On Mon, 2020-01-13 at 14:01 -0500, Stephen Smalley wrote:
> On 1/13/20 1:32 PM, Richard Haines wrote:
> > On Mon, 2020-01-13 at 10:45 -0500, Stephen Smalley wrote:
> > > On 1/12/20 2:24 PM, Richard Haines wrote:
> > > > Test filesystem permissions, setfscreatecon(3), file { quotaon
> > > > }
> > > > and
> > > > changing file context via 'name type_transition rule'.
> > > >
> > > > From kernels 5.5 filesystem { watch } is also tested.
> > > >
> > > > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> > >
> > > Aside from the travis-ci build failure when trying to build the
> > > test
> > > policy against upstream refpolicy, this looks good to me. NB you
> > > can
> > > reproduce such failures yourself by creating your own github
> > > clone
> > > of
> > > selinux-testsuite, enabling travis-ci on your clone, and pushing
> > > your
> > > change to a branch of our clone.
> > >
> > > Possible room for improvement (but I won't insist) might include:
> > > - test non-name based type transition rule with a different type
> > > and
> > > confirm that both files are createdi in the right type (i.e. make
> > > sure
> > > we are actually matching on the component name),
> > > - test two different name-based type transition rules that only
> > > differ
> > > in name (similar),
> > > - add tests for the new mount API, fsopen(), fspick(), fsmount().
> > >
> > > These could all be done as separate patches later.
> >
> > If you are in no hurry for these tests I'll do them for V4.
> >
> > I found a helpful example in samples/vfs/test-fsmount.c for fsmount
> > and
> > fsopen. Also see they were added in 5.1
>
> Up to you; they can always be done as a separate follow-up patch
> later.
> The new syscalls don't appear to have been wired up until v5.2.
After some thought and play time I've come to the following:
1) I'll submit V4 with the non & named-based trans rules + other
changes today.
2) As tests/filesystem is testing mount(2) / umount(2) I thought it
best to submit a separate patch for the new fs* apis and put them in
tests/fs_filesystem for 5.2
