On Mon, Sep 30, 2019 at 10:07 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On 9/30/19 9:16 AM, Ondrej Mosnacek wrote:
> > Add a test that verifies that SELinux permissions are not checked when
> > mounting submounts. The test sets up a simple local NFS export on a
> > directory which has another filesystem mounted on its subdirectory.
> > Since the export is set up with the crossmnt option enabled, any client
> > mount will try to transparently mount any subdirectory that has a
> > filesystem mounted on it on the server, triggering an internal mount.
> > The test tries to access the automounted part of this export via a
> > client mount without having a permission to mount filesystems, expecting
> > it to succeed.
> >
> > The original bug this test is checking for has been fixed in kernel
> > commit 892620bb3454 ("selinux: always allow mounting submounts"), which
> > has been backported to 4.9+ stable kernels.
> >
> > The test first checks whether it is able to export and mount directories
> > via NFS and skips the actual tests if e.g. NFS daemon is not running.
> > This means that the testsuite can still be run without having the NFS
> > server installed and running.
>
> 1) We have to manually start nfs-server in order for the test to run;
> else it will be skipped automatically. Do we want to start/stop the
> nfs-server as part of the test script?
My two cents are that I'm not sure we want to automatically start/stop
the NFS server with the usual "make test", perhaps we have a dedicated
NFS test target that does the setup-test-shutdown? Other ideas are
welcome.
--
paul moore
www.paul-moore.com
