[PATCH linux-kselftest/test v1] apparmor: add AppArmor KUnit tests for policy unpack
Kees Cook
keescook at chromium.org
Wed Oct 30 19:02:27 UTC 2019
On Fri, Oct 18, 2019 at 02:41:38PM -0700, Brendan Higgins wrote:
> On Fri, Oct 18, 2019 at 9:25 AM Theodore Y. Ts'o <tytso at mit.edu> wrote:
> >
> > On Thu, Oct 17, 2019 at 05:43:07PM -0700, Brendan Higgins wrote:
> > > > +config SECURITY_APPARMOR_TEST
> > > > + bool "Build KUnit tests for policy_unpack.c"
> > > > + default n
> > > > + depends on KUNIT && SECURITY_APPARMOR
> > >
> > > Ted, here is an example where doing select on direct dependencies is
> > > tricky because SECURITY_APPARMOR has a number of indirect dependencies.
> >
> > Well, that could be solved by adding a select on all of the indirect
> > dependencies. I did get your point about the fact that we could have
>
> In this particular case that would work.
>
> > cases where the indirect dependencies might conflict with one another.
> > That's going to be a tough situation regardless of whether we have a
> > sat-solver or a human who has to struggle with that situation.
>
> But yeah, that's the real problem.
I think at this stage we want to make it _possible_ to write tests
sanely without causing all kinds of headaches. I think "build all the
tests" can just be a function of "allmodconfig" and leave it at that
until we have cases we really need to deal with.
--
Kees Cook
More information about the Linux-security-module-archive
mailing list