Re: [PATCH testsuite 00/24] Clean up testsuite policy and support running as sysadm_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 29, 2022 at 2:02 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> This series aim for two things:
> 1. Refactor the policy so that it is easier to work with.
> 2. Leverage the refactoring to fully support running the testsuite
>    as sysadm_u:sysadm_r:sysadm_t.
>
> The gist of this work lies in unifying how test domains are defined,
> deduplicating the various boilerplate spread out all across the
> individual files (and not even used consistently), and in abstracting
> the policy caller domain/role away from the individual test policies
> into test_general.te. Some tests also had to be massaged to not
> hard-code unconfined_* and be generic against the context of the
> testsuite caller.
>
> The series also extends the CI to test running the testsuite as sysadm_*
> and also verify that no unconfined_t/sysadm_t unexpected denials are
> produced (which would usually indicate a missing dontaudit rule in the
> testsuite policy).

Lol, I got a bounce for patches 4 and 5 because they are too long :D
Hopefully the list owners can approve them manually. If not, I'll
submit this series as a GitHub PR and post a link here.

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux