On Thu, May 21, 2020 at 4:51 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Wed, May 20, 2020 at 6:34 PM <bill.c.roberts@xxxxxxxxx> wrote: > > From: William Roberts <william.c.roberts@xxxxxxxxx> > > > > The current Travis CI runs the userspace tooling and libraries against > > policy files, but cannot test against an SELinux enabled kernel. Thus, > > some tests are not being done in the CI. Travis, unfortunately only > > provides Ubuntu images, so in order to run against a modern distro with > > SELinux in enforcing mode, we need to launch a KVM with something like > > Fedora. > > > > This patch enables this support by launching a Fedora32 Cloud Image with > > the SELinux userspace library passed on from the Travis clone, it then > > builds and replaces the current SELinux bits on the Fedora32 image and > > runs the SELinux testsuite. > > > > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> > > From the text above I infer that this patch is intended against the > userspace repo, right? > > If so, I don't quite see the usefulness of running the > selinux-testsuite on every userspace change... It is mainly intended > for testing the kernel and only a small part of its running time is > spent on running (i.e. testing in a sense) the SELinux userspace > programs. Not to mention that in your patch it runs with the userspace > shipped in Fedora and not the version from the given commit... Last I looked, his script builds and installs the userspace code on top of the Fedora libraries and programs (make LIBDIR=... install...) and then runs the testsuite. That was my suggestion. While it is the kernel testsuite, it exercises a lot of SELinux userspace functionality that isn't tested by the userspace tests. > > However, it could be very useful if this was added to the testsuite's > CI instead so that it can verify that the testsuite patches don't > break something. But note that you'd need to modify the script a bit > to copy over the testsuite snapshot being tested to the VM and run > that, instead of the current master. > > Anyway, thank you for working on this! I never realized that it could > be so easy to run a Fedora VM from Travis. If I find some time maybe I > can find some more ways to use this... For example we could run the > Fedora/RHEL SELinux userspace tests from [1] after installing (not yet > sure how) the userspace built from the currently tested userspace repo > commit. > > [1] https://src.fedoraproject.org/tests/selinux/tree/master
