@@ -10,18 +10,19 @@ jobs:
- uses: actions/checkout@v2
- run: sudo chown $(id -u):$(id -g) .
- run: tools/check-syntax -f && git diff --exit-code
- fedora-test:
+ vm-test:
runs-on: macos-12
strategy:
fail-fast: false
matrix:
domain: [unconfined_t, sysadm_t]
env:
- - { version: 37, kernel: default }
- - { version: 38, kernel: default }
- - { version: 38, kernel: secnext }
+ - { image: fedora/37-cloud-base, kernel: default }
+ - { image: fedora/38-cloud-base, kernel: default }
+ - { image: fedora/38-cloud-base, kernel: secnext }
+ - { image: centos/stream9, kernel: latest }
env:
- FEDORA_VERSION: ${{ matrix.env.version }}
+ IMAGE_NAME: ${{ matrix.env.image }}
KERNEL_TYPE: ${{ matrix.env.kernel }}
ROOT_DOMAIN: ${{ matrix.domain }}
steps:
@@ -47,6 +48,6 @@ jobs:
- name: Run SELinux testsuite
run: vagrant ssh -- sudo make -C /root/testsuite test
- name: Check unwanted denials
- run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep ${{ matrix.domain }}'
+ run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep "^type=AVC .*${{ matrix.domain }}"'
- name: Check .gitignore coverage
run: test "$(vagrant ssh -- sudo git -C /root/testsuite ls-files -o --exclude-standard | wc -l)" -eq 0
@@ -5,7 +5,7 @@
#
# To create a new virtual machine:
#
-# FEDORA_VERSION=33 vagrant up
+# IMAGE_NAME=fedora/34-cloud-base KERNEL_TYPE=default vagrant up
#
# To launch tests (for example after modifications have been made):
#
@@ -20,7 +20,7 @@
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
- config.vm.box = "fedora/#{ENV['FEDORA_VERSION']}-cloud-base"
+ config.vm.box = "#{ENV['IMAGE_NAME']}"
config.vm.synced_folder ".", "/vagrant", disabled: true
config.vm.synced_folder ".", "/root/testsuite", type: "rsync",
# need to disable '--copy-links', which is in rsync__args by default
@@ -33,16 +33,23 @@ Vagrant.configure("2") do |config|
v.memory = 4096
end
+ kernel_subpkgs = ['devel', 'modules']
+
+ dnf_opts = ''
+ case ENV['IMAGE_NAME']
+ when /^centos\//
+ dnf_opts << ' --enablerepo crb'
+ kernel_subpkgs << 'modules-extra'
+ end
+
case ENV['KERNEL_TYPE']
when 'default'
- dnf_opts = ''
- kernel_pkgs = 'kernel-devel-"$(uname -r)" kernel-modules-"$(uname -r)"'
+ kernel_pkgs = kernel_subpkgs.map{|s| "kernel-#{s}-\"$(uname -r)\""}.join(' ')
when 'latest'
- dnf_opts = ''
- kernel_pkgs = 'kernel-devel kernel-modules'
+ kernel_pkgs = kernel_subpkgs.map{|s| "kernel-#{s}"}.join(' ')
when 'secnext'
- dnf_opts = '--nogpgcheck --releasever rawhide --repofrompath kernel-secnext,https://repo.paul-moore.com/rawhide/x86_64'
- kernel_pkgs = 'kernel-devel kernel-modules'
+ dnf_opts << ' --nogpgcheck --releasever rawhide --repofrompath kernel-secnext,https://repo.paul-moore.com/rawhide/x86_64'
+ kernel_pkgs = kernel_subpkgs.map{|s| "kernel-#{s}"}.join(' ')
else
print("Invalid KERNEL_TYPE '#{ENV['KERNEL_TYPE']}'")
abort
Now that there is an up-to-date CS9 box available in Vagrant [1], we can test on it in the CI to ensure that the testsuite is compatible with this distribution. Note that there may be a few test cases skipped that could in fact be run on the latest CS9 thanks to backports, but that can be addressed later. [1] https://issues.redhat.com/browse/CS-1186 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- .github/workflows/checks.yml | 13 +++++++------ Vagrantfile | 23 +++++++++++++++-------- 2 files changed, 22 insertions(+), 14 deletions(-)