Re: [PATCH v4 testsuite 00/15] Update to work on Debian

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, May 12, 2020 at 11:43 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Fri, May 8, 2020 at 5:42 PM Stephen Smalley
> <stephen.smalley.work@xxxxxxxxx> wrote:
> > Update the selinux testsuite to work on Debian and provide
> > instructions for building and running it there.
> >
> > v4 splits the patch into one patch per logical change, updates
> > some of the descriptions, drops an unnecessary constraint
> > (only appear to need the peer recv constraint from Fedora for
> > the current tests, not the packet/SECMARK constraint), cleans up
> > the Makefile, and updates the test for noexec dev to match
> > any "/dev .*noexec" instead of just devtmpfs since not everyone
> > uses devtmpfs.
> >
> > Stephen Smalley (15):
> >   test_capable_net.te: remove corenet_tcp/udp_sendrecv_all_ports()
> >   test_execute_no_trans.te: stop using mmap_file_perms
> >   test_ibendport.te: use dev_rw_infiniband_mgmt_dev()
> >   test_global.te: allow test domains to statfs selinuxfs
> >   test_inet_socket.te: switch from generic_port to
> >     _all_unreserved_ports()
> >   test_sctp.te: make netlabel_peer_t a MCS-constrained type
> >   test_policy.if: use ptynode instead of unconfined_devpts_t
> >   test_overlayfs.te: allow test_overlay_mounter_t to read user tmp files
> >   policy: Add MCS constraint on peer recv
> >   policy: Add defaultrange rules for overlay tests
> >   test_filesystem.te,tests/{fs_}filesystem: do not force user identity
> >     to system_u
> >   policy/Makefile: conditionalize setting of allow_domain_fd_use
> >   tests/cap_userns: set /proc/sys/kernel/unprivileged_userns_clone if
> >     needed
> >   tests/mmap: skip /dev/zero tests if /dev is noexec
> >   README.md: Add instructions for Debian
>
> With the exception of 07/15, on which I had a small comment:
>
> Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
>
> (No need to respin the whole series in case you are going to respin
> 07. I can just splice it in before merging or apply on top.)

All patches now applied (with v5 of 07/15).

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux