On Fri, Aug 7, 2020 at 9:27 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > This patch removes the old hackery to test-build the testsuite and > replaces it with scripts that run the full testsuite on a Fedora VM. The > scripts are based on William Roberts' work on SELinux userspace CI [1], > which does a similar thing. > > The CI currently uses a F32 VM image which comes with a 5.6.6 kernel. > Eventually we might want to run on a more recent kernel/userspace, but > even this is already a big improvement over the old CI approach. > > One downside is that with this patch we lose the test build against > refpolicy, but it shouldn't be too hard to add testing on a Debian VM > with refpolicy later on. > > [1] https://github.com/SELinuxProject/selinux/commit/562d6d15272420542bf65da328bc5300219fce76 > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Sounds good to me. Only question I have is whether it would be possible to use a Fedora rawhide VM instead of a fixed version like 32? I understand that may have some stability issues but it would get us more recent kernel, userspace, and policy for testing. On the Debian side, I'd recommend Debian unstable which despite the name is more stable I think than rawhide and is what I've used for getting the testsuite up and running on Debian. That exercises more of the tests than even Fedora rawhide does currently due to defining more classes/permissions.
