(present inside LTP), by somebody for > his/her internal project use. Now, the same has never been updated in > LTP for quite long time. I immediately mailed to him requesting him for > updates. Now my purpose will be served if i get updates from him, let > alone it comes to me after long time is not the question. > > > > > Anyway I think there is value to having the selinux testsuite. Though > > one problem with having it in LTP is that most LTP runs are done on > > machines which are not set up right for selinux. I personally haven't > > had enough potential target machines to be able to run the tests > > regularly. So I don't even know whether anyone has run > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > might know though. > > > > So given that I personally don't know who to pin down, and given that I > > don't have time to maintain the testsuite by myself, if I could get two > > or three other people to volunteer to help out, I wouldn't mind being > > part of a group responsible for the maintenance. > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > with another test i can use to try out the existing testsuite. > > Hopefully that'll be later this week (no guarantees). I'll report on > > the results. > > > > -serge > > Thanks Serge. Will wait for your results. thanks, -serge -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
