[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <88259677752389b350614857e6003b8c.paul@paul-moore.com>
Date: Mon, 23 Oct 2023 23:52:36 -0400
From: Paul Moore <paul@...l-moore.com>
To: Fan Wu <wufan@...ux.microsoft.com>, corbet@....net,
zohar@...ux.ibm.com, jmorris@...ei.org, serge@...lyn.com,
tytso@....edu, ebiggers@...nel.org, axboe@...nel.dk,
agk@...hat.com, snitzer@...nel.org, eparis@...hat.com
Cc: linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fscrypt@...r.kernel.org, linux-block@...r.kernel.org,
dm-devel@...hat.com, audit@...r.kernel.org,
roberto.sassu@...wei.com, linux-kernel@...r.kernel.org,
Deven Bowers <deven.desai@...ux.microsoft.com>,
Fan Wu <wufan@...ux.microsoft.com>
Subject: Re: [PATCH RFC v11 18/19] ipe: kunit test for parser
On Oct 4, 2023 Fan Wu <wufan@...ux.microsoft.com> wrote:
>
> Add various happy/unhappy unit tests for both IPE's parser.
I'm going to suggest: "... for IPE's policy parser."
Also, aside from the policy parser tests, are there any other IPE
functional tests? We do have a testing guideline for new LSM
submissions:
"New LSMs must be accompanied by a test suite to verify basic
functionality and help identify regressions. The test suite
must be publicly available without download restrictions
requiring accounts, subscriptions, etc. Test coverage does
not need to reach a specific percentage, but core functionality
and any user interfaces should be well covered by the test
suite. Maintaining the test suite in a public git repository is
preferable over tarball snapshots. Integrating the test suite
with existing automated Linux kernel testing services is
encouraged."
https://github.com/LinuxSecurityModule/kernel/blob/main/README.md#new-lsm-guidelines
> Signed-off-by: Deven Bowers <deven.desai@...ux.microsoft.com>
> Signed-off-by: Fan Wu <wufan@...ux.microsoft.com>
> ---
> v1-v6:
> + Not present
>
> v7:
> Introduced
>
> v8:
> + Remove the kunit tests with respect to the fsverity digest, as these
> require significant changes to work with the new method of acquiring
> the digest at runtime.
>
> v9:
> + Remove the kunit tests related to ipe_context
>
> v10:
> + No changes
>
> v11:
> + No changes
> ---
> security/ipe/Kconfig | 17 +++
> security/ipe/Makefile | 3 +
> security/ipe/policy_tests.c | 294 ++++++++++++++++++++++++++++++++++++
> 3 files changed, 314 insertions(+)
> create mode 100644 security/ipe/policy_tests.c
--
paul-moore.com
Powered by blists - more mailing lists