[Buildroot] [PATCH 0/7] SELinux tests

[Buildroot] [PATCH 0/7] SELinux tests

[Antoine Tenart]

Hello,

This series adds SELinux tests to Buildroot. The tests are divided into
two categories:

- Runtime tests to check SELinux functionalities at runtime on a system
  generated with Buildroot. Those tests are defined in:
  support/testing/tests/boot/test_selinux.py

- Core tests to ensure in-Buildroot SELinux facilities are working as
  expected. Those tests are defined in:
  support/testing/tests/core/test_selinux.py

This isn't a v2, but the two runtime tests were also sent in a previous
series. Since this series I removed the specific SELinux defconfig as it
would have been there only for demoing a software functionality. And if
users want information on what to select to have an SELinux ready image,
there is now a documentation section about SELinux.

Thanks!
Antoine

Antoine Tenart (7):
  support/testing: add an SELinuxSystemdExt4 test
  support/testing: add an SELinuxSystemdSquashfs test
  support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES
  support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES_DIRS
  support/testing: add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT
  support/testing: add tests for the packages SELinux functionalities
  DEVELOPERS: update my watchlist

 DEVELOPERS                                    |  7 ++
 support/testing/tests/boot/test_selinux.py    | 71 ++++++++++++++++
 .../boot/test_selinux/linux-squashfs.fragment |  1 +
 support/testing/tests/core/test_selinux.py    | 82 +++++++++++++++++++
 .../core/test_selinux/br2_external/Config.in  |  1 +
 .../test_selinux/br2_external/external.desc   |  1 +
 .../test_selinux/br2_external/external.mk     |  1 +
 .../package/selinux-test/Config.in            |  6 ++
 .../package/selinux-test/selinux-test.mk      |  9 ++
 .../package/selinux-test/selinux/buildroot.fc |  0
 .../package/selinux-test/selinux/buildroot.if |  1 +
 .../package/selinux-test/selinux/buildroot.te |  3 +
 .../test_selinux/extra_modules/buildroot.fc   |  0
 .../test_selinux/extra_modules/buildroot.if   |  1 +
 .../test_selinux/extra_modules/buildroot.te   |  3 +
 15 files changed, 187 insertions(+)
 create mode 100644 support/testing/tests/boot/test_selinux.py
 create mode 100644 support/testing/tests/boot/test_selinux/linux-squashfs.fragment
 create mode 100644 support/testing/tests/core/test_selinux.py
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/Config.in
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.desc
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.mk
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te
 create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.fc
 create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.if
 create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.te

-- 
2.26.2

[Buildroot] [PATCH 1/7] support/testing: add an SELinuxSystemdExt4 test

[Antoine Tenart]

This adds a test called 'SELinuxSystemdExt4'. This test will build an
SELinux enabled image with systemd, boot it, and perform a few runtime
tests to check SELinux related capabilities.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 support/testing/tests/boot/test_selinux.py | 59 ++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 support/testing/tests/boot/test_selinux.py

diff --git a/support/testing/tests/boot/test_selinux.py b/support/testing/tests/boot/test_selinux.py
new file mode 100644
index 000000000000..b7e15655e7eb
--- /dev/null
+++ b/support/testing/tests/boot/test_selinux.py
@@ -0,0 +1,59 @@
+import os
+
+import infra.basetest
+
+
+class TestSELinuxSystemd(infra.basetest.BRTest):
+    config = """
+             BR2_x86_64=y
+             BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
+             BR2_INIT_SYSTEMD=y
+             BR2_LINUX_KERNEL=y
+             BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+             BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.8.12"
+             BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+             BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"
+             BR2_PACKAGE_LIBSELINUX=y
+             BR2_PACKAGE_REFPOLICY=y
+             """
+
+    def wait_boot(self):
+        # The complete boot with systemd takes more time than what the default multipler permits
+        self.emulator.timeout_multiplier *= 10
+        self.emulator.login()
+
+    def run_tests(self, fstype):
+        kernel = os.path.join(self.builddir, "images", "bzImage")
+        rootfs = os.path.join(self.builddir, "images", "rootfs.{}".format(fstype))
+
+        self.emulator.boot(arch="x86_64", kernel=kernel,
+                           kernel_cmdline=["root=/dev/vda", "rootfstype={}".format(fstype),
+                                           "console=ttyS0", "security=selinux"],
+                           options=["-drive", "file={},if=virtio,format=raw".format(rootfs)])
+        self.wait_boot()
+
+        # Test the reported SELinux mode.
+        out, ret = self.emulator.run("getenforce")
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[0], "Permissive")
+
+        # Check the extended arguments are correctly set.
+        out, ret = self.emulator.run("ls -dZ /")
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[0].split()[0], "system_u:object_r:root_t")
+
+        # Check init's attributes.
+        out, ret = self.emulator.run("cat /proc/1/attr/current")
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[0], "system_u:system_r:init_t\0")
+
+class TestSELinuxSystemdExt4(TestSELinuxSystemd):
+    config = TestSELinuxSystemd.config + \
+            """
+            BR2_TARGET_ROOTFS_EXT2=y
+            BR2_TARGET_ROOTFS_EXT2_4=y
+            BR2_TARGET_ROOTFS_EXT2_SIZE="100M"
+            """
+
+    def test_run(self):
+        self.run_tests("ext4")
-- 
2.26.2

