All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] selinux-testsuite: README: Update kernel config requirements
@ 2017-09-29 15:51 Stephen Smalley
  0 siblings, 0 replies; only message in thread
From: Stephen Smalley @ 2017-09-29 15:51 UTC (permalink / raw)
  To: selinux; +Cc: paul, Stephen Smalley

Add several config options that are required by the inet_socket,
netlink_socket, and overlay tests.  Note that these are not required
for basic SELinux operation itself but merely to test the corresponding
functionality.

Discovered these undocumented dependencies upon running selinux-testsuite
after running make localmodconfig and then re-adding the already documented
config options to my config; these three tests had failures due to
the missing config options.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 README | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/README b/README
index de50eb4..da51dd4 100644
--- a/README
+++ b/README
@@ -19,11 +19,18 @@ CONFIG_INET=y
 CONFIG_IPV6=y
 CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_SELINUX=y
+
+# For testing of labeled IPSEC, NetLabel, and SECMARK functionality.
+# Not strictly required for basic SELinux operation.
+CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_NETLABEL=y
 CONFIG_IP_NF_SECURITY=m
 CONFIG_INET_XFRM_MODE_TRANSPORT=m
+CONFIG_INET_AH=m
+CONFIG_INET6_XFRM_MODE_TRANSPORT=m
+CONFIG_INET6_AH=m
+CONFIG_CRYPTO_SHA1=m # used for testing, could be updated if desired
 CONFIG_NETWORK_SECMARK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
@@ -47,6 +54,18 @@ CONFIG_IP_SCTP=m
 CONFIG_BT=m
 CONFIG_CRYPTO_USER_API=m
 
+# Netlink protocol implementations.
+# These are enabled to test the netlink socket controls in
+# tests/netlink_socket; they are not required for SELinux operation itself.
+CONFIG_SCSI_FC_ATTRS=m # selects CONFIG_SCSI_NETLINK
+CONFIG_NETFILTER_NETLINK=m
+CONFIG_CRYPTO_USER=m
+
+# Overlay fs.
+# This is enabled to test overlayfs SELinux integration.
+# It is not required for SELinux operation itself.
+CONFIG_OVERLAY_FS=m
+
 Do not set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX; it is an
 option for legacy distributions (Fedora 3 and 4).
 
-- 
2.9.5

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2017-09-29 15:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-29 15:51 [PATCH] selinux-testsuite: README: Update kernel config requirements Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.