From patchwork Fri Sep 29 15:51:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9978301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BC5F960311 for ; Fri, 29 Sep 2017 15:48:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AC44D294A7 for ; Fri, 29 Sep 2017 15:48:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A11E12984B; Fri, 29 Sep 2017 15:48:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E8146294A7 for ; Fri, 29 Sep 2017 15:48:36 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.42,453,1500940800"; d="scan'208";a="344973367" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA11.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 29 Sep 2017 15:48:32 +0000 Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 29 Sep 2017 15:48:17 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8TFkhMi028856; Fri, 29 Sep 2017 11:47:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v8TFkYoY012767 for ; Fri, 29 Sep 2017 11:46:34 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8TFkSl8028843; Fri, 29 Sep 2017 11:46:28 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Date: Fri, 29 Sep 2017 11:51:36 -0400 Message-Id: <20170929155136.12963-1-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.9.5 Subject: [PATCH] selinux-testsuite: README: Update kernel config requirements X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add several config options that are required by the inet_socket, netlink_socket, and overlay tests. Note that these are not required for basic SELinux operation itself but merely to test the corresponding functionality. Discovered these undocumented dependencies upon running selinux-testsuite after running make localmodconfig and then re-adding the already documented config options to my config; these three tests had failures due to the missing config options. Signed-off-by: Stephen Smalley --- README | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/README b/README index de50eb4..da51dd4 100644 --- a/README +++ b/README @@ -19,11 +19,18 @@ CONFIG_INET=y CONFIG_IPV6=y CONFIG_SECURITY=y CONFIG_SECURITY_NETWORK=y -CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_SELINUX=y + +# For testing of labeled IPSEC, NetLabel, and SECMARK functionality. +# Not strictly required for basic SELinux operation. +CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_NETLABEL=y CONFIG_IP_NF_SECURITY=m CONFIG_INET_XFRM_MODE_TRANSPORT=m +CONFIG_INET_AH=m +CONFIG_INET6_XFRM_MODE_TRANSPORT=m +CONFIG_INET6_AH=m +CONFIG_CRYPTO_SHA1=m # used for testing, could be updated if desired CONFIG_NETWORK_SECMARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m @@ -47,6 +54,18 @@ CONFIG_IP_SCTP=m CONFIG_BT=m CONFIG_CRYPTO_USER_API=m +# Netlink protocol implementations. +# These are enabled to test the netlink socket controls in +# tests/netlink_socket; they are not required for SELinux operation itself. +CONFIG_SCSI_FC_ATTRS=m # selects CONFIG_SCSI_NETLINK +CONFIG_NETFILTER_NETLINK=m +CONFIG_CRYPTO_USER=m + +# Overlay fs. +# This is enabled to test overlayfs SELinux integration. +# It is not required for SELinux operation itself. +CONFIG_OVERLAY_FS=m + Do not set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX; it is an option for legacy distributions (Fedora 3 and 4).