diff mbox series

[testsuite,2/4] travis: add missing node to fake selinuxfs

Message ID 20200623123702.401338-3-omosnace@redhat.com (mailing list archive)
State Accepted
Headers show
Series Various CI-related testsuite fixes | expand

Commit Message

Ondrej Mosnacek June 23, 2020, 12:37 p.m. UTC 
Since commit e95fe9503816 ("Add tests for default_range glblub") we look
at $(SELINUXFS)/initial_contexts/kernel to determine the type of the
policy. However, this node is not provided by the fake selinuxfs created
by our CI scripts, leading to non-fatal errors like this:

[...]
make[1]: Entering directory '/home/travis/build/WOnder93/selinux-testsuite/policy'
cat: /tmp/fake-selinuxfs/initial_contexts/kernel: No such file or directory
[...]

Create that node and fill it with the ussual kernel context to silence
the errors.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

Comments

Stephen Smalley June 23, 2020, 1:13 p.m. UTC | #1 
On Tue, Jun 23, 2020 at 8:37 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> Since commit e95fe9503816 ("Add tests for default_range glblub") we look
> at $(SELINUXFS)/initial_contexts/kernel to determine the type of the
> policy. However, this node is not provided by the fake selinuxfs created
> by our CI scripts, leading to non-fatal errors like this:
>
> [...]
> make[1]: Entering directory '/home/travis/build/WOnder93/selinux-testsuite/policy'
> cat: /tmp/fake-selinuxfs/initial_contexts/kernel: No such file or directory
> [...]
>
> Create that node and fill it with the ussual kernel context to silence
> the errors.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

Not objecting to fixing this but wondered if you had considered
extending the .travis.yml to actually run the testsuite in a
SELinux-enabled VM as per the selinux .travis.yml.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Ondrej Mosnacek June 23, 2020, 1:28 p.m. UTC | #2 
On Tue, Jun 23, 2020 at 3:13 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
> On Tue, Jun 23, 2020 at 8:37 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > Since commit e95fe9503816 ("Add tests for default_range glblub") we look
> > at $(SELINUXFS)/initial_contexts/kernel to determine the type of the
> > policy. However, this node is not provided by the fake selinuxfs created
> > by our CI scripts, leading to non-fatal errors like this:
> >
> > [...]
> > make[1]: Entering directory '/home/travis/build/WOnder93/selinux-testsuite/policy'
> > cat: /tmp/fake-selinuxfs/initial_contexts/kernel: No such file or directory
> > [...]
> >
> > Create that node and fill it with the ussual kernel context to silence
> > the errors.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
>
> Not objecting to fixing this but wondered if you had considered
> extending the .travis.yml to actually run the testsuite in a
> SELinux-enabled VM as per the selinux .travis.yml.

Maybe eventually, but for now I wanted to at least fix what we have now,
Stephen Smalley June 23, 2020, 3:42 p.m. UTC | #3 
On Tue, Jun 23, 2020 at 9:29 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> On Tue, Jun 23, 2020 at 3:13 PM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> > On Tue, Jun 23, 2020 at 8:37 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> > >
> > > Since commit e95fe9503816 ("Add tests for default_range glblub") we look
> > > at $(SELINUXFS)/initial_contexts/kernel to determine the type of the
> > > policy. However, this node is not provided by the fake selinuxfs created
> > > by our CI scripts, leading to non-fatal errors like this:
> > >
> > > [...]
> > > make[1]: Entering directory '/home/travis/build/WOnder93/selinux-testsuite/policy'
> > > cat: /tmp/fake-selinuxfs/initial_contexts/kernel: No such file or directory
> > > [...]
> > >
> > > Create that node and fill it with the ussual kernel context to silence
> > > the errors.
> > >
> > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> >
> > Not objecting to fixing this but wondered if you had considered
> > extending the .travis.yml to actually run the testsuite in a
> > SELinux-enabled VM as per the selinux .travis.yml.
>
> Maybe eventually, but for now I wanted to at least fix what we have now,

Sure, no problem.  In an ideal world, we'd even run it on a Debian
and/or Ubuntu SELinux-enabled VM too as part of travis-ci (following
the README.md instructions and if on Ubuntu ignoring the two
kernel-config-induced failures) but that would require an extra
relabeling and reboot step to get the VM into a SELinux enabled state.
diff mbox series

Patch

diff --git a/.travis.yml b/.travis.yml
index 18ab6b9..ae08c66 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -55,6 +55,8 @@  before_install:
   # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
   - mkdir -p /tmp/fake-selinuxfs/policy_capabilities
   - echo 1 > /tmp/fake-selinuxfs/policy_capabilities/extended_socket_class
+  - mkdir -p /tmp/fake-selinuxfs/initial_contexts
+  - echo system_u:system_r:kernel_t:s0 > /tmp/fake-selinuxfs/initial_contexts/kernel
   - echo 999 >/tmp/fake-selinuxfs/policyvers
 
 script: