From patchwork Wed Apr 11 14:55:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 10335643 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1E9C3602D8 for ; Wed, 11 Apr 2018 14:57:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 05BB0289BD for ; Wed, 11 Apr 2018 14:57:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE3B8289DD; Wed, 11 Apr 2018 14:57:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D566C289BD for ; Wed, 11 Apr 2018 14:57:23 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.48,436,1517875200"; d="scan'208";a="671722197" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 11 Apr 2018 14:57:01 +0000 X-IronPort-AV: E=Sophos;i="5.48,436,1517875200"; d="scan'208";a="11900796" IronPort-PHdr: =?us-ascii?q?9a23=3AwyiJyx3vsJDZlYEMsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8Zse8QKP7xwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9Qr4uWT?= =?us-ascii?q?Sm8qxlVhnmhikaPDI96W3bl9B8gKddrRm8pRJw3pTUbZmVOvRgcK3Tft0VSm?= =?us-ascii?q?VdUcheSiJBGoGxY5YBAuUfJuZVtJX9qlkUoBeiGQWhHuHixzlVjXH2x6061O?= =?us-ascii?q?EhHBnc0gM6AtIOtGnfotLyNKcVS+C60rTDwDLbb/NT3jf975LIfQ46rPGWQ7?= =?us-ascii?q?1/bMrRxlMzFw/fklqQronlMiqT2+8QvWab6O9gWviui24hswxxrTmvxtssio?= =?us-ascii?q?nUnY0Z0EzL9SJ8wIszONa2S1Z7bMa5HJZfuCyWLYt7Tt44T212tys21KcKtY?= =?us-ascii?q?OjcCQU1JgqwwTTZ+GJfoSW+B7vSeWcLDliiH57e7+ygQu5/1K6xe3mTMa01U?= =?us-ascii?q?5Hri9CktbRqH8AzwfT6s2bSvtl+UehxCqP2xjT6u5aJUA0krLWK4I7zb4ql5?= =?us-ascii?q?oTrF/DEjXqmET2kKCWdkIk9vKu6+v7ebXpuoWQN4p1igH6Kqgum8q/DvokMg?= =?us-ascii?q?UWQmSW9uux2Kfj8EHkWrlGkPI7nrfDvJzHPcgbo7S2Aw5R0oYt8Ra/CDKm3c?= =?us-ascii?q?wDnXYZKFJFeRSHj5XmOl3XO//4Cuq/g1Kwnzh13PDLJaHhA5XRIXjDl7ftZ7?= =?us-ascii?q?B961VGxwYpwtBf4IxUBqkbIP3vQk/xqMDYDhghPgy2xObnDs9y1p8eWW2VBK?= =?us-ascii?q?+UK6HSsViO5uIqOeaMf5MVtyjnK/g+/fLuimU5mVAFd6mzwZQXcGy4HuhhI0?= =?us-ascii?q?iBY3rsgM0OHnsJvgolS+zqjlyCUSBIana8W6I8+z46B5m7DYfFWoCtnaaN3C?= =?us-ascii?q?ChHp1ZfmpGEEyDEW/0d4WYXPcBcDqSLdF6nTMaU7ihSpMh1Ra1uQ/71bVoMP?= =?us-ascii?q?Tb9jcftZL529h///fTmg0q9TxoE8Sd1HmAQHxznmMOQT85wb5woUh8ylqYy6?= =?us-ascii?q?d3neZYFdtJ6/NOSAc6OobWz/ZmBNDqRgLBYtCJRU67TdW6Gz4xVMk8zMMJY0?= =?us-ascii?q?Z4B9qtlAvD3zawD78TibOLGIQ+8rjA0HjpO8Z913HG2bE/gFk+WMRPL2ymhr?= =?us-ascii?q?Vk+gjLHYHJiUSZl72ydaQYxiHC6HmMwXCJvEFCXw56Sb/FUmwHZkvKsdT54V?= =?us-ascii?q?vPT76oCbQ7LARBzdCNKq5UZd31l1VHROzuONPGY22vnWewAAyHxrKIbIXxfG?= =?us-ascii?q?Uc0z/RCE8ekwAc5XyGLxQxBj+9o2LCCzxjDVLuYkLr8el4s367S0s0wxiLb0?= =?us-ascii?q?1nzba1/AQaheafS/MSwLILpj0tqzNqE1ahx9jWEcaPpxJ9fKVAZtMw+FlG1W?= =?us-ascii?q?Pdtwx4IJOgNbtvhlAAfAtquEPuzQ94Cp1akcgtrnMl0hZ9Kb6C3FNGbTOY0o?= =?us-ascii?q?j6OqfLJWnq4BCvd6nW10nQ0NaM4KgP7ug3q1T4vAyyE0oi63Rn38BO03qS/Z?= =?us-ascii?q?XGFg0SUYj+Ukwv7Rh1u6naYjUh54PTzXBsMrO7sjzF29I0H+YlyQyvf9RYMK?= =?us-ascii?q?OZDgPyFNcaB8e2Iuwwh1epdg4EPPxV9KMsJcypauGG2K+1M+Z6hz+pl3hI4I?= =?us-ascii?q?Vn3kKL7Sp8RfbC34wZzPGAwguHSzD8gU+9vc/tnYBLeyoSHna/yCjjH4NRfb?= =?us-ascii?q?F9fYcVBmeoP823x89xi4TrW3FG6F6pH0kG19OxeRqOc1z92hVd1V4KrnO6gi?= =?us-ascii?q?a4wDl0kj4zoqqZwiPO3/zodAAbNW5TWGlikVDsLJCvj9AURkioaBMplAe+6E?= =?us-ascii?q?bhwahbo6p+L2zJTkdOZST2KX9tUreovLqYf8FP8I8osTlQUOmkb1GVULr9ow?= =?us-ascii?q?cE3CP5BGtT3y47eC+wuprighx6jXiRLHFprHrWYctw3wvQ5MTARf5N2ToLXD?= =?us-ascii?q?d4iTjLCVigONmp58+YmIvDsuC5UWKhWYZecS3qzYOGriS7/2pqDQe4n/Cpld?= =?us-ascii?q?3tCRI63jPj19l2SSXIqw7xYo3q16ShLeJrZ1JoC0H468p7HIF+j4QxiYoL2X?= =?us-ascii?q?gCh5WV+3sHnnvoMdlB36LxcmYNTyYRw9HJ+AjlxFFjLnWRyoLjUXWdxs9haM?= =?us-ascii?q?egYmwK3SI84dtHCLyJ7LNYhit5uF24rRjeYfJlhDcS1eMu6GIGg+EOoActzT?= =?us-ascii?q?uSArYJHURDPizjiRKI78u4rKpJeGaja7+w1FBxndq5FrGNvhlcWGrlepclBS?= =?us-ascii?q?Jw9t9wME/I0HLt8oHrYt/Qbc4NuR2OiBrAkvNVJ4wrlvoRnyZnImX9vWA/y+?= =?us-ascii?q?EnkxNu05a6vJKIK2pz5q65BABXNiHtbcMJ5j7tlbpentqR3423AJVhHCgEUY?= =?us-ascii?q?D2TfKuDT0Ste7rNwCQHz0gsn2bA6bQHReD6Ed6qHLCC4irOGuKJHkd1thtWB?= =?us-ascii?q?idJFBfgQwNUjU1hJg5GhqtxMz7f0dz/ioR6ULgqhtQ1uJoMAHyUmTfpQesdD?= =?us-ascii?q?g5U52fLB1Y7gFM+UjVLdCe7uJ0HyFd4JKttgqNJXKHZw5QF2EGRlSEB0z/Pr?= =?us-ascii?q?mp/dTA/fKXBuyiL/vJZLWDsuJeWOmVypKoyItp5S6MNt+IPnlgEfI0xlZDUW?= =?us-ascii?q?p+G8TDlDUFUzYXmD7Vb86HuBe8/TV6od2j//TuXwLv45ePB6ZJPNVx5R+2m6?= =?us-ascii?q?aDNu+XhCZ/MzpY0I0DxWPQwrgFwFESkz1udyWqEbkYuy7NVrzflbJMDxEBbS?= =?us-ascii?q?NzKMxI77kn0wZXJcHbj8n51rlijv46E11FT0Dumtm1ZcwWJGGwLFXHBFyRO7?