On Mon, 2020-01-13 at 10:45 -0500, Stephen Smalley wrote:
> On 1/12/20 2:24 PM, Richard Haines wrote:
> > Test filesystem permissions, setfscreatecon(3), file { quotaon }
> > and
> > changing file context via 'name type_transition rule'.
> >
> > From kernels 5.5 filesystem { watch } is also tested.
> >
> > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
>
> Aside from the travis-ci build failure when trying to build the test
> policy against upstream refpolicy, this looks good to me. NB you
> can
> reproduce such failures yourself by creating your own github clone
> of
> selinux-testsuite, enabling travis-ci on your clone, and pushing
> your
> change to a branch of our clone.
>
> Possible room for improvement (but I won't insist) might include:
> - test non-name based type transition rule with a different type and
> confirm that both files are createdi in the right type (i.e. make
> sure
> we are actually matching on the component name),
> - test two different name-based type transition rules that only
> differ
> in name (similar),
> - add tests for the new mount API, fsopen(), fspick(), fsmount().
>
> These could all be done as separate patches later.
If you are in no hurry for these tests I'll do them for V4.
I found a helpful example in samples/vfs/test-fsmount.c for fsmount and
fsopen. Also see they were added in 5.1
>
> > ---
> > defconfig | 6 +
> > policy/Makefile | 4 +
> > policy/test_filesystem.te | 343 +++++++
> > tests/Makefile | 7 +
> > tests/filesystem/.gitignore | 11 +
> > tests/filesystem/Makefile | 16 +
> > tests/filesystem/check_file_context.c | 75 ++
> > tests/filesystem/check_mount_context.c | 127 +++
> > tests/filesystem/create_file.c | 112 +++
> > tests/filesystem/create_file_change_context.c | 146 +++
> > tests/filesystem/fanotify_fs.c | 79 ++
> > tests/filesystem/fs_relabel.c | 138 +++
> > tests/filesystem/grim_reaper.c | 89 ++
> > tests/filesystem/mount.c | 130 +++
> > tests/filesystem/quotas_test.c | 143 +++
> > tests/filesystem/statfs_test.c | 65 ++
> > tests/filesystem/test | 929
> > ++++++++++++++++++
> > tests/filesystem/umount.c | 84 ++
> > 18 files changed, 2504 insertions(+)
> > create mode 100644 policy/test_filesystem.te
> > create mode 100644 tests/filesystem/.gitignore
> > create mode 100644 tests/filesystem/Makefile
> > create mode 100644 tests/filesystem/check_file_context.c
> > create mode 100644 tests/filesystem/check_mount_context.c
> > create mode 100644 tests/filesystem/create_file.c
> > create mode 100644 tests/filesystem/create_file_change_context.c
> > create mode 100644 tests/filesystem/fanotify_fs.c
> > create mode 100644 tests/filesystem/fs_relabel.c
> > create mode 100644 tests/filesystem/grim_reaper.c
> > create mode 100644 tests/filesystem/mount.c
> > create mode 100644 tests/filesystem/quotas_test.c
> > create mode 100644 tests/filesystem/statfs_test.c
> > create mode 100755 tests/filesystem/test
> > create mode 100644 tests/filesystem/umount.c
