On Tue, May 12, 2020 at 11:43 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > On Fri, May 8, 2020 at 5:42 PM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > Update the selinux testsuite to work on Debian and provide > > instructions for building and running it there. > > > > v4 splits the patch into one patch per logical change, updates > > some of the descriptions, drops an unnecessary constraint > > (only appear to need the peer recv constraint from Fedora for > > the current tests, not the packet/SECMARK constraint), cleans up > > the Makefile, and updates the test for noexec dev to match > > any "/dev .*noexec" instead of just devtmpfs since not everyone > > uses devtmpfs. > > > > Stephen Smalley (15): > > test_capable_net.te: remove corenet_tcp/udp_sendrecv_all_ports() > > test_execute_no_trans.te: stop using mmap_file_perms > > test_ibendport.te: use dev_rw_infiniband_mgmt_dev() > > test_global.te: allow test domains to statfs selinuxfs > > test_inet_socket.te: switch from generic_port to > > _all_unreserved_ports() > > test_sctp.te: make netlabel_peer_t a MCS-constrained type > > test_policy.if: use ptynode instead of unconfined_devpts_t > > test_overlayfs.te: allow test_overlay_mounter_t to read user tmp files > > policy: Add MCS constraint on peer recv > > policy: Add defaultrange rules for overlay tests > > test_filesystem.te,tests/{fs_}filesystem: do not force user identity > > to system_u > > policy/Makefile: conditionalize setting of allow_domain_fd_use > > tests/cap_userns: set /proc/sys/kernel/unprivileged_userns_clone if > > needed > > tests/mmap: skip /dev/zero tests if /dev is noexec > > README.md: Add instructions for Debian > > With the exception of 07/15, on which I had a small comment: > > Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > (No need to respin the whole series in case you are going to respin > 07. I can just splice it in before merging or apply on top.) All patches now applied (with v5 of 07/15). -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.