On Mon, Aug 1, 2022 at 10:02 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > On Fri, Jul 29, 2022 at 2:27 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Fri, Jul 29, 2022 at 2:02 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > > > This series aim for two things: > > > 1. Refactor the policy so that it is easier to work with. > > > 2. Leverage the refactoring to fully support running the testsuite > > > as sysadm_u:sysadm_r:sysadm_t. > > > > > > The gist of this work lies in unifying how test domains are defined, > > > deduplicating the various boilerplate spread out all across the > > > individual files (and not even used consistently), and in abstracting > > > the policy caller domain/role away from the individual test policies > > > into test_general.te. Some tests also had to be massaged to not > > > hard-code unconfined_* and be generic against the context of the > > > testsuite caller. > > > > > > The series also extends the CI to test running the testsuite as sysadm_* > > > and also verify that no unconfined_t/sysadm_t unexpected denials are > > > produced (which would usually indicate a missing dontaudit rule in the > > > testsuite policy). > > > > Lol, I got a bounce for patches 4 and 5 because they are too long :D > > Hopefully the list owners can approve them manually. If not, I'll > > submit this series as a GitHub PR and post a link here. > > The patches are still not there, so opened a pull request: > https://github.com/SELinuxProject/selinux-testsuite/pull/82 > > One can fetch the contents of the PR in the git-format-patch format > through the following URL: > https://github.com/SELinuxProject/selinux-testsuite/pull/82.patch This is just a note that I have merged the PR now. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
