Re: [PATCH V7 1/1] selinux-testsuite: Add filesystem tests

Stephen Smalley <sds@xxxxxxxxxxxxx> · Tue, 21 Jan 2020 11:31:34 -0500

On 1/21/20 10:59 AM, Stephen Smalley wrote:
On 1/19/20 6:17 AM, Richard Haines wrote:
Test filesystem permissions, setfscreatecon(3), file { quotaon } and
changing file context via non and name-based type_transition rules.
The name-based rules only apply to:
   (MOD_POL_VERS >= 11 and POL_VERS >= 25 and MAX_KERNEL_POLICY >= 25)

 From kernels 5.5 filesystem { watch } is also tested.

Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>

Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>

And applied now.

---
  defconfig                                     |   6 +
  policy/Makefile                               |   7 +
  policy/test_filesystem.te                     | 373 +++++++
  policy/test_filesystem_name_trans.te          |  20 +
  tests/Makefile                                |   7 +
  tests/filesystem/.gitignore                   |  11 +
  tests/filesystem/Makefile                     |  16 +
  tests/filesystem/check_file_context.c         |  75 ++
  tests/filesystem/check_mount_context.c        | 127 +++
  tests/filesystem/create_file.c                | 117 +++
  tests/filesystem/create_file_change_context.c | 146 +++
  tests/filesystem/fanotify_fs.c                |  79 ++
  tests/filesystem/fs_relabel.c                 | 138 +++
  tests/filesystem/grim_reaper.c                |  89 ++
  tests/filesystem/mount.c                      | 130 +++
  tests/filesystem/quotas_test.c                | 143 +++
  tests/filesystem/statfs_test.c                |  65 ++
  tests/filesystem/test                         | 968 ++++++++++++++++++
  tests/filesystem/umount.c                     |  84 ++
  19 files changed, 2601 insertions(+)
  create mode 100644 policy/test_filesystem.te
  create mode 100644 policy/test_filesystem_name_trans.te
  create mode 100644 tests/filesystem/.gitignore
  create mode 100644 tests/filesystem/Makefile
  create mode 100644 tests/filesystem/check_file_context.c
  create mode 100644 tests/filesystem/check_mount_context.c
  create mode 100644 tests/filesystem/create_file.c
  create mode 100644 tests/filesystem/create_file_change_context.c
  create mode 100644 tests/filesystem/fanotify_fs.c
  create mode 100644 tests/filesystem/fs_relabel.c
  create mode 100644 tests/filesystem/grim_reaper.c
  create mode 100644 tests/filesystem/mount.c
  create mode 100644 tests/filesystem/quotas_test.c
  create mode 100644 tests/filesystem/statfs_test.c
  create mode 100755 tests/filesystem/test
  create mode 100644 tests/filesystem/umount.c

[...]