On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > Quoting Subrata Modak (subrata@xxxxxxxxxxxxxxxxxx): > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > Quoting Stephen Smalley (sds@xxxxxxxxxxxxx): > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > Hi All, > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > LTP under the directory: > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > have not seen the testcases under: > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > for the same. I would like to request you send me any updates that you > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > What kind of direction are you seeking? > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > the porting; I've cc'd her above. > > > > Well i have not received any selinux testcases updates for reference > > policy for the last 3 quarters. What i have received and released is > > EAL4+ Certification Test Suite, which includes > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > find whether there are any se-linux testcases included here, which are > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > directory of ltp-full-20073011.tgz (can be downloaded from > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > I did not find either of them. They seemed different to me. > > > > > > > > So the question is who should update the testsuite. This is not just an > > > issue for selinux, but for all the ltp tests. > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > warn you that that attitude will definitely decrease the likelyhood of > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > One could say it should be the selinux community in general, but that > > > community is too large for such an answer to be helpful, and it may not > > > be fair since they can say "we didn't submit that." > > > > > > One could say it should be the reference policy maintainer, because I > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > that isn't fair to him since again he didn't submit it. > > > > > > One might say it should be the ltp community - after the biggest > > > advantage of submitting to LTP should be some free maintenance. However > > > it likely doesn't have the needed expertise. > > > > Ok. This is i would say as a collective responsibility rather than > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > and hence myself) to find out the validity of test cases in his/her > > project he/she is maintaining, and, then try to contact the author(s) of > > that particular test case component to provide updates if even he/she > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > interest to write back if they are interested. Else the Maintainer is > > helpless. > > I initiated this mail as i found it my responsibility to find out > > authors who actually wrote these reference policy test cases for > > se-linux, and which are part of LTP in > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > author(s) respond, then i would work hard to integrate the same. > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > to know that he is also working on se-linux and he mentioned about the > > presence of reference policy support in LTP. I pointed him the release > > that i made this year (EAL4+ Certification Test Suite) and also > > requested him whether he can update me on the se-linux reference policy > > test cases of se-linux available inside Main LTP, he pointed me to write > > to se-linux test suite mailing list. Hence this mail. > > Reasonable. And it looks like the prod was needed. So, can somebody now give me some updates for testcases in this Directory:: http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, Regards-- Subrata > > > Now i myself has never executed these test case, so not aware of them > > much. But that should not prevent me from requesting updates of the > > same. I would be extremely happy even if we can reach the final updates > > through some pointer-to-pointer and that will serve my purpose of having > > all updates in LTP. > > > > Just to cite an example, i recently found out that there are updates > > being made to pounder21 test suite(present inside LTP), by somebody for > > his/her internal project use. Now, the same has never been updated in > > LTP for quite long time. I immediately mailed to him requesting him for > > updates. Now my purpose will be served if i get updates from him, let > > alone it comes to me after long time is not the question. > > > > > > > > Anyway I think there is value to having the selinux testsuite. Though > > > one problem with having it in LTP is that most LTP runs are done on > > > machines which are not set up right for selinux. I personally haven't > > > had enough potential target machines to be able to run the tests > > > regularly. So I don't even know whether anyone has run > > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > > might know though. > > > > > > So given that I personally don't know who to pin down, and given that I > > > don't have time to maintain the testsuite by myself, if I could get two > > > or three other people to volunteer to help out, I wouldn't mind being > > > part of a group responsible for the maintenance. > > > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > > with another test i can use to try out the existing testsuite. > > > Hopefully that'll be later this week (no guarantees). I'll report on > > > the results. > > > > > > -serge > > > > Thanks Serge. Will wait for your results. > > thanks, > -serge > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
