On Fri, Jul 29, 2022 at 2:27 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > On Fri, Jul 29, 2022 at 2:02 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > This series aim for two things: > > 1. Refactor the policy so that it is easier to work with. > > 2. Leverage the refactoring to fully support running the testsuite > > as sysadm_u:sysadm_r:sysadm_t. > > > > The gist of this work lies in unifying how test domains are defined, > > deduplicating the various boilerplate spread out all across the > > individual files (and not even used consistently), and in abstracting > > the policy caller domain/role away from the individual test policies > > into test_general.te. Some tests also had to be massaged to not > > hard-code unconfined_* and be generic against the context of the > > testsuite caller. > > > > The series also extends the CI to test running the testsuite as sysadm_* > > and also verify that no unconfined_t/sysadm_t unexpected denials are > > produced (which would usually indicate a missing dontaudit rule in the > > testsuite policy). > > Lol, I got a bounce for patches 4 and 5 because they are too long :D > Hopefully the list owners can approve them manually. If not, I'll > submit this series as a GitHub PR and post a link here. The patches are still not there, so opened a pull request: https://github.com/SELinuxProject/selinux-testsuite/pull/82 One can fetch the contents of the PR in the git-format-patch format through the following URL: https://github.com/SELinuxProject/selinux-testsuite/pull/82.patch -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
