I've split the patch as it never made it past vger last time. This supports NFS when using the tools/nfs.sh script. NFS will support options with rootcontext and fscontext, however due to the fsconfig(2) bug they will not pass with these. The filesystem types tested are: ext4, xfs, vfat and nfs4. No support for btrfs or reiserfs as they require much larger filesystem size and additional policy rules. I've added tests for xfs quotas, however it does need a patch [1] for testing filesystem quotaget/quotamod permissions. Also xfs does not call security_quota_on(), therefore the 'file quotaon' permission is not tested (see notes in test scripts). Not tested on travis (xfs_quotas_test.c added that may cause issues) How the system is configured will depend on how many tests are run (for example 'watch/fanotify' adds 11 tests). Also there are a number of bugs/features that will cause various errors. They include: 1) There is a kernel bug using fsconfig(2) with nfs if any *context= option is given. 2) There is an nfs kernel bug where the top-level mounted directory shows up with unlabeled_t initially, then later gets refreshed to a valid context. policy/test_filesystem.te contains allow rules to bypass this as the bug is marked as closed - not fixed. 3) Some XFS quotas will fail as described above. 4) udisks(8) is now disabled by default. This is because when running xfs, random failures occur as udisks(8) tries to be 'helpful'. It can be enabled locally with the -e flag. RFC V2 Changes: Probably all those in [2] [1] https://lore.kernel.org/selinux/20200220153234.152426-1-richard_c_haines@xxxxxxxxxxxxxx/ [2] https://lore.kernel.org/selinux/186a0ca5-802d-44d8-7fbf-1fd918591fff@xxxxxxxxxxxxx/ Richard Haines (2): selinux-testsuite: Use native filesystem for tests - Part 1 selinux-testsuite: Use native filesystem for tests - Part 2 README.md | 10 +- defconfig | 6 + policy/test_filesystem.te | 78 +- policy/test_filesystem_notify.te | 56 +- tests/filesystem/.gitignore | 1 + tests/filesystem/Filesystem.pm | 127 ++- tests/filesystem/Makefile | 3 +- tests/filesystem/test | 1184 ++++++++++++++++---------- tests/filesystem/xfs_quotas_test.c | 96 +++ tests/fs_filesystem/fsmount.c | 5 +- tests/fs_filesystem/test | 1275 ++++++++++++++++++---------- tools/nfs.sh | 39 +- 12 files changed, 1939 insertions(+), 941 deletions(-) create mode 100644 tests/filesystem/xfs_quotas_test.c -- 2.24.1
