On 1/27/20 4:32 AM, Richard Haines wrote:
These patches update the current tests/filesystem to share code (patch 1)
with the fs*(2) API filesystem tests (patch 2).
V2 Changes:
1) If kernel patch [1] installed move_mount test for denying FILE__MOUNTON
should pass. If not installed, display 'Failed as kernel 5.x without
"selinux: fix regression introduced by move_mount(2) syscall" patch'
(as there is a regression that should be fixed).
Note: Kernels 5.2 - 5.5 will fail unless [1] backported. 5.6 is expected
to have [1].
2) Move policy changes to patch 2.
These look ok to me; we'll see if anyone else objects to the error message.
One other item that occurred to me is that most of the current
filesystem and fs_filesystem tests are only exercising ext4 regardless
of the native filesystem in which you run the testsuite (e.g. if I run
it on a labeled NFS mount most of the tests end up running in the ext4
filesystem that is created and mounted rather than on labeled NFS
itself, and likewise if I run it on xfs or btrfs or ...). For tests
where it does not matter (e.g. the type_transition tests) it might be
better to run those on the host/native filesystem directly so we can
more readily reuse those tests. Obviously the mount tests themselves
require some other filesystem besides the one in which the testsuite
itself resides. Don't know if people may want to make it easier to
substitute or add additional filesystem types for testing; you already
provide a fs_type variable in the test script but that requires patching
the script and still only supports testing one filesystem type at a time.
[1] https://lore.kernel.org/selinux/20200117202407.12344-1-sds@xxxxxxxxxxxxx
Richard Haines (2):
selinux-testsuite: Prepare for adding fs*(2) API tests
selinux-testsuite: Add fs*(2) API filesystem tests
policy/test_filesystem.te | 18 +-
tests/Makefile | 6 +
tests/filesystem/Filesystem.pm | 166 ++++++
tests/filesystem/test | 219 ++------
tests/fs_filesystem/.gitignore | 3 +
tests/fs_filesystem/Makefile | 16 +
tests/fs_filesystem/fs_common.c | 110 ++++
tests/fs_filesystem/fs_common.h | 30 ++
tests/fs_filesystem/fsmount.c | 89 ++++
tests/fs_filesystem/fspick.c | 68 +++
tests/fs_filesystem/move_mount.c | 76 +++
tests/fs_filesystem/test | 835 +++++++++++++++++++++++++++++++
tools/check-syntax | 2 +-
13 files changed, 1455 insertions(+), 183 deletions(-)
create mode 100644 tests/filesystem/Filesystem.pm
create mode 100644 tests/fs_filesystem/.gitignore
create mode 100644 tests/fs_filesystem/Makefile
create mode 100644 tests/fs_filesystem/fs_common.c
create mode 100644 tests/fs_filesystem/fs_common.h
create mode 100644 tests/fs_filesystem/fsmount.c
create mode 100644 tests/fs_filesystem/fspick.c
create mode 100644 tests/fs_filesystem/move_mount.c
create mode 100755 tests/fs_filesystem/test
