From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v5QKH2uh013062 for ; Mon, 26 Jun 2017 16:17:02 -0400 Received: by mail-lf0-f51.google.com with SMTP id b207so6651515lfg.2 for ; Mon, 26 Jun 2017 13:17:00 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <1496162091-129822-1-git-send-email-danielj@mellanox.com> <1496162091-129822-3-git-send-email-danielj@mellanox.com> <1496164182.2164.12.camel@tycho.nsa.gov> <1496166732.2164.18.camel@tycho.nsa.gov> From: Paul Moore Date: Mon, 26 Jun 2017 16:16:58 -0400 Message-ID: Subject: Re: [PATCH v2 2/2] selinux-testsuite: Infiniband endport tests To: Daniel Jurgens , lvrabec@redhat.com Cc: Stephen Smalley , "selinux@tycho.nsa.gov" , Yevgeny Petrilin Content-Type: text/plain; charset="UTF-8" List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On Fri, Jun 9, 2017 at 4:23 PM, Daniel Jurgens wrote: > On 6/9/2017 3:01 PM, Paul Moore wrote: >> On Fri, Jun 9, 2017 at 10:59 AM, Daniel Jurgens wrote: >> >> Should be all set now, let me know if you notice any problems. I did >> add a separate third commit to munge the style/formatting (see >> previous emails); I didn't bother posting it to the list as it is just >> style changes, but in case anyone is curious, this is the commit: >> >> commit 8e0339cef20d0356d3e115c31a133662e9562e65 >> Author: Paul Moore >> Date: Fri Jun 9 15:46:37 2017 -0400 >> >> infiniband: apply style corrections to the infiniband tests >> >> Patch generated by './tools/check-syntax -f'. >> >> Signed-off-by: Paul Moore >> >>> I recall you saying you do most of your testing in VMs on a laptop. But if you have a system with a free pci-e slot we can ship you an HCA if you'd like to be able to run these yourself. >> Thank you for the offer, and yes I generally run the tests in a VM, >> however we've been working on getting something a bit more automated >> in place for upstream testing (more info on that once everything is >> sorted out). >> >> Let me think about this a bit (and dust off my somewhat neglected >> testing hardware), I generally try to avoid getting tied to specific >> hardware, but it is necessary in this case, and I fear that this may >> be the easiest way to ensure it gets tested regularly. >> > OK, just let me know if you want one. Once the feature works it's way back to mainstream kernel I'll add the tests to our automated regressions too. Thanks for all your help getting this whole thing through review! FWIW, this was in the pull request I sent up to James, you should see it arrive in Linus' tree during the upcoming merge window. > How often does the fedora-selinux project switch the base refpolicy? It needs additions to the unconfined user role to allow access. My apologies, I just realized I never answered this last question about Fedora ... the answer is the usual "it depends". I've added Lukas Vrabec to this email as he is in charge of the Fedora SELinux policy. -- paul moore www.paul-moore.com