| Message ID | 20200807132640.1787455-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [testsuite] travis: run the full testsuite on a Fedora VM | expand |
On Fri, Aug 7, 2020 at 9:27 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > This patch removes the old hackery to test-build the testsuite and > replaces it with scripts that run the full testsuite on a Fedora VM. The > scripts are based on William Roberts' work on SELinux userspace CI [1], > which does a similar thing. > > The CI currently uses a F32 VM image which comes with a 5.6.6 kernel. > Eventually we might want to run on a more recent kernel/userspace, but > even this is already a big improvement over the old CI approach. > > One downside is that with this patch we lose the test build against > refpolicy, but it shouldn't be too hard to add testing on a Debian VM > with refpolicy later on. > > [1] https://github.com/SELinuxProject/selinux/commit/562d6d15272420542bf65da328bc5300219fce76 > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Sounds good to me. Only question I have is whether it would be possible to use a Fedora rawhide VM instead of a fixed version like 32? I understand that may have some stability issues but it would get us more recent kernel, userspace, and policy for testing. On the Debian side, I'd recommend Debian unstable which despite the name is more stable I think than rawhide and is what I've used for getting the testsuite up and running on Debian. That exercises more of the tests than even Fedora rawhide does currently due to defining more classes/permissions.
On Fri, Aug 7, 2020 at 3:42 PM Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > On Fri, Aug 7, 2020 at 9:27 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > > This patch removes the old hackery to test-build the testsuite and > > replaces it with scripts that run the full testsuite on a Fedora VM. The > > scripts are based on William Roberts' work on SELinux userspace CI [1], > > which does a similar thing. > > > > The CI currently uses a F32 VM image which comes with a 5.6.6 kernel. > > Eventually we might want to run on a more recent kernel/userspace, but > > even this is already a big improvement over the old CI approach. > > > > One downside is that with this patch we lose the test build against > > refpolicy, but it shouldn't be too hard to add testing on a Debian VM > > with refpolicy later on. > > > > [1] https://github.com/SELinuxProject/selinux/commit/562d6d15272420542bf65da328bc5300219fce76 > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > Sounds good to me. Only question I have is whether it would be > possible to use a Fedora rawhide VM instead of a fixed version like > 32? > I understand that may have some stability issues but it would get us > more recent kernel, userspace, and policy for testing. I just posted a v2, which runs the testsuite on both: https://lore.kernel.org/selinux/20200811084555.105374-1-omosnace@redhat.com/T/ > On the Debian side, I'd recommend Debian unstable which despite the > name is more stable I think than rawhide and is what I've used for > getting the testsuite up and running on Debian. That exercises more > of the tests than even Fedora rawhide does currently due to defining > more classes/permissions. Yes, it would definitely improve coverage, but I'd rather pass that baton to someone else at this point.
On Tue, Aug 11, 2020 at 4:59 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > On Fri, Aug 7, 2020 at 3:42 PM Stephen Smalley > <stephen.smalley.work@gmail.com> wrote: > > On Fri, Aug 7, 2020 at 9:27 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > > > > This patch removes the old hackery to test-build the testsuite and > > > replaces it with scripts that run the full testsuite on a Fedora VM. The > > > scripts are based on William Roberts' work on SELinux userspace CI [1], > > > which does a similar thing. > > > > > > The CI currently uses a F32 VM image which comes with a 5.6.6 kernel. > > > Eventually we might want to run on a more recent kernel/userspace, but > > > even this is already a big improvement over the old CI approach. > > > > > > One downside is that with this patch we lose the test build against > > > refpolicy, but it shouldn't be too hard to add testing on a Debian VM > > > with refpolicy later on. > > > > > > [1] https://github.com/SELinuxProject/selinux/commit/562d6d15272420542bf65da328bc5300219fce76 > > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > > > Sounds good to me. Only question I have is whether it would be > > possible to use a Fedora rawhide VM instead of a fixed version like > > 32? > > I understand that may have some stability issues but it would get us > > more recent kernel, userspace, and policy for testing. > > I just posted a v2, which runs the testsuite on both: > https://lore.kernel.org/selinux/20200811084555.105374-1-omosnace@redhat.com/T/ Thank you. While Fedora, and RH, likely care most about the latest stable Fedora release, the Rawhide results are the most interesting from an upstream perspective. > > On the Debian side, I'd recommend Debian unstable which despite the > > name is more stable I think than rawhide and is what I've used for > > getting the testsuite up and running on Debian. That exercises more > > of the tests than even Fedora rawhide does currently due to defining > > more classes/permissions. > > Yes, it would definitely improve coverage, but I'd rather pass that > baton to someone else at this point. I've mentioned this before and I feel like this is a good time to stress this point again - I think it is very important to work on becoming less Fedora/RH centric. I recognize that this might be a bit of a learning curve for most of us as we try to get up to speed with different distros and packaging formats (the latter is a pain point I'm currently working through with Debian's dpkg), but I think this is an important part of helping to increase SELinux adoption.
