On 2/13/20 3:55 PM, Stephen Smalley wrote:
On 2/13/20 11:30 AM, Richard Haines wrote:
This is a first attempt at running the filesystem and fs_filesystem tests
on the native filesystem.
It supports NFS when using the tools/nfs.sh script. NFS will support
options
with rootcontext and fscontext, however due to the fsconfig(2) they
bug will
not pass with these (see note in nfs.sh).
The filesystem types supported are: ext2, ext3, ext4, xfs, btrfs,
hfsplus,
reiserfs, nfs4. If not in this list, tests are skipped. I'm not sure what
others need supporting, these seem reasonable and available on Fedora.
Didn't receive the patch but will comment on a few items in your cover
letter.
Offhand, I'd suggest pruning it to just ext4, xfs, and nfs4. There is
no separate ext3 filesystem in the kernel anymore (ext4 provides the
implementation for both ext3 and ext4). ext2 and reiserfs seem to be
legacy filesystems and reiserfs never supported SELinux well to my
knowledge. btrfs SELinux support seems to not be well supported; absent
a distro supporting them both that seems unlikely to change. hfsplus is
orphaned per MAINTAINERS and not likely to be used as a primary
filesystem for SELinux regardless.
I've had to add a number of policy rules to support these types, however
I've made no attempt to consolidate them. Most are for supporting
rootcontext
and fscontext on NFS. Rules for the 'context' option were many more so
decided not to add them - any views on this.
Wasn't sure what issue you are encountering there. Could you use an
attribute ala file_type and/or fs_type or the corresponding refpolicy
interfaces to allow what you need with just a few rules?
When testing btrfs, most tests will fail on tests/fs_filesystem due to
the fsconfig(2) bug.
Yes, I'm disinclined to include btrfs in our testing until/unless a
SELinux maintainer is using a distro that defaults to it (or the
maintainer defaults to using it regardless) and ensures that it is kept
functioning.
Actually, I take that back. I wouldn't want the testsuite to
automatically try to create and test btrfs filesystems itself, but if
you are just whitelisting on which filesystem types the testsuite will
try to apply its tests when run there, including btrfs makes sense.
Then it won't break automated testing runs on distros not using btrfs
but we can still refer btrfs developers to the testsuite to identify and
reproduce bugs/regressions.
