[PATCH v4 testsuite 00/15] Update to work on Debian

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Update the selinux testsuite to work on Debian and provide
instructions for building and running it there.

v4 splits the patch into one patch per logical change, updates
some of the descriptions, drops an unnecessary constraint
(only appear to need the peer recv constraint from Fedora for
the current tests, not the packet/SECMARK constraint), cleans up
the Makefile, and updates the test for noexec dev to match
any "/dev .*noexec" instead of just devtmpfs since not everyone
uses devtmpfs.

Stephen Smalley (15):
  test_capable_net.te: remove corenet_tcp/udp_sendrecv_all_ports()
  test_execute_no_trans.te: stop using mmap_file_perms
  test_ibendport.te: use dev_rw_infiniband_mgmt_dev()
  test_global.te: allow test domains to statfs selinuxfs
  test_inet_socket.te: switch from generic_port to
    _all_unreserved_ports()
  test_sctp.te: make netlabel_peer_t a MCS-constrained type
  test_policy.if: use ptynode instead of unconfined_devpts_t
  test_overlayfs.te: allow test_overlay_mounter_t to read user tmp files
  policy: Add MCS constraint on peer recv
  policy: Add defaultrange rules for overlay tests
  test_filesystem.te,tests/{fs_}filesystem: do not force user identity
    to system_u
  policy/Makefile: conditionalize setting of allow_domain_fd_use
  tests/cap_userns: set /proc/sys/kernel/unprivileged_userns_clone if
    needed
  tests/mmap: skip /dev/zero tests if /dev is noexec
  README.md: Add instructions for Debian

 README.md                            | 66 +++++++++++++++++++++++++++-
 policy/Makefile                      | 23 +++++++---
 policy/test_capable_net.te           |  2 -
 policy/test_execute_no_trans.te      |  3 +-
 policy/test_filesystem.te            |  1 +
 policy/test_global.te                |  1 +
 policy/test_ibendport.te             |  9 ++--
 policy/test_inet_socket.te           | 22 +++++-----
 policy/test_mlsconstrain.cil         |  2 +
 policy/test_overlay_defaultrange.cil |  7 +++
 policy/test_overlayfs.te             |  1 +
 policy/test_policy.if                |  4 +-
 policy/test_sctp.te                  |  1 +
 tests/cap_userns/test                |  8 ++++
 tests/filesystem/test                |  2 +-
 tests/fs_filesystem/test             |  2 +-
 tests/mmap/test                      | 48 +++++++++++++-------
 17 files changed, 154 insertions(+), 48 deletions(-)
 create mode 100644 policy/test_mlsconstrain.cil
 create mode 100644 policy/test_overlay_defaultrange.cil

-- 
2.23.1
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux