mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
test: load the SELinux module outside of the VM
Turns out we can, apart from just building the module, "shove" it into the SELinux database in a chroot as well. This brings quite significant time savings, as the SELinux db rebuild takes 2 - 5 minutes in a VM without acceleration (and takes currently ~half of the runtime of the test in the C8S job).
This commit is contained in:
parent
8c0ace5739
commit
fa5dee77c0
@ -42,16 +42,14 @@ test_append_files() {
|
||||
fi
|
||||
|
||||
mkdir "$workspace/systemd-test-module"
|
||||
cp systemd_test.te "$workspace/systemd-test-module"
|
||||
cp systemd_test.if "$workspace/systemd-test-module"
|
||||
cp systemd_test.fc "$workspace/systemd-test-module"
|
||||
cp -v systemd_test.* "$workspace/systemd-test-module/"
|
||||
image_install -o sesearch
|
||||
image_install runcon
|
||||
image_install checkmodule semodule semodule_package m4 make load_policy sefcontext_compile
|
||||
image_install -o /usr/libexec/selinux/hll/pp # Fedora/RHEL/...
|
||||
image_install -o /usr/lib/selinux/hll/pp # Debian/Ubuntu/...
|
||||
|
||||
if ! chroot "$workspace" make -C /systemd-test-module -f /usr/share/selinux/devel/Makefile clean systemd_test.pp; then
|
||||
if ! chroot "$workspace" make -C /systemd-test-module -f /usr/share/selinux/devel/Makefile clean load systemd_test.pp QUIET=n; then
|
||||
dfatal "Failed to build the systemd test module"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -1,15 +0,0 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
[Unit]
|
||||
Description=Load systemd-test module
|
||||
DefaultDependencies=no
|
||||
Requires=local-fs.target
|
||||
Conflicts=shutdown.target
|
||||
After=local-fs.target
|
||||
Before=sysinit.target shutdown.target autorelabel.service
|
||||
ConditionSecurity=selinux
|
||||
|
||||
[Service]
|
||||
ExecStart=sh -x -c 'echo 0 >/sys/fs/selinux/enforce && make -C /systemd-test-module -f /usr/share/selinux/devel/Makefile load'
|
||||
Type=oneshot
|
||||
TimeoutSec=0
|
||||
RemainAfterExit=yes
|
@ -2,9 +2,6 @@
|
||||
[Unit]
|
||||
Description=TEST-06-SELINUX
|
||||
|
||||
Requires=load-systemd-test-module.service
|
||||
After=load-systemd-test-module.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=rm -f /failed /testok
|
||||
ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
|
||||
|
Loading…
Reference in New Issue
Block a user