[PATCH linux-kselftest/test v1] apparmor: add AppArmor KUnit tests for policy unpack
Theodore Y. Ts'o
tytso at mit.edu
Fri Oct 18 16:25:19 UTC 2019
On Thu, Oct 17, 2019 at 05:43:07PM -0700, Brendan Higgins wrote:
> > +config SECURITY_APPARMOR_TEST
> > + bool "Build KUnit tests for policy_unpack.c"
> > + default n
> > + depends on KUNIT && SECURITY_APPARMOR
>
> Ted, here is an example where doing select on direct dependencies is
> tricky because SECURITY_APPARMOR has a number of indirect dependencies.
Well, that could be solved by adding a select on all of the indirect
dependencies. I did get your point about the fact that we could have
cases where the indirect dependencies might conflict with one another.
That's going to be a tough situation regardless of whether we have a
sat-solver or a human who has to struggle with that situation.
It's also going to be a bit sad because it means that we won't be able
to create a single config that could be used to run all the kunit
tests when a user pushes a change to a Gerrit server for review. :-/
I suppose that if we use a strict definition of "unit tests", and we
assume that all of the tests impacted by a change in foo/bar/baz.c
will be found in foo/bar/baz-test.c, or maybe foo/bar/*-test.c, we can
automate the generation of the kunitconfig file, perhaps?
The other sad bit about having mutually exclusive config options is
that we can't easily "run all KUinit tests" for some kind of test
spinner or zero-day bot.
I'm not sure there's a good solution to that issue, though.
- Ted
More information about the Linux-security-module-archive
mailing list