[Buildroot] [PATCH 2/7] support/testing: add an SELinuxSystemdSquashfs test

[Antoine Tenart]

Add a test called 'SELinuxSystemdSquashfs' which will perform the same
tests as the Ext4 version, but using a Squashfs filesystem. Thanks to
this, we'll have a test on a real only filesystem.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 support/testing/tests/boot/test_selinux.py           | 12 ++++++++++++
 .../tests/boot/test_selinux/linux-squashfs.fragment  |  1 +
 2 files changed, 13 insertions(+)
 create mode 100644 support/testing/tests/boot/test_selinux/linux-squashfs.fragment

diff --git a/support/testing/tests/boot/test_selinux.py b/support/testing/tests/boot/test_selinux.py
index b7e15655e7eb..d4e314a646ef 100644
--- a/support/testing/tests/boot/test_selinux.py
+++ b/support/testing/tests/boot/test_selinux.py
@@ -57,3 +57,15 @@ class TestSELinuxSystemdExt4(TestSELinuxSystemd):
 
     def test_run(self):
         self.run_tests("ext4")
+
+class TestSELinuxSystemdSquashfs(TestSELinuxSystemd):
+    config = TestSELinuxSystemd.config + \
+            """
+            BR2_TARGET_ROOTFS_SQUASHFS=y
+            BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="{}"
+            """.format(
+                infra.filepath("tests/boot/test_selinux/linux-squashfs.fragment"),
+            )
+
+    def test_run(self):
+        self.run_tests("squashfs")
diff --git a/support/testing/tests/boot/test_selinux/linux-squashfs.fragment b/support/testing/tests/boot/test_selinux/linux-squashfs.fragment
new file mode 100644
index 000000000000..7a89d006fa26
--- /dev/null
+++ b/support/testing/tests/boot/test_selinux/linux-squashfs.fragment
@@ -0,0 +1 @@
+CONFIG_SQUASHFS=y
-- 
2.26.2

[Buildroot] [PATCH 3/7] support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES

[Antoine Tenart]

This patch adds a test for the BR2_REFPOLICY_EXTRA_MODULES
functionality (which allows to select extra modules within the SELinux
refpolicy using Kconfig).

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 support/testing/tests/core/test_selinux.py | 36 ++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 support/testing/tests/core/test_selinux.py

diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py
new file mode 100644
index 000000000000..10be30d7913d
--- /dev/null
+++ b/support/testing/tests/core/test_selinux.py
@@ -0,0 +1,36 @@
+import os
+
+import infra.basetest
+
+
+class TestSELinuxInfra(infra.basetest.BRTest):
+    config = infra.basetest.BASIC_TOOLCHAIN_CONFIG +\
+             """
+             BR2_PACKAGE_REFPOLICY=y
+             BR2_PACKAGE_PYTHON3=y
+             BR2_PACKAGE_SETOOLS=y
+             BR2_TARGET_ROOTFS_CPIO=y
+             """
+
+    def base_test_run(self):
+        cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+        self.emulator.boot(arch="armv5", kernel="builtin",
+                           options=["-initrd", cpio_file])
+        self.emulator.login()
+
+class TestSELinuxExtraModules(TestSELinuxInfra):
+    config = TestSELinuxInfra.config + \
+             """
+             BR2_REFPOLICY_EXTRA_MODULES="ntp tor"
+             """
+
+    def test_run(self):
+        TestSELinuxInfra.base_test_run(self)
+
+        out, ret = self.emulator.run("seinfo -t ntpd_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "ntpd_t")
+
+        out, ret = self.emulator.run("seinfo -t tor_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "tor_t")
-- 
2.26.2

[Buildroot] [PATCH 4/7] support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES_DIRS

[Antoine Tenart]

Add a test for the BR2_REFPOLICY_EXTRA_MODULES_DIRS functionality (which
allows to provide custom SELinux modules).

