On Thu, Feb 13, 2020 at 3:59 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 2/13/20 3:55 PM, Stephen Smalley wrote: > > On 2/13/20 11:30 AM, Richard Haines wrote: > >> This is a first attempt at running the filesystem and fs_filesystem tests > >> on the native filesystem. > >> > >> It supports NFS when using the tools/nfs.sh script. NFS will support > >> options > >> with rootcontext and fscontext, however due to the fsconfig(2) they > >> bug will > >> not pass with these (see note in nfs.sh). > >> > >> The filesystem types supported are: ext2, ext3, ext4, xfs, btrfs, > >> hfsplus, > >> reiserfs, nfs4. If not in this list, tests are skipped. I'm not sure what > >> others need supporting, these seem reasonable and available on Fedora. > > > > Didn't receive the patch but will comment on a few items in your cover > > letter. > > > > Offhand, I'd suggest pruning it to just ext4, xfs, and nfs4. There is > > no separate ext3 filesystem in the kernel anymore (ext4 provides the > > implementation for both ext3 and ext4). ext2 and reiserfs seem to be > > legacy filesystems and reiserfs never supported SELinux well to my > > knowledge. btrfs SELinux support seems to not be well supported; absent > > a distro supporting them both that seems unlikely to change. hfsplus is > > orphaned per MAINTAINERS and not likely to be used as a primary > > filesystem for SELinux regardless. > > > >> I've had to add a number of policy rules to support these types, however > >> I've made no attempt to consolidate them. Most are for supporting > >> rootcontext > >> and fscontext on NFS. Rules for the 'context' option were many more so > >> decided not to add them - any views on this. > > > > Wasn't sure what issue you are encountering there. Could you use an > > attribute ala file_type and/or fs_type or the corresponding refpolicy > > interfaces to allow what you need with just a few rules? > >> When testing btrfs, most tests will fail on tests/fs_filesystem due to > >> the fsconfig(2) bug. > > > > Yes, I'm disinclined to include btrfs in our testing until/unless a > > SELinux maintainer is using a distro that defaults to it (or the > > maintainer defaults to using it regardless) and ensures that it is kept > > functioning. > > Actually, I take that back. I wouldn't want the testsuite to > automatically try to create and test btrfs filesystems itself, but if > you are just whitelisting on which filesystem types the testsuite will > try to apply its tests when run there, including btrfs makes sense. > Then it won't break automated testing runs on distros not using btrfs > but we can still refer btrfs developers to the testsuite to identify and > reproduce bugs/regressions. I would agree with that. -- paul moore www.paul-moore.com
