On 2/13/20 11:30 AM, Richard Haines wrote:
This is a first attempt at running the filesystem and fs_filesystem tests on the native filesystem. It supports NFS when using the tools/nfs.sh script. NFS will support options with rootcontext and fscontext, however due to the fsconfig(2) they bug will not pass with these (see note in nfs.sh). The filesystem types supported are: ext2, ext3, ext4, xfs, btrfs, hfsplus, reiserfs, nfs4. If not in this list, tests are skipped. I'm not sure what others need supporting, these seem reasonable and available on Fedora.
Didn't receive the patch but will comment on a few items in your cover letter.
Offhand, I'd suggest pruning it to just ext4, xfs, and nfs4. There is no separate ext3 filesystem in the kernel anymore (ext4 provides the implementation for both ext3 and ext4). ext2 and reiserfs seem to be legacy filesystems and reiserfs never supported SELinux well to my knowledge. btrfs SELinux support seems to not be well supported; absent a distro supporting them both that seems unlikely to change. hfsplus is orphaned per MAINTAINERS and not likely to be used as a primary filesystem for SELinux regardless.
I've had to add a number of policy rules to support these types, however I've made no attempt to consolidate them. Most are for supporting rootcontext and fscontext on NFS. Rules for the 'context' option were many more so decided not to add them - any views on this.
Wasn't sure what issue you are encountering there. Could you use an attribute ala file_type and/or fs_type or the corresponding refpolicy interfaces to allow what you need with just a few rules?
When testing btrfs, most tests will fail on tests/fs_filesystem due to the fsconfig(2) bug.
Yes, I'm disinclined to include btrfs in our testing until/unless a SELinux maintainer is using a distro that defaults to it (or the maintainer defaults to using it regardless) and ensures that it is kept functioning.