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 support/testing/tests/core/test_selinux.py          | 13 +++++++++++++
 .../core/test_selinux/extra_modules/buildroot.fc    |  0
 .../core/test_selinux/extra_modules/buildroot.if    |  1 +
 .../core/test_selinux/extra_modules/buildroot.te    |  3 +++
 4 files changed, 17 insertions(+)
 create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.fc
 create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.if
 create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.te

diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py
index 10be30d7913d..9e189d6114df 100644
--- a/support/testing/tests/core/test_selinux.py
+++ b/support/testing/tests/core/test_selinux.py
@@ -34,3 +34,16 @@ class TestSELinuxExtraModules(TestSELinuxInfra):
         out, ret = self.emulator.run("seinfo -t tor_t", 15)
         self.assertEqual(ret, 0)
         self.assertEqual(out[2].strip(), "tor_t")
+
+class TestSELinuxExtraModulesDirs(TestSELinuxInfra):
+    config = TestSELinuxInfra.config + \
+             """
+             BR2_REFPOLICY_EXTRA_MODULES_DIRS="{}"
+             """.format(infra.filepath("tests/core/test_selinux/extra_modules"))
+
+    def test_run(self):
+        TestSELinuxInfra.base_test_run(self)
+
+        out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "buildroot_test_t")
diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.fc b/support/testing/tests/core/test_selinux/extra_modules/buildroot.fc
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.if b/support/testing/tests/core/test_selinux/extra_modules/buildroot.if
new file mode 100644
index 000000000000..acf797e6044b
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/extra_modules/buildroot.if
@@ -0,0 +1 @@
+## <summary>Buildroot rules</summary>
diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.te b/support/testing/tests/core/test_selinux/extra_modules/buildroot.te
new file mode 100644
index 000000000000..266bc03be013
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/extra_modules/buildroot.te
@@ -0,0 +1,3 @@
+policy_module(buildroot, 1.0.0)
+
+type buildroot_test_t;
-- 
2.26.2

[Buildroot] [PATCH 5/7] support/testing: add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT

[Antoine Tenart]

Add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT (which allows to select
a custom location for the SELinux refpolicy). The test uses the official
refpolicy as a test (we only want to test the functionality is working,
not that another refpolicy is correctly building; that is an user
problematic).

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 support/testing/tests/core/test_selinux.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py
index 9e189d6114df..bb6604590ab5 100644
--- a/support/testing/tests/core/test_selinux.py
+++ b/support/testing/tests/core/test_selinux.py
@@ -47,3 +47,14 @@ class TestSELinuxExtraModulesDirs(TestSELinuxInfra):
         out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15)
         self.assertEqual(ret, 0)
         self.assertEqual(out[2].strip(), "buildroot_test_t")
+
+class TestSELinuxCustomGit(TestSELinuxInfra):
+    config = TestSELinuxInfra.config + \
+             """
+             BR2_PACKAGE_REFPOLICY_CUSTOM_GIT=y
+             BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL="https://github.com/SELinuxProject/refpolicy.git"
+             BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION="RELEASE_2_20200818"
+             """
+
+    def test_run(self):
+        pass
-- 
2.26.2

[Buildroot] [PATCH 6/7] support/testing: add tests for the packages SELinux functionalities

[Antoine Tenart]

Add tests to ensure the packages SELinux functionalities (being able to
select an extra SELinux module in the refpolicy, and being able to
provide a custom SELinux module) are working as expected.

We use a BR2_EXTERNAL folder, provided in the tests, to use a custom
SELinux enabled package.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 support/testing/tests/core/test_selinux.py    | 22 +++++++++++++++++++
 .../core/test_selinux/br2_external/Config.in  |  1 +
 .../test_selinux/br2_external/external.desc   |  1 +
 .../test_selinux/br2_external/external.mk     |  1 +
 .../package/selinux-test/Config.in            |  6 +++++
 .../package/selinux-test/selinux-test.mk      |  9 ++++++++
 .../package/selinux-test/selinux/buildroot.fc |  0
 .../package/selinux-test/selinux/buildroot.if |  1 +
 .../package/selinux-test/selinux/buildroot.te |  3 +++
 9 files changed, 44 insertions(+)
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/Config.in
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.desc
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.mk
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if
 create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te

diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py
index bb6604590ab5..28d99d3a6912 100644
--- a/support/testing/tests/core/test_selinux.py
+++ b/support/testing/tests/core/test_selinux.py
@@ -58,3 +58,25 @@ class TestSELinuxCustomGit(TestSELinuxInfra):
 