= =?us-ascii?q?SePT3G2M/3YaKmSb1LkOVUuRywuTCBHE/lIjuDliPmVxS1PeFLliGbMwRUuJ?= =?us-ascii?q?uhfRZ1FWjjUNXmZwWgP9BsijE2xbw0hmjWNW4HKzR8aF1CoaGK4SNDnPp/H2?= =?us-ascii?q?1B7nx4LeiLgCuW8+nZKowLsftwGCh1mfhV4Gghy7tS6iFIXvt1mDHdrtR2uV?= =?us-ascii?q?GpjvGPyiZ7UBpJsjtLgoOLvUFmOarH7ZlNQmzL8wwX7WWXERgKoMFlCtL3sa?= =?us-ascii?q?BK1tfPjL7zKCtF89/M5sQcBsfUKMWBMHc6LBXmBiXbDAofQj6tL23fgFZdkP?= =?us-ascii?q?6K/H2Pspc6soTsmIYJSrJDTlM1GekVClp7E9EZJ5d3Ri0rkbiejMES5Hq+qA?= =?us-ascii?q?LeRMJVv5zdUfKSG/rvIi6DjbZYfxsI3a/4LYMLO43n3Exib0N2nJ7NG0vRQ9?= =?us-ascii?q?9NpDZubhUzoEpT83hzVXE820Xgagyx+nATDuK0kgQwigRgfeQn7C3s7EsvJl?= =?us-ascii?q?rWuCswl1E8mdflgTGRaD7xK6OwXYBKCyXqrEUxN5L7QxpvbQKsh0BkMy3ER7?= =?us-ascii?q?1Jhbt6aW9rkBPcuYdIGfNES61LfgUfxfWMavUr1lRcsTmnylVB5eveCptilR?= =?us-ascii?q?EmcZiyoHJcwwhjdsI6JbTMJKpVyVhdnriOsTGz1u8v2gAePVoC8GOJdSETuU?= =?us-ascii?q?wILKQpJy2m/ux08wyNhTtCdHIKV/U0vvJg7lk9NPiYzyL8z75DLVi8OPGFIK?= =?us-ascii?q?OHumjPiNWIT0gq2UMSjUlF+rZ30dw9fEWISkAv1rqRFwgJNMbYLwFacdZS/m?= =?us-ascii?q?DJfSmSqeXN3Y51P4KlG+DsSu+OrrgbgkSlHQYuBIkM4cIBHoS23EHfN8fnI6?= =?us-ascii?q?YPyQ8x6wTzOFWFEPNJdQqQkDgZp8G/zZl33ZRSJzwGHWp9NiC36arNqQ8xnP?= =?us-ascii?q?qPRtE2bWkGXoEcLHI5RNW6mzJFv3RHFDS3zuMZyA2F7z/gpiTRDCLxYMdiZP?= =?us-ascii?q?aUfxxjE8u6+TMh/KiqkVTX6InRJ3nmNdR+vd/C8fkVp5KGC/xIU7Zyq0Lcmo?= =?us-ascii?q?leR3ytVW7AC8W4KIPxa4Y2a9z4E3i6UkGlhzIzUcjxIM6nLrKUjgHwWYZUrI?= =?us-ascii?q?6b0Sg4OsCjEDETAA1/qPwd5K1ifw0DeIA0YQTotggkMKy/OgiY2M20Q2mxMT?= =?us-ascii?q?tWU+VfzeKiarxNySosb/O1yHsnTpE+1Om56VcDSowQgBzCwviufJVRUS/2Gn?= =?us-ascii?q?NBYQrPvjY5m3JnNuks3uc12AnIvkUEMzCXaOxpb3RJsM0+BVyIPXp7EXY3R1?= =?us-ascii?q?iYjYrH4w6jwaoS/zdDkNlI0e1Jqn/+voXQYDi0QqyktY3VszY8bdghu6BxK5?= =?us-ascii?q?bsItGBtJzFhTHfUIPQvRebUCGkE/pam95QIC1cQPlJlmElOdAGuYRb5korU8?= =?us-ascii?q?cyPbpPB7cwprqyczprETYSzTMFV4OHxDEDjP2w1KfalheRdZQiMQYLsJZZj9?= =?us-ascii?q?scTSF5fD0RqLWkV4XMmG+OUnILLxsL7QRQ+AIAkZd9fuX/74rST59D1SJWo/?= =?us-ascii?q?NyUivEDZRp+UH0SmeKjlj8T/WhjvGm3RlIwPLqzNYbRAZ1CVJByOZOiksoNL?= =?us-ascii?q?Z3JrEIvo7Ntj+Hb1n6vWzqyOuiKllc0sjUd1r/DIreq2XzTjcc+XoPRY9UyX?= =?us-ascii?q?HfE5sSnxB+aKYxq1VGOJqmdVrm5zw424RpGKG1Wtqxx1Y4q3YKXSSqHsFAC+?= =?us-ascii?q?FnsVLXRCZqb4qtqJr7J5VYWnVQ94GFq1dFjEVtNDa0yYZbK8FI+TMMQCRDoT?= =?us-ascii?q?CGs9eoTs1Mx9N2BYcWIthjo3f9BL9EOJ+Jrn02oLPv0GXW+zQhv1qh2Tq8Bb?= =?us-ascii?q?e4T/pH8G0aBAopPX6Sqk41D+sj6m3S6EzCskho/+dHAbiClUdxoDFjEZ1VGz?= =?us-ascii?q?lGy2ulIEppTHlarepVNb7Zc8pCTPkufRWvIQAxFeY630yV+kF5hWv5bDFvuQ?= =?us-ascii?q?tb4S/dWxI5WjUSgrfohTIRsNqnOSMAR5JOczohcz/PKxiHliBPoBZfd0ZqVo?= =?us-ascii?q?gCDdZL574XwYlZ8tfMREu3NS4FWxliOR4i3vpEiU5PqkOYdj7BDQCwb/bArg?= =?us-ascii?q?V3fduNrM6uNPn55hlIhZ7nsO8i66UOXHmmmQqzQd/AsYPzqtqKuVaQe6viNe?= =?us-ascii?q?2zf2PBRiDWjR+snbckE4XK/y/LPQpDMJl61WArboX9CWPQJhRGIL8bJ1BHWq?= =?us-ascii?q?9kb9VGvvpaaNVgeKoT/q9tHB2HTAv1GIOztPlGMkrTRTPGIiWd6Oywv5zc4q?= =?us-ascii?q?HGROj9YsyM22zHTLhpPpd77jn7H6nl0ZNE9krxwPdt+VtwSULaPCCZsNThOg?= =?us-ascii?q?QL6dGndkT4up0pGS3ZAItskHX33E5NbMwXTDO28JQD1JxW8m7wRvxi3kj1ru?= =?us-ascii?q?JS66Fu6ZMr7LBx1ce0OaDSJOxYsUB9GBiUAR5q9pE3D2hhXG1RZ/IRKPPNfa?= =?us-ascii?q?QYkc/uqvr4F6oM6BGP/OxZc9THLVnbmsajEjGcVQBEnAAZpD4YNASc0fCFm7?= =?us-ascii?q?VzScm4u+f0wV4t7EK4Lh4dy7Bh/4GE9bSUpOXPdRve0aAEWrT2RsP0trkstF?= =?us-ascii?q?6S5fwglL4KZGN1ZhaqH/UDWcEGx2fv16YqwTgrE8PZELLq4ORDWG4hnjL8h5?= =?us-ascii?q?B9GE0bGvEVHbqO5olem3k3muzHOd0Mc6BCnGmPGQSiErAc1X6h8zGXL3V9gh?= =?us-ascii?q?HSzxHwRnu+7FnyrSJjQCvMydLjnlBUVrmxC0dSRTCmOVRksDOVIQrnqMb3ub?= =?us-ascii?q?kv7E4oKGDks8iNlGS5MrNNA8L/PMCcITUzpF8PiZ0xQdqv2ZwUGdWjO9oR9X?= =?us-ascii?q?B+YeHY62y1jy9AraBHh5Dd4sGO4PnXG2evj7GCobWX2D9Y0mQ4vU046t24Mv?= =?us-ascii?q?HO/NiKTvSz2mYfUShwpgzBXwSvpbzDtVAUPk6L31nXl4wWJN1Z2mM41k7+7u?= =?us-ascii?q?g5XN0z7BleFprHZ/4apDDyOSH7zkyDbN8sTSmRzSdXEUzpHlViH6g8wm3wtt?= =?us-ascii?q?rTlXjM410oWpVwd0v/iBNsDoU4Mkws50IVwioCDQgNcQqUDKysBUn+MYQEUl?= =?us-ascii?q?UMZgqd07inYKc32ldzzam16O/Ud+x8CLIHNuxBgQ6WgFhbBpUWvLUGQL1mZ1?= =?us-ascii?q?9S6K7XpwblC4j9XPjqjGEwOuOxQsBb98AZqnQj7x2nRxW69ZdM87YbiZ6Pdq?= =?us-ascii?q?5eYpjApsN84Fl95T4JaCNNhAJzjxSjUeATvOrj+MTUsIK06uayU6YgX+oX+A?= =?us-ascii?q?IuB2tgk5vwgEsuodXW1+dAVILViZ7w8B1WI3KQvobVzQV8I/IUK423ZLZg62?= =?us-ascii?q?kHJy8GKnIBI9WWbeU84yhqMDnU/FxNHMcMZdIePMrQlgFZkUnpV69J9svbAF?= =?us-ascii?q?CUEYFzeN4072Dv0jA67YM8Uvr86D+xPZ3f6VBNMO9EjCVojt3Cv/IZwfvVCC?