On 11/2/20 7:11 PM, Paul Moore wrote:
Hi Paul,
On Sat, Oct 31, 2020 at 11:08 PM Tushar Sugandhi
<tusharsu@xxxxxxxxxxxxxxxxxxx> wrote:
On 2020-10-30 1:37 p.m., Paul Moore wrote:
...
If the patch(set) introduces new functionality I will ask you to add
or update an existing test in the selinux-testsuite.
* https://github.com/SELinuxProject/selinux-testsuite
Lakshmi has written an SeLinux test for this feature, and it is
currently being targeted for LTP repo.
https://github.com/linux-test-project/ltp
We can work with you to also get it incorporated in selinux-testsuite.
But the concern here is we may have to pull additional dependent scripts
from LTP to selinux-testsuite to support our test.
Could you please take a look at Lakshmi's SeLinux test, and guide us
further on this? Here is the patch.
https://patchwork.kernel.org/patch/11804587/
As I'm looking at the test(s) above, I'm thinking that this may not be
something that needs to be in the selinux-testsuite. While SELinux is
obviously an important part of the test, the test is more IMA focused
(which is probably the way it should be).
Yes, as you mentioned, the test is more IMA focused. It is to validate
the measurement done by IMA against the current state of the
configuration and policy of SELinux. Therefore we would like to keep it
in LTP.
As a bit of background, the selinux-testsuite is intended to serve as
a relatively easy and quick to run test that can be used by developers
to quickly test their patches; while it aims for good coverage, it
does not try to be a comprehensive regression test suite. Not only
would that be duplicating other efforts such as the LTP, it would go
against the goal of making the test suite quick and easy to use.
thanks,
-lakshmi