On Tue, Aug 11, 2020 at 5:18 PM Paul Moore <paul@paul-moore.com> wrote: > On Tue, Aug 11, 2020 at 4:59 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > On Fri, Aug 7, 2020 at 3:42 PM Stephen Smalley > > <stephen.smalley.work@gmail.com> wrote: > > > On the Debian side, I'd recommend Debian unstable which despite the > > > name is more stable I think than rawhide and is what I've used for > > > getting the testsuite up and running on Debian. That exercises more > > > of the tests than even Fedora rawhide does currently due to defining > > > more classes/permissions. > > > > Yes, it would definitely improve coverage, but I'd rather pass that > > baton to someone else at this point. > > I've mentioned this before and I feel like this is a good time to > stress this point again - I think it is very important to work on > becoming less Fedora/RH centric. I recognize that this might be a bit > of a learning curve for most of us as we try to get up to speed with > different distros and packaging formats (the latter is a pain point > I'm currently working through with Debian's dpkg), but I think this is > an important part of helping to increase SELinux adoption. It's not really about Fedora vs. Debian - it's just that Fedora recently became a low-hanging fruit thanks to Bill's userspace scripts and the existing testsuite CI got broken recently by Travis/GCE kernel upgrade and instead of throwing more kludges on it I wanted to go one step further and switch it over to the KVM approach. My plan was to just get something working quickly so I don't need to hold off on merging patches nor tolerate broken CI. I assure you, if Bill did the userspace scripts for Debian, I would just copy that and put Fedora on the backlog ;) Anyway, if no one picks this up, I most likely eventually will. I just wanted to make it clear that this is not on my immediate TODO list and in case someone would like to pick it up, they are encouraged to do so and won't conflict with my attempts. I'd like to see it happen as much as you do, but right now I need to catch up with other work so this will have to wait a bit. -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.
On Wed, Aug 12, 2020 at 4:58 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > On Tue, Aug 11, 2020 at 5:18 PM Paul Moore <paul@paul-moore.com> wrote: > > On Tue, Aug 11, 2020 at 4:59 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > On Fri, Aug 7, 2020 at 3:42 PM Stephen Smalley > > > <stephen.smalley.work@gmail.com> wrote: > > > > On the Debian side, I'd recommend Debian unstable which despite the > > > > name is more stable I think than rawhide and is what I've used for > > > > getting the testsuite up and running on Debian. That exercises more > > > > of the tests than even Fedora rawhide does currently due to defining > > > > more classes/permissions. > > > > > > Yes, it would definitely improve coverage, but I'd rather pass that > > > baton to someone else at this point. > > > > I've mentioned this before and I feel like this is a good time to > > stress this point again - I think it is very important to work on > > becoming less Fedora/RH centric. I recognize that this might be a bit > > of a learning curve for most of us as we try to get up to speed with > > different distros and packaging formats (the latter is a pain point > > I'm currently working through with Debian's dpkg), but I think this is > > an important part of helping to increase SELinux adoption. > > It's not really about Fedora vs. Debian ... The point I wanted was that it shouldn't be Fedora vs Debian (or any "distro A" vs "distro B" for that matter); we should be working towards supporting all the major distros equally well. I'm under no illusion that this is going to happen overnight, but I think it is something we should keep in mind as we move forward. Individual developers are always going to have a favorite distro (and many of the developers here are paid to support a given distro - I don't want to threaten anyone's livelihood), so I recognize some distros may always get the new features first - and that's okay - but let's not forget the other distros too :) > Anyway, if no one picks this up, I most likely eventually will. I just > wanted to make it clear that this is not on my immediate TODO list and > in case someone would like to pick it up, they are encouraged to do so > and won't conflict with my attempts. I'd like to see it happen as much > as you do, but right now I need to catch up with other work so this > will have to wait a bit. Thanks.