= =?us-ascii?q?gQ+nmZcAN4wiaNxpiCEfrw+v+MyN7MXVMcAiE2S5tdJCaF+QG/Seq6iI7pUh?= =?us-ascii?q?iN5sHuj5wwckOQRnqsnKUKqatMHutAhT/93jdADIz1gOiVs9W04mtNqlJHCJ?= =?us-ascii?q?pz7QHCGKhHPJV7PhT4ls+xSkdgBiv/fNzUeQcvueqXwOcM+OZ+N0rlaI8FIx?= =?us-ascii?q?IE1aj16X5IQQtvUrL2uEiWXf4Jbtt8VPzEtmxV6Z5nK6IXPViduoblrjFTpV?= =?us-ascii?q?AyHQ8mdb4wrjtBdkXUmw1VQan0sqYaigQASd55pVNMGWWoNWI8+TXHW6pVjK?= =?us-ascii?q?2KBf0b6DqTSLIBU1lyPiN4XRy1xI1ke6G1kvBfrmNGgiR9reAl0zxiQxu9tz?= =?us-ascii?q?Pjp6YJ2T8747G4szMBuX1ZQemElSfHF0lDxuwQjagAE3bi9UC8YH4bYYv34b?= =?us-ascii?q?lnJsfg9Y467nQ9exojfCoGXeK+BCH2la+IBJKAsM5Ejh6XpMrOdaOzLTQVNr?= =?us-ascii?q?kl0h3sWX590hTFkRZz9GsLRSmg7MM6JIqjJMkp3C2oGXLUdFwU+KNGrNPxtU?= =?us-ascii?q?IXTOsxcV5hznts0syGRi0VWsPCAGc0jgkhaWVBbp1D8xsaGLcyjjaPpKlG8R?= =?us-ascii?q?keYC3IHYS95onQgcDI1GEzTNdy3GLWp7GKiY0x3X1gmtN08jSOt2oIe+zfSc?= =?us-ascii?q?9sDWD51p1Dxuzme/WtrucHRZNhyLSlTvAPKdGj+W+s15VxRk+lx6gRH0ajMO?= =?us-ascii?q?Ad2LjXSSGlRnOEWe6TaWiDgy45MlLu5RmvNlA3bMZKr0kgMurNn5JckwzhUa?= =?us-ascii?q?hoRiWLvlLbzXYsMeUddw4sv4enYQMKRvYLZ+eAPegu3OE+CFwUYn/MByR5F+?= =?us-ascii?q?+2sV+rnIh8IHhg/0T6YeLz/QDiMduSHAQEEIHAop524/y6SXqLOWV8wx1qIE?= =?us-ascii?q?l06+DfGkwztuBGcJaRmsPfis9m0e4Da/dtMSo9usMcmoJj9YmYysGKfg/Nzp?= =?us-ascii?q?zqP9HavuCYA+HDz0QtYmxaUL8ZYQTv54UgP945QKbeHb1DshQZG6c6QYYtN2?= =?us-ascii?q?Dr9KF7NAlzaBLeZKyogsn2oeKGfoBUp3HT7l0sLSrRuAYOyuKqQgxhbpCrhn?= =?us-ascii?q?LyIJYqSjJHsdJtFkguIIwaAM4Ergy6E7aIiaq7jJm34Eo8tOgU4oTqDfWf7N?= =?us-ascii?q?2k281UWJ9A6ATfJDPWA7Nmql5oguS7nrHL1ZynWpCqQs8NSOUuGj2NUbTBBI?= =?us-ascii?q?jqb2vWYJiuclNa87OazLNyWwmQYya8RaedqSm4L6o/s3gA47AjV9L6lG1r4r?= =?us-ascii?q?zew9S0YmhaomGmrHraUfkX4F/LALnYWBRZAbqA/X1+FKIaJY3z6K8VMNMkzd?= =?us-ascii?q?Tdqwl+5ThPyo2Edq6mqELB?= X-IPAS-Result: =?us-ascii?q?A2DsBQCGIc5a/wHyM5BSAQkcAQEBBAEBCgEBgxcoA2EDb?= =?us-ascii?q?CiDYogBXow0gVOBMIpxJ4dJgXAVGAuEWwOCVCE0GAECAQEBAQEBAgFrHAyCN?= =?us-ascii?q?SSCUQIgSw4DCQIfBQIiBAICAwFDJwIFgzGBVwMMpnaCHIhFgh+BCYZlgVQ/g?= =?us-ascii?q?QwugVqEDQKBMQGDKoJUAocPFweEVYEeijwIhVaCUIdEO4MfgigPhH8BiSCGb?= =?us-ascii?q?4ElHDiBUjMaCBsVOoJDCYVzhAiGZicsjTcBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Apr 2018 14:56:59 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w3BEumYB009659; Wed, 11 Apr 2018 10:56:53 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w3BEufdi157660 for ; Wed, 11 Apr 2018 10:56:41 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w3BEuj00009657 for ; Wed, 11 Apr 2018 10:56:46 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BBAQDTIM5aly0WGNZSAQkcAQEBBAEBC?= =?us-ascii?q?gEBgxcoZANsKINiiAFejDSBU4EwinEnh0mBegsjhzIhNBgBAgEBAQEBAQIUAQE?= =?us-ascii?q?BAQEGGAZLhVhLOwUCJgJJJwKDNoFXAwyYII5eghyIRYIfgQmGZYFUP4EMLoFah?= =?us-ascii?q?A0CgTEBgyqCVAKHDxcHhFWBHoo8CIVWglCHRDuDH4IoD4UAiSCGb4ElHIIKMxo?= =?us-ascii?q?IGxU6gkMJgiUagzSECIZmJyyNNwEB?= X-IPAS-Result: =?us-ascii?q?A1BBAQDTIM5aly0WGNZSAQkcAQEBBAEBCgEBgxcoZANsKIN?= =?us-ascii?q?iiAFejDSBU4EwinEnh0mBegsjhzIhNBgBAgEBAQEBAQIUAQEBAQEGGAZLhVhLO?= =?us-ascii?q?wUCJgJJJwKDNoFXAwyYII5eghyIRYIfgQmGZYFUP4EMLoFahA0CgTEBgyqCVAK?= =?us-ascii?q?HDxcHhFWBHoo8CIVWglCHRDuDH4IoD4UAiSCGb4ElHIIKMxoIGxU6gkMJgiUag?= =?us-ascii?q?zSECIZmJyyNNwEB?= X-IronPort-AV: E=Sophos;i="5.48,436,1517893200"; d="scan'208";a="248741" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 11 Apr 2018 10:56:42 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AOykqexPFvwB9eQ4dbjsl6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0Lfj7rarrMEGX3/hxlliBBdydt6ofzbKO+4nbGkU4qa6bt34DdJEeHz?= =?us-ascii?q?Qksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPER?= =?us-ascii?q?vjKwV1Ov71GonPhMiryuy+4ZLebxlGiTanfb9+MAi9oBnMuMURnYZsMLs6xA?= =?us-ascii?q?HTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKH?= =?us-ascii?q?w65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD?= =?us-ascii?q?+s7bpkSAXwhSkaNzA37m/ZhM9+g61UvB2vqAdyw5LWbYyPKPZyYrnQcNEcSG?= =?us-ascii?q?FcXshRTStBAoakYoUVFeUBIOJYpJT6qVsJqhu+HxejD/7oxz9Qg3/22qo60/?= =?us-ascii?q?4/HgzdxgwvAc8BsHTOo9XpLqsdTee1zKzRwDjFcvhY1zD96I3SfRAgp/GBRb?= =?us-ascii?q?1wccvNyUkvCgPKlU+cppDiPzOQ0OkGrmuV7/J4WO6xlmIqpBt9riagy8s2lI?= =?us-ascii?q?XFmJgZx1/E+Clh3oo5Odm1RFRmbdOqDpdcrTyWOoh4T884XW1luyA3waAct5?= =?us-ascii?q?GhZigF0pEnygbfa/OZd4iI5QruW+iMLzpkmnxodqyyiQyu/ES8yODwTNe730?