On 1/13/20 1:32 PM, Richard Haines wrote:
On Mon, 2020-01-13 at 10:45 -0500, Stephen Smalley wrote:
On 1/12/20 2:24 PM, Richard Haines wrote:
Test filesystem permissions, setfscreatecon(3), file { quotaon }
and
changing file context via 'name type_transition rule'.
From kernels 5.5 filesystem { watch } is also tested.
Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Aside from the travis-ci build failure when trying to build the test
policy against upstream refpolicy, this looks good to me. NB you
can
reproduce such failures yourself by creating your own github clone
of
selinux-testsuite, enabling travis-ci on your clone, and pushing
your
change to a branch of our clone.
Possible room for improvement (but I won't insist) might include:
- test non-name based type transition rule with a different type and
confirm that both files are createdi in the right type (i.e. make
sure
we are actually matching on the component name),
- test two different name-based type transition rules that only
differ
in name (similar),
- add tests for the new mount API, fsopen(), fspick(), fsmount().
These could all be done as separate patches later.
If you are in no hurry for these tests I'll do them for V4.
I found a helpful example in samples/vfs/test-fsmount.c for fsmount and
fsopen. Also see they were added in 5.1
Up to you; they can always be done as a separate follow-up patch later.
The new syscalls don't appear to have been wired up until v5.2.