     def test_run(self):
         pass
+
+class TestSELinuxPackage(TestSELinuxInfra):
+    br2_external = [infra.filepath("tests/core/test_selinux/br2_external")]
+    config = TestSELinuxInfra.config + \
+             """
+             BR2_PACKAGE_SELINUX_TEST=y
+             """
+
+    def test_run(self):
+        TestSELinuxInfra.base_test_run(self)
+
+        out, ret = self.emulator.run("seinfo -t ntpd_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "ntpd_t")
+
+        out, ret = self.emulator.run("seinfo -t tor_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "tor_t")
+
+        out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "buildroot_test_t")
diff --git a/support/testing/tests/core/test_selinux/br2_external/Config.in b/support/testing/tests/core/test_selinux/br2_external/Config.in
new file mode 100644
index 000000000000..9d9c84ee3cfe
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/Config.in
@@ -0,0 +1 @@
+source "$BR2_EXTERNAL_SELINUX_PATH/package/selinux-test/Config.in"
diff --git a/support/testing/tests/core/test_selinux/br2_external/external.desc b/support/testing/tests/core/test_selinux/br2_external/external.desc
new file mode 100644
index 000000000000..44b5b95f5b4e
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/external.desc
@@ -0,0 +1 @@
+name: SELINUX
diff --git a/support/testing/tests/core/test_selinux/br2_external/external.mk b/support/testing/tests/core/test_selinux/br2_external/external.mk
new file mode 100644
index 000000000000..54d2402d52e3
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/external.mk
@@ -0,0 +1 @@
+include $(sort $(wildcard $(BR2_EXTERNAL_SELINUX_PATH)/package/*/*.mk))
diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in
new file mode 100644
index 000000000000..c50631bd3a5b
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in
@@ -0,0 +1,6 @@
+config BR2_PACKAGE_SELINUX_TEST
+	bool "SELinux test package"
+	depends on BR2_PACKAGE_LIBSELINUX
+	depends on BR2_PACKAGE_REFPOLICY
+	help
+	  Test package for SELinux Buildroot helpers.
diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk
new file mode 100644
index 000000000000..0100b718be3f
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk
@@ -0,0 +1,9 @@
+################################################################################
+#
+# SELinux test package
+#
+################################################################################
+
+SELINUX_TEST_SELINUX_MODULES = ntp tor
+
+$(eval $(generic-package))
diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if
new file mode 100644
index 000000000000..acf797e6044b
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if
@@ -0,0 +1 @@
+## <summary>Buildroot rules</summary>
diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te
new file mode 100644
index 000000000000..266bc03be013
--- /dev/null
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te
@@ -0,0 +1,3 @@
+policy_module(buildroot, 1.0.0)
+
+type buildroot_test_t;
-- 
2.26.2

[Buildroot] [PATCH 7/7] DEVELOPERS: update my watchlist

[Antoine Tenart]

Update my watchlist with SELinux related files.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
---
 DEVELOPERS | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/DEVELOPERS b/DEVELOPERS
index 9352d891d35d..904b35984b0e 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -254,7 +254,14 @@ N:	Anthony Viallard <viallard@syscom-instruments.com>
 F:	package/gnuplot/
 
 N:	Antoine T?nart <antoine.tenart@bootlin.com>
+F:	configs/qemu_x86_64_selinux_defconfig
+F:	package/libselinux/
+F:	package/refpolicy/
 F:	package/wf111/
+F:	support/testing/tests/boot/test_selinux/
+F:	support/testing/tests/boot/test_selinux.py
+F:	support/testing/tests/core/test_selinux/
+F:	support/testing/tests/core/test_selinux.py
 
 N:	Antony Pavlov <antonynpavlov@gmail.com>
 F:	package/lsscsi/
-- 
2.26.2

[Buildroot] [PATCH 0/7] SELinux tests

[Thomas Petazzoni]

Hello Antoine,

On Mon, 28 Sep 2020 16:54:18 +0200
Antoine Tenart <antoine.tenart@bootlin.com> wrote:

> Antoine Tenart (7):
>   support/testing: add an SELinuxSystemdExt4 test
>   support/testing: add an SELinuxSystemdSquashfs test
>   support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES
>   support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES_DIRS
>   support/testing: add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT
>   support/testing: add tests for the packages SELinux functionalities
>   DEVELOPERS: update my watchlist

Thanks a lot, I have applied the whole series, but after doing a number
of changes:

 - Switched to using an external toolchain for the SELinux
   ext4/squashfs systemd tests. This greatly reduces the build time.

 - Moved the SELinux ext4/squashfs systemd tests to init/ tests instead
   of boot/ tests. Indeed, boot/ is really for bootloader related tests.

 - Moved the update of the DEVELOPERS file to each individual commit
   adding a new test-related file. Of course, the addition of
   libselinux/refpolicy on your watch list was kept as a separate patch.

 - Some minor update of the commit titles.

I've also pushed a preparation commit that fixes the variable expansion
issue we have discussed, and which was exhibited by one of the tests
you have contributed.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com