= =?us-ascii?q?hPripendnArHUN2AbS6siDUPd9+0ah2TKX2wDS7OFLP1w0mLLFJ5I8zbM8jI?= =?us-ascii?q?QfvEvZEiPohkn6lqCbe0U89uit8evnY7HmppGGN49zjwHzKrwumsm4AeQ/KA?= =?us-ascii?q?gBQXOW+f6i27L+/U32WqlKgucqnanetZDWPd4bqbKhAw9JzoYj7A6yDyy439?= =?us-ascii?q?QcnHkHKk9FeR2cgoj1O1DBPPD4DfClj1Sqizdk3erKPrLmApXTfTD/l+L6cL?= =?us-ascii?q?J87VNM4BYixtBYoZRPA/cOJ+ygdFX2sYngBwI9eymzxPzqQIFl04QZQ2+nGK?= =?us-ascii?q?KVMKrO91SP47R8cKG3eIYJtWOleLAe7Pn0gCphwwVPdLS13ZYRdHGzF+hnJE?= =?us-ascii?q?Pce3f3n9MdCjhT7DcFZdCxo2WrCW8Vanu3RK164zg6DMSjDIOQDoyugbnU2i?= =?us-ascii?q?C9E9UWY21dEVmDHD/ucJnMQPYDbi+eY4dhnzUIWKLnSton0hejuQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B4AQCGIc5aly0WGNZSAQkdAQEFAQs?= =?us-ascii?q?BgxcoZANsKINiiAFejDSBU4EwinEnh0mBegsjhzIhNBgBAgEBAQEBAQIBEwE?= =?us-ascii?q?BAQEBBhgGSwyCNSKCdUs7BQImAkknAoM2gVcDDJgYjl6CHIhFgh+BCYZlgVQ?= =?us-ascii?q?/gQwugVqEDQKBMQGDKoJUAocPFweEVYEeijwIhVaCUIdEO4MfgigPhQCJIIZ?= =?us-ascii?q?vgSUcggozGggbFTqCQwmCJRqDNIQIhmYnLI03AQE?= X-IPAS-Result: =?us-ascii?q?A0B4AQCGIc5aly0WGNZSAQkdAQEFAQsBgxcoZANsKINii?= =?us-ascii?q?AFejDSBU4EwinEnh0mBegsjhzIhNBgBAgEBAQEBAQIBEwEBAQEBBhgGSwyCN?= =?us-ascii?q?SKCdUs7BQImAkknAoM2gVcDDJgYjl6CHIhFgh+BCYZlgVQ/gQwugVqEDQKBM?= =?us-ascii?q?QGDKoJUAocPFweEVYEeijwIhVaCUIdEO4MfgigPhQCJIIZvgSUcggozGggbF?= =?us-ascii?q?TqCQwmCJRqDNIQIhmYnLI03AQE?= X-IronPort-AV: E=Sophos;i="5.48,436,1517875200"; d="scan'208";a="11900775" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from usat3cpa07.eemsg.mail.mil ([214.24.22.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Apr 2018 14:56:41 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;71f17ace-233e-4da9-9598-25c7e6c8fe89 Authentication-Results: USAT3CPA09.eemsg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 11071497|USAT3CPA09_EEMSG_MP24.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: None X-EEMSG-ORIG-IP: 209.132.183.28 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BiBgD2Hs5a/xy3hNFSAQkcAQEBBAEBCgEBgxcrYQNsKINiiAFejDSBU4EwinEnh0mBegsTEIcyITQYAQIBAQEBAQECbBwMhUxLOwUCJgJJJwKDNoFXD5gkjl6CHIhFgh+BCYZlgVQ/gQwugVqEDQKBMQGDKoJUAocPFweEVYEeijwIhVaCUIdEO4MfgigPhH8BiSCGb4ElHDiBUjMaCBsVOoJDCYVzhAiGZiMELI03AQE X-IPAS-Result: A0BiBgD2Hs5a/xy3hNFSAQkcAQEBBAEBCgEBgxcrYQNsKINiiAFejDSBU4EwinEnh0mBegsTEIcyITQYAQIBAQEBAQECbBwMhUxLOwUCJgJJJwKDNoFXD5gkjl6CHIhFgh+BCYZlgVQ/gQwugVqEDQKBMQGDKoJUAocPFweEVYEeijwIhVaCUIdEO4MfgigPhH8BiSCGb4ElHDiBUjMaCBsVOoJDCYVzhAiGZiMELI03AQE Received: from mx1.redhat.com ([209.132.183.28]) by USAT3CPA09.eemsg.mail.mil with ESMTP; 11 Apr 2018 14:56:01 +0000 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 14E0D40F3D for ; Wed, 11 Apr 2018 14:55:48 +0000 (UTC) Received: from [192.168.3.60] (ovpn-122-0.rdu2.redhat.com [10.10.122.0]) by smtp.corp.redhat.com (Postfix) with ESMTP id 990BF5C8AE; Wed, 11 Apr 2018 14:55:46 +0000 (UTC) X-EEMSG-check-009: 444-444 From: Paul Moore To: selinux@tycho.nsa.gov Date: Wed, 11 Apr 2018 10:55:08 -0400 Message-ID: <152345850876.8878.7608951240071788021.stgit@chester> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 11 Apr 2018 14:55:48 +0000 (UTC) Subject: [PATCH] selinux-testsuite: convert the README to markdown (README.md) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Paul Moore Also better integrate the InfiniBand instructions into the document. Signed-off-by: Paul Moore --- README | 191 ----------------------------------------------------- README.md | 220 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+), 191 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index e832f49..0000000 --- a/README +++ /dev/null @@ -1,191 +0,0 @@ -This directory contains the functional test suite for the LSM-based -SELinux security module. Please refer to the test report available in -doc/tests for complete documentation for this test suite. This -README only covers a subset of that report, specifically the sections -on running the tests and adding new tests. - -PREREQUISITES -------------- - -Kernel Configuration --------------------- -Your kernel should have been built with the configuration options -specified by the defconfig file in this directory to run this testsuite. -You can merge the provided defconfig file with your existing .config -file (or one generated via e.g. make localmodconfig or other