diff --git a/.travis.yml b/.travis.yml index ae08c66..3cc5e03 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,30 +2,20 @@ language: c dist: bionic +env: FEDORA_MAJOR="32" FEDORA_MINOR="1.6" + addons: apt: packages: - astyle - - libselinux1-dev - - libsctp-dev - - libaudit-dev - - libcap-dev - - libdbus-glib-1-dev - - xmlto - - xfslibs-dev - - uuid-dev - -cache: - directories: - - selinux-policy - - container-selinux - - refpolicy + - qemu-kvm + - libvirt-bin + - virtinst + - bridge-utils + - libguestfs-tools + - cpu-checker before_install: - # install headers for module_load test - - sudo apt-get install linux-headers-$(uname -r) - - export LIBRARY_PATH=/usr/local/lib - - export LD_LIBRARY_PATH=/usr/local/lib # FYI: known good with HEAD at 8551fc60fc515cd290ba38ee8c758c1f4df52b56 - git clone https://github.com/perltidy/perltidy.git perltidy - | @@ -33,37 +23,14 @@ before_install: perl Makefile.PL && make PREFIX=/usr/local && sudo make install PREFIX=/usr/local) - # install libbpf from sources - - git clone https://github.com/libbpf/libbpf - - (cd libbpf/src && make PREFIX=/usr/local) - - (cd libbpf/src && sudo make install PREFIX=/usr/local) - # install keyutils from sources - - git clone https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git - - KEYUTILS_OPTS="" - - KEYUTILS_OPTS+="BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin " - - KEYUTILS_OPTS+="LIBDIR=/usr/local/lib USRLIBDIR=/usr/local/lib " - - KEYUTILS_OPTS+="INCLUDEDIR=/usr/local/include " - - KEYUTILS_OPTS+="SHAREDIR=/usr/local/share/keyutils MANDIR=/usr/local/share/man" - - (cd keyutils && make $KEYUTILS_OPTS) - - (cd keyutils && sudo make install $KEYUTILS_OPTS) - # install SELinux userspace from source - - git clone https://github.com/SELinuxProject/selinux - - (cd selinux && sudo make install PREFIX=/usr/local SHLIBDIR=/usr/local/lib) - # install Fedora policy and refpolicy - - bash travis-ci/setup-policy-fedora.sh - - bash travis-ci/setup-policy-refpolicy.sh - # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs) - - mkdir -p /tmp/fake-selinuxfs/policy_capabilities - - echo 1 > /tmp/fake-selinuxfs/policy_capabilities/extended_socket_class - - mkdir -p /tmp/fake-selinuxfs/initial_contexts - - echo system_u:system_r:kernel_t:s0 > /tmp/fake-selinuxfs/initial_contexts/kernel - - echo 999 >/tmp/fake-selinuxfs/policyvers + - sudo usermod -a -G kvm,libvirt,libvirt-qemu "$USER" + # Verify that KVM is working, useful if Travis ever changes anything. + - kvm-ok + - sudo systemctl enable libvirtd + - sudo systemctl start libvirtd + # Set up a key so we can ssh into the VM + - ssh-keygen -N "" -f "$HOME/.ssh/id_rsa" script: - tools/check-syntax -f && git diff --exit-code - - | - bash travis-ci/enable-policy.sh targeted && - make SELINUXFS=/tmp/fake-selinuxfs PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted - - | - bash travis-ci/enable-policy.sh refpolicy && - make SELINUXFS=/tmp/fake-selinuxfs PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy + - bash travis-ci/run-kvm-test.sh travis-ci/run-testsuite.sh diff --git a/travis-ci/LICENSE b/travis-ci/LICENSE new file mode 100644 index 0000000..1f95d26 --- /dev/null +++ b/travis-ci/LICENSE @@ -0,0 +1,5 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/travis-ci/enable-policy.sh b/travis-ci/enable-policy.sh deleted file mode 100644 index ae53fbe..0000000 --- a/travis-ci/enable-policy.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -e - -# create a dummy /etc/selinux/config -sudo mkdir -p /etc/selinux -sudo tee /etc/selinux/config >/dev/null <<EOF -SELINUX=disabled -SELINUXTYPE=$1 -EOF diff --git a/travis-ci/run-kvm-test.sh b/travis-ci/run-kvm-test.sh new file mode 100755 index 0000000..614de6b --- /dev/null +++ b/travis-ci/run-kvm-test.sh @@ -0,0 +1,122 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: MIT + +# Based on SELinux userspace CI scripts from: +# https://github.com/SELinuxProject/selinux + +set -ex + +TEST_RUNNER="$1" + +if [ -z "$TEST_RUNNER" ]; then + echo "$0: expected script to be run on