On Fri, Jan 26, 2024 at 5:12 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Thu, Jan 25, 2024 at 5:09 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > > On Thu, Jan 25, 2024 at 10:59 AM Stephen Smalley > > <stephen.smalley.work@xxxxxxxxx> wrote: > > > So as a side-bar is anyone running ./tools/nfs.sh on a regular basis > > > or has it been wired up into the automated testing by anyone? If not > > > and if we can get it back to a clean state, that would be good to do. > > > > I am not as part of my kernel-secnext testing, I should, but I haven't > > had the time to configure that as part of the test run. Building and > > testing on Debian in addition to Fedora is still higher on my > > kernel-secnext todo list, and I haven't made much progress there. > > > > I believe the IBM/RH folks are doing regular testing, perhaps they > > have something in place? > > We don't currently run the NFS-backed selinux-testsuite, > unfortunately. Looking at my unmerged branches, I can see I tried to > add it over 2 years ago, but the note I had left for myself says > "doesn't work yet due to NFS bug", so presumably it wasn't passing > even back then. I finally tracked down the source of one bug (not setting the label on new files properly) and sent a patch for that. Several of the other failures were introduced by the use of fifos for synchronization; apparently fifos on NFS aren't expected to work and hence unix_socket and other tests that rely on those won't work there.