commands) -using the kernel ./scripts/kconfig/merge_config.sh script as follows: - -cd linux -# Assumes that you have already created a .config file with your base config. -# If you don't have one, generate one using make localmodconfig or other -# suitable command. -./scripts/kconfig/merge_config.sh .config /path/to/selinux-testsuite/defconfig - -Some of the config options may not be set in the final config because -they are unnecessary based on your base config, e.g. you only need the -CONFIG_*_FS_SECURITY option to be enabled for the particular -filesystem type being used for the testing. - -Do not set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX; it is an -option for legacy distributions (Fedora 3 and 4). - -You should not enable any other security modules in your kernel -configuration unless you use the security= option to select a module -at boot time. Only one primary security module may be active at a -time. - -Userland and Base Policy ------------------------- -The testsuite has the following userspace dependencies on Fedora -or RHEL beyond a minimal install: -perl-Test # test harness used by the testsuite -perl-Test-Harness # test harness used by the testsuite -perl-Test-Simple # for Test::More -selinux-policy-devel # to build the test policy -gcc # to build the test programs -libselinux-devel # to build some of the test programs -net-tools # for ifconfig, used by capable_net/test -netlabel_tools # to load NetLabel configuration during inet_socket tests -iptables # to load iptables SECMARK rules during inet_socket tests -libibverbs-devel # to build ibpkey test program. - -yum install perl-Test perl-Test-Harness perl-Test-Simple selinux-policy-devel gcc libselinux-devel net-tools netlabel_tools iptables libibverbs-devel - -The testsuite requires a pre-existing base policy configuration of -SELinux, using either the old example policy or the reference policy -as the baseline. It also requires the core SELinux userland packages -(libsepol, checkpolicy, libselinux, policycoreutils, and if using -modular policy, libsemanage) to be installed. The test scripts also -rely upon the SELinux extensions being integrated into the coreutils -package, with support for the chcon and runcon commands as well as the -SELinux options to existing utilities such as ls and mkdir. - -If the base distribution does not include the SELinux userland, then -the source code for the core SELinux userland packages can be obtained from: -https://github.com/SELinuxProject/selinux/wiki/Releases - -If the base distribution does not include a policy configuration, then -the reference policy can be obtained from: -https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease - -RUNNING THE TESTS ------------------ -Create a shell with the unconfined_r or sysadm_r role and the Linux superuser -identity, e.g.: - newrole -r sysadm_r # -strict or -mls policy only - su - -Check whether the SELinux kernel is in enforcing mode by running -'getenforce'. If it is in permissive mode, toggle it into enforcing -mode by running 'setenforce 1'. - -Ensure that expand-check = 0 in /etc/selinux/semanage.conf; if not, -edit it accordingly. - -To run the test suite, you can just do a 'make test' from the top-level -directory or you can follow these broken-out steps: - -1) Load the test policy configuration as follows: - make -C policy load - -2) Build and run the test suite from the tests subdirectory as follows: - make -C tests test - -3) Unload the test policy configuration as follows: - make -C policy unload - -The broken-out steps allow you to run the tests multiple times without -loading policy each time. - -4) Review the test results. - -As each test script is run, the name of the script will be displayed -followed by a status. After running all of the test scripts, a -summary of the test results will be displayed. If all tests were -successful, something similar to the following summary will be -displayed (the specific numbers will vary): - -All tests successful. -Files=7, Tests=16, 2 wallclock secs ( 0.17 cusr + 0.12 csys = 0.29 CPU) - -Otherwise, if one or more tests failed, the script will report -statistics on the number of tests that succeeded and will include a -table summarizing which