the command line!" 1>&2 + exit 1 +fi + +# +# Variables for controlling the Fedora Image version and download URLs. +# +if [ -z "$FEDORA_MAJOR" ] || [ -z "$FEDORA_MINOR" ]; then + echo "$0: FEDORA_MAJOR and FEDORA_MINOR must be set!" 1>&2 + exit 1 +fi + +BASE_URL="https://download.fedoraproject.org/pub/fedora/linux/releases" +IMAGE_BASE_NAME="Fedora-Cloud-Base-$FEDORA_MAJOR-$FEDORA_MINOR.x86_64" +IMAGE_URL="$BASE_URL/$FEDORA_MAJOR/Cloud/x86_64/images/$IMAGE_BASE_NAME.raw.xz" +CHECK_URL="$BASE_URL/$FEDORA_MAJOR/Cloud/x86_64/images/Fedora-Cloud-$FEDORA_MAJOR-$FEDORA_MINOR-x86_64-CHECKSUM" +GPG_URL="https://getfedora.org/static/fedora.gpg" + +# +# Travis gives us 7.5GB of RAM and two cores: +# https://docs.travis-ci.com/user/reference/overview/ +# +MEMORY=4096 +VCPUS="$(nproc)" + +# +# Get the Fedora Cloud Image, It is a base image that small and ready to go, extract it and modify it with virt-sysprep +# - https://alt.fedoraproject.org/en/verify.html +cd "$HOME" +wget "$IMAGE_URL" + +# Verify the image +curl "$GPG_URL" | gpg --import +wget "$CHECK_URL" +gpg --verify-files ./*-CHECKSUM +sha256sum --ignore-missing -c ./*-CHECKSUM + +# Extract the image +unxz -T0 "$IMAGE_BASE_NAME.raw.xz" + +# Search is needed for $HOME so virt service can access the image file. +chmod a+x "$HOME" + +# +# Modify the virtual image to: +# - Enable a login, we just use root +# - Enable passwordless login +# - Force a relabel to fix labels on ssh keys +# +sudo virt-sysprep -a "$IMAGE_BASE_NAME.raw" \ + --root-password password:123456 \ + --hostname fedoravm \ + --append-line '/etc/ssh/sshd_config:PermitRootLogin yes' \ + --append-line '/etc/ssh/sshd_config:PubkeyAuthentication yes' \ + --mkdir /root/.ssh \ + --upload "$HOME/.ssh/id_rsa.pub:/root/.ssh/authorized_keys" \ + --chmod '0600:/root/.ssh/authorized_keys' \ + --run-command 'chown root:root /root/.ssh/authorized_keys' \ + --copy-in "$TRAVIS_BUILD_DIR:/root" \ + --network \ + --selinux-relabel + +# +# Now we create a domain by using virt-install. This not only creates the domain, but runs the VM as well +# It should be ready to go for ssh, once ssh starts. +# +sudo virt-install \ + --name fedoravm \ + --memory $MEMORY \ + --vcpus $VCPUS \ + --disk "$IMAGE_BASE_NAME.raw" \ + --import --noautoconsole + +# +# Here comes the tricky part, we have to figure out when the VM comes up AND we need the ip address for ssh. So we +# can check the net-dhcp leases, for our host. We have to poll, and we will poll for up to 3 minutes in 6 second +# intervals, so 30 poll attempts (0-29 inclusive). +# +# We have a full reboot + relabel, so first sleep gets us close +# +sleep 30 +for i in $(seq 0 29); do + echo "loop $i" + sleep 6s + # Get the leases, but tee it so it's easier to debug + sudo virsh net-dhcp-leases default | tee dhcp-leases.txt + + # get our ipaddress + ipaddy="$(grep fedoravm dhcp-leases.txt | awk '{print $5}' | cut -d'/' -f 1-1)" + if [ -n "$ipaddy" ]; then + # found it, we're done looking, print it for debug logs + echo "ipaddy: $ipaddy" + break + fi + # it's empty/not found, loop back and try again. +done + +# Did we find it? If not die. +if [ -z "$ipaddy" ]; then + echo "$0: ipaddy zero length, exiting with error 1" 1>&2 + exit 1 +fi + +# +# Great we have a host running, ssh into it. We specify -o so +# we don't get blocked on asking to add the servers key to +# our known_hosts. Also, we need to forward the project directory +# so forks know where to go. +# +project_dir="$(basename "$TRAVIS_BUILD_DIR")" +ssh -tt -o StrictHostKeyChecking=no -o LogLevel=QUIET "root@$ipaddy" "SELINUX_DIR=/root/$project_dir /root/$project_dir/$TEST_RUNNER" diff --git a/travis-ci/run-testsuite.sh b/travis-ci/run-testsuite.sh new file mode 100755 index 0000000..7c2c560 --- /dev/null +++ b/travis-ci/run-testsuite.