Re: [PATCH testsuite] tests/key_socket: skip the test if CONFIG_NET_KEY is not enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 30, 2024 at 8:23 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> On Thu, Aug 29, 2024 at 4:35 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > On Thu, Aug 29, 2024 at 9:37 AM Stephen Smalley
> > <stephen.smalley.work@xxxxxxxxx> wrote:
> > >
> > > On Tue, Aug 27, 2024 at 11:09 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > > >
> > > > RHEL/CentOS Stream 10+ and Fedora ELN will have CONFIG_NET_KEY disabled
> > > > [1]. Make the test skip itself when it detects that PF_KEY is not
> > > > supported so that the testsuite can still pass out-of-the-box on these
> > > > platforms.
> > > >
> > > > [1] https://gitlab.com/cki-project/kernel-ark/-/commit/99d6d1c86fe1bb1df5c0b80f4717826c2330e291
> > > >
> > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > >
> > > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> > >
> > > Wondering if we should drop NET_KEY from the testsuite defconfig too then.
> >
> > If we have a test for it, it seems like it might be worthwhile keeping
> > it as long as the upstream kernel still supports PF_KEY.  I'm not sure
> > if Fedora plans to disable CONFIG_NET_KEY, but as of kernel
> > v6.11.0-0.rc5.20240827xxx CONFIG_NET_KEY is still enabled as a module.
> > Even if Fedora does disable it in their build I can enable it in my
> > testing, I already do that now for a few things.
>
> No, Fedora doesn't have any plans to disable it as far as I know.
> Fedora doesn't have any contractual obligation for maintenance and
> mostly just tracks the upstream kernel, so there is little motivation
> to disable functionality because of the lack of maintenance upstream.
> ("If it works, why risk breaking users? And if it doesn't, then
> upstream should be the one to remove it." seems to be the general
> philosophy in such cases.)
>
> I agree with keeping it in defconfig - after all, CONFIG_ANDROID=y is
> also there, even though it isn't strictly required (and so are other
> configs).

Now applied:
https://github.com/SELinuxProject/selinux-testsuite/commit/a9e631f0f1d5b11756a62679e8da073b3cc85b13

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.






[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux