On Wed, Nov 27, 2019 at 10:39 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > On Wed, Nov 27, 2019 at 4:24 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 11/27/19 10:21 AM, Ondrej Mosnacek wrote: > > > On Wed, Nov 27, 2019 at 3:47 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > >> From: Paul Moore <paul@xxxxxxxxxxxxxx> > > >> > > >> The new kernel module tests added in a68d583c2a70 ("selinux-testsuite: > > >> Add kernel module tests") require the kernel-devel package on Fedora, > > >> make sure we list that in the README.md file. > > > > > > Thanks, I should have thought of this when reviewing the patch :) > > > > > >> > > >> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > > >> --- > > >> README.md | 4 +++- > > >> 1 file changed, 3 insertions(+), 1 deletion(-) > > >> > > >> diff --git a/README.md b/README.md > > >> index e845df8..4352796 100644 > > >> --- a/README.md > > >> +++ b/README.md > > >> @@ -53,6 +53,7 @@ similar dependencies): > > >> * attr _(tools used by the overlayfs tests)_ > > >> * libbpf-devel _(tools used by the bpf tests)_ > > >> * keyutils-libs-devel _(tools used by the keys tests)_ > > >> +* kernel-devel _(used by the kernel module tests)_ > > >> > > >> On a modern Fedora system you can install these dependencies with the > > >> following command: > > >> @@ -69,7 +70,8 @@ following command: > > >> lksctp-tools-devel \ > > >> attr \ > > >> libbpf-devel \ > > >> - keyutils-libs-devel > > >> + keyutils-libs-devel \ > > >> + kernel-devel > > > > > > I'm wondering whether we should rather put kernel-devel-$(uname -r) > > > here, to make sure that the right package is installed that > > > corresponds to the running kernel version (which may not be the latest > > > version that dnf will fetch). Or if the use of shell expansion feels > > > too clever, then we should at last document that the command may not > > > always install the version that is needed. > > > > I'm often testing kernels I build myself and not via rpm. > > Right, then the command would just fail... :/ But it might be slightly > faster to realize that you can just delete the kernel-devel line from > the command when you're running a local kernel build, than figuring > out why the test failed to build after a successful run of the command > (in the non-latest stock kernel scenario). But I'm fine with just > documenting it if we want to keep it simple. I don't feel that strongly about it either way, but one could argue that if start versioning the kernel-devel package, why not all the other packages? What if you have a locally modified BPF userspace? Infiniband? I think you get the idea. My opinion is that if you are going off into the weeds by replacing the kernel or portions of your userspace, you should know well enough how to ensure that they are properly installed ;) -- paul moore www.paul-moore.com