On Fri, 2012-05-04 at 15:48 +0200, Kohei KaiGai wrote: > Does anyone have a tool to run regression test when we construct a patch? > (Or, is it available to construct using existing tools?) > > Right now, I have to replace a working policy by the modified one whenever > I prepare to submit a patch towards reference policy. However, the default > security policy of Fedora is optimized to Fedora environment, thus, it often > mismatch with the latest upstream policy. > For example, "allow_execmem" is not defined at Fedora, so, I could not > load the staff.pp being constructed based on the upstream policy > > So, the solution I'm looking for is a tool that loads a monolithic policy and > checks its access control decision towards a certain pair of subject context > and target context according to catalog files, then it prints the result of > diff commands between the computed one and expected one. Possibly you could derive such a tool from checkpolicy -d, switching from a menu-driven interface to a scriptable one. checkpolicy -Mdb /etc/selinux/targeted/policy/policy.24 setools would be the other option, but sesearch only deals with TE rules. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
