Re: [PATCH] selinux-testsuite: update to work on Debian

From: William Roberts <bill.c.roberts@gmail.com>
To: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Paul Moore <paul@paul-moore.com>,
	Laurent Bigonville <bigon@debian.org>,
	Russell Coker <russell@coker.com.au>,
	SElinux list <selinux@vger.kernel.org>,
	Ondrej Mosnacek <omosnace@redhat.com>
Subject: Re: [PATCH] selinux-testsuite: update to work on Debian
Date: Fri, 15 May 2020 11:27:05 -0500	[thread overview]
Message-ID: <CAFftDdoineg_FjyPnCtxEjiFtEQ3bZt-M_ePZtfAh-CUNSDwNg@mail.gmail.com> (raw)
In-Reply-To: <CAEjxPJ72G4bpd6uLy1UikPoU7+tS-Kh2cCO+R75ApoRNCt3_Wg@mail.gmail.com>

On Wed, May 13, 2020 at 10:51 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Thu, May 7, 2020 at 11:03 PM Paul Moore <paul@paul-moore.com> wrote:
> > For a long time now I've wanted to expand my selinux/next kernel
> > testing to platforms beyond Fedora.  I believe that it not only helps
> > catch problems before the kernel is released, but it also helps ensure
> > that the underlying distro has all of the necessary pieces (userspace,
> > policy, etc.) in place to support the latest and upcoming kernels.
> >
> > Unfortunately every time I've looked at the state of SELinux in Debian
> > I've run out of time before I got it working well.  I'm not even going
> > to get into the Debian package format :/
> >
> > I would be very happy to see some work go into lowering the bar on
> > getting SELinux working on Debian.  My Debian experience is pretty
> > limited, but you can sign me up as a very enthusiastic beta-tester,
> > just point me at some docs and an ISO :)
>
> FWIW, with the just-merged series, if you follow the new instructions
> in the README.md for Debian, you should be able to successfully build
> and run the testsuite on Debian stable and unstable (also worked for
> me on Ubuntu 20.04 aside from needing to obtain libbpf from upstream
> since it isn't packaged for Ubuntu).  The default policy still has
> some issues (e.g. don't try to use GNOME in enforcing mode) but if you
> can login as an unconfined user and setenforce 1 via text console or
> ssh login, you should be able to run the testsuite.

I am having an issue with the test suite, perhaps the error would be obvious
to you or someone else

Error:
make[3]: Entering directory '/root/selinux-testsuite/tests/module_load'
make[3]: *** /lib/modules/5.6.6-300.fc32.x86_64/build: No such file or
directory.  Stop.
make[3]: Leaving directory '/root/selinux-testsuite/tests/module_load'
make[2]: *** [Makefile:8: all] Error 2
make[2]: Leaving directory '/root/selinux-testsuite/tests/module_load'
make[1]: *** [Makefile:141: all] Error 1
make[1]: Leaving directory '/root/selinux-testsuite/tests'
make: *** [Makefile:8: test] Error 2

The module_load path exists:
[root@demo tests]# ls /lib/modules/5.6.6-300.fc32.x86_64/
bls.conf    modules.builtin       modules.drm    source
build    modules.builtin.alias.bin  modules.modesetting  symvers.gz
config    modules.builtin.bin       modules.networking   System.map
kernel    modules.builtin.modinfo    modules.order    updates
modules.alias    modules.dep       modules.softdep    vdso
modules.alias.bin  modules.dep.bin       modules.symbols    vmlinuz
modules.block    modules.devname       modules.symbols.bin

And build exists, but it's a file, is that right?
[root@demo tests]# stat /lib/modules/5.6.6-300.fc32.x86_64/build
  File: /lib/modules/5.6.6-300.fc32.x86_64/build ->
/usr/src/kernels/5.6.6-300.fc32.x86_64
  Size: 38        Blocks: 0          IO Block: 4096   symbolic link
Device: 801h/2049d Inode: 154128      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:modules_object_t:s0
Access: 2020-05-15 16:23:03.854826122 +0000
Modify: 2020-04-21 14:01:58.000000000 +0000
Change: 2020-04-22 22:30:37.051096556 +0000
 Birth: -

Thanks,
Bill