[LTP] [PATCH 1/2] lib: Add tst_selinux_enforcing()

Li Wang liwang@redhat.com
Wed Mar 20 09:04:32 CET 2024


On Wed, Mar 20, 2024 at 3:56 PM Petr Vorel <pvorel@suse.cz> wrote:

> Hi Li, all,
>
> > Hi Petr,
>
> > On Wed, Mar 20, 2024 at 2:32 PM Petr Vorel <pvorel@suse.cz> wrote:
>
> > > Co-developed-by: Mete Durlu <meted@linux.ibm.com>
> > > Signed-off-by: Petr Vorel <pvorel@suse.cz>
>
>
> > This patch is doing the same work as security_getenforce() which provides
> > by 'selinux/selinux.h', but it is still worth having it because we do not
> > want ltp
> > has many extra dependencies (e.g. libselinux-devel).
>
> +1
>
> > Reviewed-by: Li Wang <liwang@redhat.com>
>
> Thanks!
>
> > > ---
> > > Hi,
>
> > > @Li, Cyril:
> > > 1) I guess we want to distinguish EACCES for SELinux enforcing, right?
> > > If not, this commit would be dropped and second commit would just use
>
> > >         const int exp_errs[] = {tc->expected_errno, EACCES};
>
> > >         TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD |
> > > tc->mark.flags,
> > >                          tc->mask.flags, dirfd, path),
> > >                          exp_errs);
>
> > > 2) Some time ago I proposed to merge some lib/*.c files, not
> > > just have so many files with single functions in the library. E.g.
> > > lib/tst_fips.c, lib/tst_selinux.c, lib/tst_lockdown.c could be merged
> > > into lib/tst_security.c. Or do we want to have these separate?
>
>
> > I think the answer is Yes. There are more and more lib/*.c files with
>
> I read "Yes" as to keep lib/tst_selinux.c, lib/tst_lockdown.c as separate.
>

Ohh, sorry, I don't mean that. More separate (boring!!!) files should be
avoided.

I think I should step away from the keyboard now, watching too much screen
time makes me foolish :).


-- 
Regards,
Li Wang


More information about the ltp mailing list