On Fri, Aug 30, 2024 at 8:23 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Thu, Aug 29, 2024 at 4:35 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > > On Thu, Aug 29, 2024 at 9:37 AM Stephen Smalley > > <stephen.smalley.work@xxxxxxxxx> wrote: > > > > > > On Tue, Aug 27, 2024 at 11:09 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > > > > > RHEL/CentOS Stream 10+ and Fedora ELN will have CONFIG_NET_KEY disabled > > > > [1]. Make the test skip itself when it detects that PF_KEY is not > > > > supported so that the testsuite can still pass out-of-the-box on these > > > > platforms. > > > > > > > > [1] https://gitlab.com/cki-project/kernel-ark/-/commit/99d6d1c86fe1bb1df5c0b80f4717826c2330e291 > > > > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > > > > > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > > > > > > Wondering if we should drop NET_KEY from the testsuite defconfig too then. > > > > If we have a test for it, it seems like it might be worthwhile keeping > > it as long as the upstream kernel still supports PF_KEY. I'm not sure > > if Fedora plans to disable CONFIG_NET_KEY, but as of kernel > > v6.11.0-0.rc5.20240827xxx CONFIG_NET_KEY is still enabled as a module. > > Even if Fedora does disable it in their build I can enable it in my > > testing, I already do that now for a few things. > > No, Fedora doesn't have any plans to disable it as far as I know. > Fedora doesn't have any contractual obligation for maintenance and > mostly just tracks the upstream kernel, so there is little motivation > to disable functionality because of the lack of maintenance upstream. > ("If it works, why risk breaking users? And if it doesn't, then > upstream should be the one to remove it." seems to be the general > philosophy in such cases.) > > I agree with keeping it in defconfig - after all, CONFIG_ANDROID=y is > also there, even though it isn't strictly required (and so are other > configs). Now applied: https://github.com/SELinuxProject/selinux-testsuite/commit/a9e631f0f1d5b11756a62679e8da073b3cc85b13 -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.