[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packaging ltp selinux tests

On Mon, Apr 06, 2009 at 10:13:39PM -0000, Jiri Palecek wrote:
> I'd like to package the selinux tests from the ltp test suite. The tests  
> need a special selinux policy to be loaded and some files to be relabeled.  
> I haven't found any standard way of packaging this, so I made an  
> experimental package (see [1]; it sort of works - not completely, like 10 tests out of 30, but that's not an issue now) and I would like to hear your opinion on these issues:

> 1. The package loads the policy on "postinst configure" with semodule -i, is that right? (And did I implement it properly in the scripts?) There were some avc message during package install (semodule was denied access to a terminal with type apt_t), can this be solved?

As long as it fails gracefully is semodule binary is missing or selinux isn't enabled.

> 2. The relabeling has to be done manually with fixfiles relabel; is there a way to do it  (and should it be done) automatically?

> 3. The runtime packages depend on selinux-policy-default; should it (alternatively) depend on the other policies too? Would this need a separate policy package?

> 4. Should the policy package be in /usr/share?

I didn't hear any comments for one month on debian-devel, perhaps our selinux masters
Russell or Manoj have a word to say? If there still isn't any opinion, I will work
on sponsoring the ltp package with selinux tests on weekend.


> [1]: http://mentors.debian.net/debian/pool/main/l/ltp/

Reply to: