Re: Packaging ltp selinux tests
On Mon, Apr 06, 2009 at 10:13:39PM -0000, Jiri Palecek wrote:
> I'd like to package the selinux tests from the ltp test suite. The tests
> need a special selinux policy to be loaded and some files to be relabeled.
> I haven't found any standard way of packaging this, so I made an
> experimental package (see [1]; it sort of works - not completely, like 10 tests out of 30, but that's not an issue now) and I would like to hear your opinion on these issues:
> 1. The package loads the policy on "postinst configure" with semodule -i, is that right? (And did I implement it properly in the scripts?) There were some avc message during package install (semodule was denied access to a terminal with type apt_t), can this be solved?
As long as it fails gracefully is semodule binary is missing or selinux isn't enabled.
> 2. The relabeling has to be done manually with fixfiles relabel; is there a way to do it (and should it be done) automatically?
> 3. The runtime packages depend on selinux-policy-default; should it (alternatively) depend on the other policies too? Would this need a separate policy package?
> 4. Should the policy package be in /usr/share?
I didn't hear any comments for one month on debian-devel, perhaps our selinux masters
Russell or Manoj have a word to say? If there still isn't any opinion, I will work
on sponsoring the ltp package with selinux tests on weekend.
Cheers,
Riku
> [1]: http://mentors.debian.net/debian/pool/main/l/ltp/
Reply to: