2012/5/10 Christopher J. PeBenito <cpebenito@xxxxxxxxxx>: > On 05/06/12 14:51, Kohei KaiGai wrote: >> I'd like to have such kind of test in the reference policy, to cover >> wider range test cases at security policy side. >> It helps to improve the quality and to reduce the burden for testing. >> (In fact, I found a few bugs in mcs/mls rules during this development...) > > I'm not adverse to this for refpolicy, but what worries me is the size > and maintainability of the tests. What you have in your patch for > testing sepostgresql looks several times bigger than the sepostgresql > policy itself. It seems that the tests would be larger than the policy > itself so that the constraints can be checked. Additionally, the > community (I'm including myself) isn't exactly good about keeping > tests up to date (see tests in the toolchain, for example). > I could understand the maintenance burden. How about your opinion to add Makefile support to run external test cases? It will help contributors test their own patches being submitted. In my idea, it adds a new make target "regtest" with TESTCASE argument that points to the *.test file. $ make TYPE=xxx MONOLITHIC=y TESTCASE=/path/to/testcases regtest Then, makefile generates a monolithic policy chunk and kicks checkpolicy with the new -s option that takes processed testcase by m4. The reason why I want refpolicy to provide such kind of infrastructure is utilization of existing macro definitions to generate multiple testcases from a single source. Do you think it is reasonable to improve the quality of policy? Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
