[LTP] [PATCH 1/2] lib: Add tst_selinux_enforcing()

Petr Vorel pvorel@suse.cz
Wed Mar 20 08:56:05 CET 2024 

Hi Li, all,

> Hi Petr,

> On Wed, Mar 20, 2024 at 2:32 PM Petr Vorel <pvorel@suse.cz> wrote:

> > Co-developed-by: Mete Durlu <meted@linux.ibm.com>
> > Signed-off-by: Petr Vorel <pvorel@suse.cz>


> This patch is doing the same work as security_getenforce() which provides
> by 'selinux/selinux.h', but it is still worth having it because we do not
> want ltp
> has many extra dependencies (e.g. libselinux-devel).

+1

> Reviewed-by: Li Wang <liwang@redhat.com>

Thanks!

> > ---
> > Hi,

> > @Li, Cyril:
> > 1) I guess we want to distinguish EACCES for SELinux enforcing, right?
> > If not, this commit would be dropped and second commit would just use

> >         const int exp_errs[] = {tc->expected_errno, EACCES};

> >         TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD |
> > tc->mark.flags,
> >                          tc->mask.flags, dirfd, path),
> >                          exp_errs);

> > 2) Some time ago I proposed to merge some lib/*.c files, not
> > just have so many files with single functions in the library. E.g.
> > lib/tst_fips.c, lib/tst_selinux.c, lib/tst_lockdown.c could be merged
> > into lib/tst_security.c. Or do we want to have these separate?


> I think the answer is Yes. There are more and more lib/*.c files with

I read "Yes" as to keep lib/tst_selinux.c, lib/tst_lockdown.c as separate.

I'm not sure myself (quite separate things, although they are all "security"),
what bothers me more are these tst_dir_is_empty.c, tst_path_has_mnt_flags.c
files.

> some trivial features, which bring troubles for reading/managing the
> library. It is necessary to archive and merge the same thing.


> > When I proposed this, I wanted to merge files, which have the same name
> > as the single function in the file (e.g. tst_dir_is_empty.c,
> > tst_path_has_mnt_flags.c), having them as single file does not help much
> > with searching for the content.


> +1

> And the most important is we need to give a good name for the
> achieved header file.

+1

Kind regards,
Petr

More information about the ltp mailing list