On Thu, May 2, 2024 at 3:50 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Thu, May 2, 2024 at 3:18 PM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > > > On Fri, Jan 26, 2024 at 5:12 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > > > On Thu, Jan 25, 2024 at 5:09 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > > > > > > On Thu, Jan 25, 2024 at 10:59 AM Stephen Smalley > > > > <stephen.smalley.work@xxxxxxxxx> wrote: > > > > > So as a side-bar is anyone running ./tools/nfs.sh on a regular basis > > > > > or has it been wired up into the automated testing by anyone? If not > > > > > and if we can get it back to a clean state, that would be good to do. > > > > > > > > I am not as part of my kernel-secnext testing, I should, but I haven't > > > > had the time to configure that as part of the test run. Building and > > > > testing on Debian in addition to Fedora is still higher on my > > > > kernel-secnext todo list, and I haven't made much progress there. > > > > > > > > I believe the IBM/RH folks are doing regular testing, perhaps they > > > > have something in place? > > > > > > We don't currently run the NFS-backed selinux-testsuite, > > > unfortunately. Looking at my unmerged branches, I can see I tried to > > > add it over 2 years ago, but the note I had left for myself says > > > "doesn't work yet due to NFS bug", so presumably it wasn't passing > > > even back then. > > > > I finally tracked down the source of one bug (not setting the label on > > new files properly) and sent a patch for that. Several of the other > > failures were introduced by the use of fifos for synchronization; > > apparently fifos on NFS aren't expected to work and hence unix_socket > > and other tests that rely on those won't work there. > > Actually, it seems that I misinterpreted earlier test results. With my > patch applied on top of nfs-next, the entire ./tools/nfs.sh run > passes, including unix_socket and friends. Huzzah! Can we get this > wired up into automated regression testing to keep it that way? Sorry, sent too soon. It does pass running the entire selinux-testsuite on a NFS mount with security labeling enabled, but then starts hitting some failures during the later context mount tests. Likely bears further investigation.
