On Tue, Aug 11, 2020 at 5:18 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Tue, Aug 11, 2020 at 4:59 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Fri, Aug 7, 2020 at 3:42 PM Stephen Smalley > > <stephen.smalley.work@xxxxxxxxx> wrote: > > > On the Debian side, I'd recommend Debian unstable which despite the > > > name is more stable I think than rawhide and is what I've used for > > > getting the testsuite up and running on Debian. That exercises more > > > of the tests than even Fedora rawhide does currently due to defining > > > more classes/permissions. > > > > Yes, it would definitely improve coverage, but I'd rather pass that > > baton to someone else at this point. > > I've mentioned this before and I feel like this is a good time to > stress this point again - I think it is very important to work on > becoming less Fedora/RH centric. I recognize that this might be a bit > of a learning curve for most of us as we try to get up to speed with > different distros and packaging formats (the latter is a pain point > I'm currently working through with Debian's dpkg), but I think this is > an important part of helping to increase SELinux adoption. It's not really about Fedora vs. Debian - it's just that Fedora recently became a low-hanging fruit thanks to Bill's userspace scripts and the existing testsuite CI got broken recently by Travis/GCE kernel upgrade and instead of throwing more kludges on it I wanted to go one step further and switch it over to the KVM approach. My plan was to just get something working quickly so I don't need to hold off on merging patches nor tolerate broken CI. I assure you, if Bill did the userspace scripts for Debian, I would just copy that and put Fedora on the backlog ;) Anyway, if no one picks this up, I most likely eventually will. I just wanted to make it clear that this is not on my immediate TODO list and in case someone would like to pick it up, they are encouraged to do so and won't conflict with my attempts. I'd like to see it happen as much as you do, but right now I need to catch up with other work so this will have to wait a bit. -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.