tests had failed. The output will be similar -to the following text, which shows that a total of three tests have -failed: - -Failed Test Status Wstat Total Fail Failed List of failed -------------------------------------------------------------------------------- -entrypoint/test 2 1 50.00% 1 -inherit/test 3 2 66.67% 1-2 -Failed 2/7 test scripts, 71.43% okay. 3/16 subtests failed, 81.25% okay. -make: *** [test] Error 255 - -You can also run individual test scripts by hand, e.g. running -./entrypoint/test, to see the raw output of the test script. This is -particularly useful if a particular test within a given script fails -in order to help identify the cause. When run by hand, the test -script displays the expected number of tests, a status for each test, -and any error messages from the test script or its helper programs. - -Please report any failures to the selinux@tycho.nsa.gov mailing list, -including a copy of the test summary output, the raw output from test -scripts that failed, a description of your base platform, and the -particular release of SELinux that you are using. - - -ADDING NEW TESTS ----------------- -The functional test suite is not yet complete, so we still need -additional tests to be written. See the GitHub issues tracker -for the list of tests that still need to be written, -https://github.com/SELinuxProject/selinux-testsuite/issues - -To add a new test, create a new test policy file and a new test -script. The new test policy file should be added to the -policy directory and should contain a set of test -domains and types specifically designed for the test. For the test -script, create a new subdirectory in the tests subdirectory, populate it -with at least a Makefile and a test perl script and add it to the -SUBDIRS definition in the Makefile file. - -The Makefile must contain 'all' and 'clean' targets, even if they are -empty, to support the build system. The test script must run with no -arguments and must comply with the perl automated test format. The -simplest way to comply with the Perl automated test format is to use -the Perl Test module. To do this, first include the following -statement at the top of the test Perl script: - use Test; - -Next, include a declaration that specifies how many tests the script -will run; the statement to include will be similar to: - BEGIN { plan tests => 2} # run two tests - -You can then use the 'ok' subroutine to print results - ok(1); # success - ok(0); # failure - ok(0,1); # failure, got '0', expected '1' - ok($results, 0); # success if $results == 0, failure otherwise - -Standard error is ignored. - -In general, the scripts need to know where they are located so that -they can avoid hard-coded paths. Use the following line of Perl to -establish a base directory (based on the path of the script -executable). This won't always be accurate, but will work for this -test harness/configuration. - $basedir = $0; $basedir =~ s|(.*)/[^/]*|$1|; - -INFINIBAND TESTS ----------------- -Because running Infiniband tests requires specialized hardware you must -set up a configuration file for these tests. The tests are disabled by -default. See comments in the configuration file for info. The endport -tests use smpquery, for Fedora it's provided by the infiniband-diags -package. - -Infiniband PKey test conf file: -tests/infiniband_pkey/ibpkey_test.conf - -Infiniband Endport test conf file: -tests/infiniband_endport/ibendport_test.conf diff --git a/README.md b/README.md new file mode 100644 index 0000000..c9f3b2b --- /dev/null +++ b/README.md @@ -0,0 +1,220 @@ +Basic SELinux Regression Test Suite for the Linux Kernel +=============================================================================== +https://github.com/SELinuxProject/selinux-testsuite + +This directory contains the functional test suite for the LSM-based SELinux +security module. Please refer to the test report available in `doc/tests` for +complete documentation for this test suite. This README only covers a subset +of that report, specifically the sections on running the tests and adding new +tests. + +## Prerequisites + +### Kernel Configuration + +Your kernel should have been built with the configuration options specified by +the `defconfig` file