On Wed, Nov 27, 2019 at 4:24 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On 11/27/19 10:21 AM, Ondrej Mosnacek wrote:
> > On Wed, Nov 27, 2019 at 3:47 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >> From: Paul Moore <paul@xxxxxxxxxxxxxx>
> >>
> >> The new kernel module tests added in a68d583c2a70 ("selinux-testsuite:
> >> Add kernel module tests") require the kernel-devel package on Fedora,
> >> make sure we list that in the README.md file.
> >
> > Thanks, I should have thought of this when reviewing the patch :)
> >
> >>
> >> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> >> ---
> >> README.md | 4 +++-
> >> 1 file changed, 3 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/README.md b/README.md
> >> index e845df8..4352796 100644
> >> --- a/README.md
> >> +++ b/README.md
> >> @@ -53,6 +53,7 @@ similar dependencies):
> >> * attr _(tools used by the overlayfs tests)_
> >> * libbpf-devel _(tools used by the bpf tests)_
> >> * keyutils-libs-devel _(tools used by the keys tests)_
> >> +* kernel-devel _(used by the kernel module tests)_
> >>
> >> On a modern Fedora system you can install these dependencies with the
> >> following command:
> >> @@ -69,7 +70,8 @@ following command:
> >> lksctp-tools-devel \
> >> attr \
> >> libbpf-devel \
> >> - keyutils-libs-devel
> >> + keyutils-libs-devel \
> >> + kernel-devel
> >
> > I'm wondering whether we should rather put kernel-devel-$(uname -r)
> > here, to make sure that the right package is installed that
> > corresponds to the running kernel version (which may not be the latest
> > version that dnf will fetch). Or if the use of shell expansion feels
> > too clever, then we should at last document that the command may not
> > always install the version that is needed.
>
> I'm often testing kernels I build myself and not via rpm.
Right, then the command would just fail... :/ But it might be slightly
faster to realize that you can just delete the kernel-devel line from
the command when you're running a local kernel build, than figuring
out why the test failed to build after a successful run of the command
(in the non-latest stock kernel scenario). But I'm fine with just
documenting it if we want to keep it simple.
>
> >
> >>
> >> The testsuite requires a pre-existing base policy configuration of SELinux,
> >> using either the old example policy or the reference policy as the baseline.
> >
> > --
> > Ondrej Mosnacek <omosnace at redhat dot com>
> > Software Engineer, Security Technologies
> > Red Hat, Inc.
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
