This patch adds five tests for sctp_socket type_transition rules and setsockcreatecon(3). More tests can be added however these test the basics. Hopefully these will help testing the debated peeloff scenarios. To be able to run these tests you must: 1) Build a new kernel with patches from [1] and [2]. These have been build/tested using kernel 5.15. 2) Add patch [3] to the SELinux testsuite, and then this patch. Note: When adding [3] to the testsuite, there will be a one line reject: patching file tests/sctp/test Hunk #1 FAILED at 33. if using current git build. Just change line 36 to '$test_count = 85;' before adding this patch. [1] https://lore.kernel.org/selinux/163593840902.17756.9280314114933444317.git-patchwork-notify@xxxxxxxxxx/T/#t [2] https://lore.kernel.org/selinux/20211104195949.135374-1-omosnace@xxxxxxxxxx/ [3] https://lore.kernel.org/selinux/20211021144543.740762-1-omosnace@xxxxxxxxxx/ Richard Haines (1): testsuite sctp: Add tests for sctp_socket transition rules policy/test_sctp.te | 57 ++++++++++++++++++++++++++++++++ tests/sctp/sctp_client.c | 19 +++++++++-- tests/sctp/sctp_common.c | 51 ++++++++++++++++++++++++++++ tests/sctp/sctp_common.h | 2 ++ tests/sctp/sctp_peeloff_client.c | 21 +++++++++--- tests/sctp/sctp_peeloff_server.c | 18 ++++++++-- tests/sctp/sctp_server.c | 18 ++++++++-- tests/sctp/test | 57 +++++++++++++++++++++++++++++++- 8 files changed, 231 insertions(+), 12 deletions(-) -- 2.33.1