in this directory to run this testsuite. If you already +have a working kernel configuration you can merge the provided `defconfig` file +with your existing kernel `.config` file (or one generated via e.g. +`make localmodconfig` or other commands) using the kernel +`./scripts/kconfig/merge_config.sh` script as follows: + + # cd linux + # ./scripts/kconfig/merge_config.sh .config /path/to/selinux-testsuite/defconfig + +Some of the config options may not be set in the final config because they are +unnecessary based on your base config, e.g. you only need the +`CONFIG_*_FS_SECURITY` option to be enabled for the particular filesystem type +being used for the testing. + +Do not set `CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX`; it is an option for +legacy distributions (Fedora 3 and 4). + +You should not enable any other security modules in your kernel configuration +unless you use the `security=` option to select a module at boot time. Only +one primary security module may be active at a time. + +### Userland and Base Policy + +On a Fedora/RHEL based system the testsuite has the following userspace +dependencies beyond a minimal install (other Linux distributions should have +similar dependencies): + +* perl-Test _(test harness used by the testsuite)_ +* perl-Test-Harness _(test harness used by the testsuite)_ +* perl-Test-Simple _(for `Test::More`)_ +* selinux-policy-devel _(to build the test policy)_ +* gcc _(to build the test programs)_ +* libselinux-devel _(to build some of the test programs)_ +* net-tools _(for `ifconfig`, used by `capable_net/test`)_ +* netlabel\_tools _(to load NetLabel configuration during `inet_socket` tests)_ +* iptables _(to load the `iptables SECMARK` rules during `inet_socket` tests)_ + +On a modern Fedora system you can install these dependencies with the +following command: + + # dnf install perl-Test \ + perl-Test-Harness \ + perl-Test-Simple \ + selinux-policy-devel \ + gcc \ + libselinux-devel \ + net-tools \ + netlabel_tools \ + iptables + +The testsuite requires a pre-existing base policy configuration of SELinux, +using either the old example policy or the reference policy as the baseline. +It also requires the core SELinux userland packages (`libsepol`, `checkpolicy`, +`libselinux`, `policycoreutils`, and if using modular policy, `libsemanage`) +to be installed. The test scripts also rely upon the SELinux extensions being +integrated into the `coreutils` package, with support for the `chcon` and +`runcon` commands as well as the SELinux options to existing utilities such as +`ls` and `mkdir`. + +If the base distribution does not include the SELinux userland, then the +source code for the core SELinux userland packages can be obtained from: + +* https://github.com/SELinuxProject/selinux/wiki/Releases + +If the base distribution does not include a policy configuration, then +the reference policy can be obtained from: + +* https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease + +### Optional Prerequisites + +#### InfiniBand + +The InfiniBand tests require specialized hardware and are not enabled by +default. If you have InfiniBand hardware on your system and wish to enable +the InfiniBand tests you will need to install some additional packages, the +list below is for Fedora/RHEL but other Linux distributions should have +similar packages: + +* libibverbs-devel _(to build the `ibpkey` test program)_ +* infiniband-diags _(for `smpquery` used by `infiniband_endport/test`)_ + +On a modern Fedora system you can install these dependencies with the +following command: + + # dnf install libibverbs-devel infiniband-diags + +Once the necessary packages have been installed, the tests need to be enabled +and configured for your specific hardware configuration. The test +configuration files are below, and each includes comments to help configure +the tests: + + tests/infiniband_pkey/ibpkey_test.conf + tests/infiniband_endport/ibendport_test.conf + +## Running the Tests + +Create a shell with the `unconfined_r` or `sysadm_r` role and the Linux +superuser identity, e.g.: + + # newrole -r sysadm_r # -strict or -mls policy only + # su + +Check whether the SELinux kernel is in enforcing mode by running `getenforce`. +If