On 05/11/12 08:59, Kohei KaiGai wrote: > 2012/5/10 Christopher J. PeBenito <cpebenito@xxxxxxxxxx>: >> On 05/06/12 14:51, Kohei KaiGai wrote: >>> I'd like to have such kind of test in the reference policy, to cover >>> wider range test cases at security policy side. >>> It helps to improve the quality and to reduce the burden for testing. >>> (In fact, I found a few bugs in mcs/mls rules during this development...) >> >> I'm not adverse to this for refpolicy, but what worries me is the size >> and maintainability of the tests. What you have in your patch for >> testing sepostgresql looks several times bigger than the sepostgresql >> policy itself. It seems that the tests would be larger than the policy >> itself so that the constraints can be checked. Additionally, the >> community (I'm including myself) isn't exactly good about keeping >> tests up to date (see tests in the toolchain, for example). >> > I could understand the maintenance burden. > > How about your opinion to add Makefile support to run external > test cases? It will help contributors test their own patches being > submitted. > > In my idea, it adds a new make target "regtest" with TESTCASE > argument that points to the *.test file. > > $ make TYPE=xxx MONOLITHIC=y TESTCASE=/path/to/testcases regtest > > Then, makefile generates a monolithic policy chunk and kicks > checkpolicy with the new -s option that takes processed testcase > by m4. > > The reason why I want refpolicy to provide such kind of infrastructure > is utilization of existing macro definitions to generate multiple > testcases from a single source. > Do you think it is reasonable to improve the quality of policy? It sounds fine. We can discuss the implementation on the refpolicy mail list. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