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: MIT + +# Based on SELinux userspace CI scripts from: +# https://github.com/SELinuxProject/selinux + +set -ex + +# CI Debug output if things go squirrely. +getenforce +id -Z +nproc +pwd + +# Turn off enforcing for the setup to prevent any weirdness from breaking +# the CI. +setenforce 0 + +dnf clean all -y +dnf install -y \ + --allowerasing \ + --skip-broken \ + make \ + perl-Test \ + perl-Test-Harness \ + perl-Test-Simple \ + selinux-policy-devel \ + gcc \ + libselinux-devel \ + net-tools \ + netlabel_tools \ + iptables \ + lksctp-tools-devel \ + attr \ + libbpf-devel \ + keyutils-libs-devel \ + quota \ + xfsprogs-devel \ + libuuid-devel \ + kernel-devel-"$(uname -r)" \ + kernel-modules-"$(uname -r)" + +# +# Get the selinux testsuite, but don't clone it in selinux git directory, move to $HOME +# first. +# +cd "$HOME/selinux-testsuite" + +# The testsuite must be run in enforcing mode +setenforce 1 + +# +# Run the test suite +# +make test diff --git a/travis-ci/setup-policy-fedora.sh b/travis-ci/setup-policy-fedora.sh deleted file mode 100644 index a07c990..0000000 --- a/travis-ci/setup-policy-fedora.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -set -ex - -if ! [ -d selinux-policy/.git ]; then - git clone --recursive https://github.com/fedora-selinux/selinux-policy -else - git -C selinux-policy fetch origin - git -C selinux-policy/policy/modules/contrib fetch origin -fi -git -C selinux-policy checkout origin/rawhide -git -C selinux-policy/policy/modules/contrib checkout origin/rawhide - -if ! [ -d container-selinux/.git ]; then - git clone https://github.com/containers/container-selinux.git - for f in container.if container.te; do - ln -s ../../../../container-selinux/$f \ - selinux-policy/policy/modules/contrib/$f - done -else - git -C container-selinux fetch origin -fi -git -C container-selinux checkout origin/master - -cd selinux-policy - -grep -q refpolicy build.conf && sed -i 's/refpolicy/targeted/' build.conf - -make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin -sudo make install install-headers - -# workaround for different Makefile location in Fedora RPMs -sudo ln -s include/Makefile /usr/share/selinux/targeted/Makefile diff --git a/travis-ci/setup-policy-refpolicy.sh b/travis-ci/setup-policy-refpolicy.sh deleted file mode 100644 index d63e7e4..0000000 --- a/travis-ci/setup-policy-refpolicy.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -ex - -if ! [ -d refpolicy/.git ]; then - git clone https://github.com/SELinuxProject/refpolicy -else - git -C refpolicy fetch origin -fi - -cd refpolicy - -git checkout origin/master - -make conf - -make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin -sudo make install install-headers - -# workaround for different Makefile location in Fedora RPMs -sudo ln -s include/Makefile /usr/share/selinux/refpolicy/Makefile
This patch removes the old hackery to test-build the testsuite and replaces it with scripts that run the full testsuite on a Fedora VM. The scripts are based on William Roberts' work on SELinux userspace CI [1], which does a similar thing. The CI currently uses a F32 VM image which comes with a 5.6.6 kernel. Eventually we might want to run on a more recent kernel/userspace, but even this is already a big improvement over the old CI approach. One downside is that with this patch we lose the test build against refpolicy, but it shouldn't be too hard to add testing on a Debian VM with refpolicy later on. [1] https://github.com/SELinuxProject/selinux/commit/562d6d15272420542bf65da328bc5300219fce76 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- .travis.yml | 65 ++++----------- travis-ci/LICENSE | 5 ++ travis-ci/enable-policy.sh | 10 --- travis-ci/run-kvm-test.sh | 122 ++++++++++++++++++++++++++++ travis-ci/run-testsuite.sh | 55 +++++++++++++ travis-ci/setup-policy-fedora.sh | 33 -------- travis-ci/setup-policy-refpolicy.sh | 21 ----- 7 files changed, 198 insertions(+), 113 deletions(-) create mode 100644 travis-ci/LICENSE delete mode 100644 travis-ci/enable-policy.sh create mode 100755 travis-ci/run-kvm-test.sh create mode 100755 travis-ci/run-testsuite.sh delete mode 100644 travis-ci/setup-policy-fedora.sh delete mode 100644 travis-ci/setup-policy-refpolicy.sh