Now that there is an up-to-date CS9 box available in Vagrant [1], we can test on it in the CI to ensure that the testsuite is compatible with this distribution. Note that there may be a few test cases skipped that could in fact be run on the latest CS9 thanks to backports, but that can be addressed later. [1] https://issues.redhat.com/browse/CS-1186 Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> --- .github/workflows/checks.yml | 13 +++++++------ Vagrantfile | 23 +++++++++++++++-------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 9d9ebd9..e43b793 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -10,18 +10,19 @@ jobs: - uses: actions/checkout@v2 - run: sudo chown $(id -u):$(id -g) . - run: tools/check-syntax -f && git diff --exit-code - fedora-test: + vm-test: runs-on: macos-12 strategy: fail-fast: false matrix: domain: [unconfined_t, sysadm_t] env: - - { version: 37, kernel: default } - - { version: 38, kernel: default } - - { version: 38, kernel: secnext } + - { image: fedora/37-cloud-base, kernel: default } + - { image: fedora/38-cloud-base, kernel: default } + - { image: fedora/38-cloud-base, kernel: secnext } + - { image: centos/stream9, kernel: latest } env: - FEDORA_VERSION: ${{ matrix.env.version }} + IMAGE_NAME: ${{ matrix.env.image }} KERNEL_TYPE: ${{ matrix.env.kernel }} ROOT_DOMAIN: ${{ matrix.domain }} steps: @@ -47,6 +48,6 @@ jobs: - name: Run SELinux testsuite run: vagrant ssh -- sudo make -C /root/testsuite test - name: Check unwanted denials - run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep ${{ matrix.domain }}' + run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep "^type=AVC .*${{ matrix.domain }}"' - name: Check .gitignore coverage run: test "$(vagrant ssh -- sudo git -C /root/testsuite ls-files -o --exclude-standard | wc -l)" -eq 0 diff --git a/Vagrantfile b/Vagrantfile index 682b805..c0cc377 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,7 +5,7 @@ # # To create a new virtual machine: # -# FEDORA_VERSION=33 vagrant up +# IMAGE_NAME=fedora/34-cloud-base KERNEL_TYPE=default vagrant up # # To launch tests (for example after modifications have been made): # @@ -20,7 +20,7 @@ # backwards compatibility). Please don't change it unless you know what # you're doing. Vagrant.configure("2") do |config| - config.vm.box = "fedora/#{ENV['FEDORA_VERSION']}-cloud-base" + config.vm.box = "#{ENV['IMAGE_NAME']}" config.vm.synced_folder ".", "/vagrant", disabled: true config.vm.synced_folder ".", "/root/testsuite", type: "rsync", # need to disable '--copy-links', which is in rsync__args by default @@ -33,16 +33,23 @@ Vagrant.configure("2") do |config| v.memory = 4096 end + kernel_subpkgs = ['devel', 'modules'] + + dnf_opts = '' + case ENV['IMAGE_NAME'] + when /^centos\// + dnf_opts << ' --enablerepo crb' + kernel_subpkgs << 'modules-extra' + end + case ENV['KERNEL_TYPE'] when 'default' - dnf_opts = '' - kernel_pkgs = 'kernel-devel-"$(uname -r)" kernel-modules-"$(uname -r)"' + kernel_pkgs = kernel_subpkgs.map{|s| "kernel-#{s}-\"$(uname -r)\""}.join(' ') when 'latest' - dnf_opts = '' - kernel_pkgs = 'kernel-devel kernel-modules' + kernel_pkgs = kernel_subpkgs.map{|s| "kernel-#{s}"}.join(' ') when 'secnext' - dnf_opts = '--nogpgcheck --releasever rawhide --repofrompath kernel-secnext,https://repo.paul-moore.com/rawhide/x86_64' - kernel_pkgs = 'kernel-devel kernel-modules' + dnf_opts << ' --nogpgcheck --releasever rawhide --repofrompath kernel-secnext,https://repo.paul-moore.com/rawhide/x86_64' + kernel_pkgs = kernel_subpkgs.map{|s| "kernel-#{s}"}.join(' ') else print("Invalid KERNEL_TYPE '#{ENV['KERNEL_TYPE']}'") abort -- 2.41.0