it is in permissive mode, toggle it into enforcing mode by running +`setenforce 1`. + +Ensure that `expand-check = 0` in `/etc/selinux/semanage.conf`; if not, edit it +accordingly. + +To run the test suite, you can just do a `make test` from the top-level +directory or you can follow these broken-out steps: + +1) Load the test policy configuration as follows: + + `# make -C policy load` + +2) Build and run the test suite from the tests subdirectory as follows: + + `# make -C tests test` + +3) Unload the test policy configuration as follows: + + `# make -C policy unload` + +The broken-out steps allow you to run the tests multiple times without +loading policy each time. + +4) Review the test results. + +As each test script is run, the name of the script will be displayed followed +by a status. After running all of the test scripts, a summary of the test +results will be displayed. If all tests were successful, something similar to +the following summary will be displayed (the specific numbers will vary): + + All tests successful. + Files=7, Tests=16, 2 wallclock secs ( 0.17 cusr + 0.12 csys = 0.29 CPU) + +Otherwise, if one or more tests failed, the script will report statistics on +the number of tests that succeeded and will include a table summarizing which +tests had failed. The output will be similar to the following text, which +shows that a total of three tests have failed: + + Failed Test Status Wstat Total Fail Failed List of failed + ------------------------------------------------------------------------------- + entrypoint/test 2 1 50.00% 1 + inherit/test 3 2 66.67% 1-2 + Failed 2/7 test scripts, 71.43% okay. 3/16 subtests failed, 81.25% okay. + make: *** [test] Error 255 + +You can also run individual test scripts by hand, e.g. running +`./entrypoint/test`, to see the raw output of the test script. This is +particularly useful if a particular test within a given script fails in order +to help identify the cause. When run by hand, the test script displays the +expected number of tests, a status for each test, and any error messages from +the test script or its helper programs. + +Please report any failures to the selinux@tycho.nsa.gov mailing list, +including a copy of the test summary output, the raw output from test scripts +that failed, a description of your base platform, and the particular release +of SELinux that you are using. + +## Adding New Tests + +The functional test suite is not yet complete, so we still need additional +tests to be written. See the GitHub issues tracker for the list of tests that +still need to be written: + +* https://github.com/SELinuxProject/selinux-testsuite/issues + +To add a new test, create a new test policy file and a new test script. The +new test policy file should be added to the policy directory and should +contain a set of test domains and types specifically designed for the test. +For the test script, create a new subdirectory in the tests subdirectory, +populate it with at least a Makefile and a test perl script and add it to the +`SUBDIRS` definition in the Makefile file. + +The Makefile must contain 'all' and 'clean' targets, even if they are empty, +to support the build system. The test script must run with no arguments and +must comply with the perl automated test format. The simplest way to comply +with the Perl automated test format is to use the Perl Test module. To do +this, first include the following statement at the top of the test Perl script: + + use Test; + +Next, include a declaration that specifies how many tests the script will run; +the statement to include will be similar to: + + BEGIN { plan tests => 2} # run two tests + +You can then use the 'ok' subroutine to print results: + + ok(1); # success + ok(0); # failure + ok(0,1); # failure, got '0', expected '1' + ok($results, 0); # success if $results == 0, failure otherwise + +Standard error is ignored. + +In general, the scripts need to know where they are located so that they can +avoid hard-coded paths. Use the following line of Perl to establish a base +directory (based on the path of the script executable). This won't always be +accurate, but will work for this test harness/configuration. + + $basedir = $0; $basedir =~ s|(.*)/[^/]*|$1|;