test: build the SELinux test module on the host

Let's save some time and build the SELinux test module on the host instead of a possibly unaccelerated VM. This brings the runtime of TEST-06-SELINUX from ~12 minutes down to a ~1 minute.
2024-07-21 10:17:21 +00:00 · 2023-05-19 11:45:11 +02:00 · 2023-05-19 11:45:11 +02:00 · 038efe6df1
parent daeb95a1d8
commit 038efe6df1
2 changed files with 31 additions and 29 deletions
--- a/test/TEST-06-SELINUX/test.sh
+++ b/test/TEST-06-SELINUX/test.sh
@ -7,7 +7,6 @@ IMAGE_NAME="selinux"
 TEST_NO_NSPAWN=1

 # Requirements:
-# Fedora 23
 # selinux-policy-targeted
 # selinux-policy-devel

@ -21,38 +20,41 @@ SETUP_SELINUX=yes
 KERNEL_APPEND="${KERNEL_APPEND:=} selinux=1 security=selinux"

 test_append_files() {
-    (
-        local workspace="${1:?}"
-        local policy_headers_dir=/usr/share/selinux/devel
-        local modules_dir=/var/lib/selinux
+    local workspace="${1:?}"
+    local policy_headers_dir=/usr/share/selinux/devel
+    local modules_dir=/var/lib/selinux

-        setup_selinux
-        # Make sure we never expand this to "/..."
-        rm -rf "${workspace:?}/$modules_dir"
+    setup_selinux
+    # Make sure we never expand this to "/..."
+    rm -rf "${workspace:?}/$modules_dir"

-        if ! cp -ar "$modules_dir" "$workspace/$modules_dir"; then
-            dfatal "Failed to copy $modules_dir"
-            exit 1
-        fi
+    if ! cp -ar "$modules_dir" "$workspace/$modules_dir"; then
+        dfatal "Failed to copy $modules_dir"
+        exit 1
+    fi

-        rm -rf "${workspace:?}/$policy_headers_dir"
-        inst_dir /usr/share/selinux
+    rm -rf "${workspace:?}/$policy_headers_dir"
+    inst_dir /usr/share/selinux

-        if ! cp -ar "$policy_headers_dir" "$workspace/$policy_headers_dir"; then
-            dfatal "Failed to copy $policy_headers_dir"
-            exit 1
-        fi
+    if ! cp -ar "$policy_headers_dir" "$workspace/$policy_headers_dir"; then
+        dfatal "Failed to copy $policy_headers_dir"
+        exit 1
+    fi

-        mkdir "$workspace/systemd-test-module"
-        cp systemd_test.te "$workspace/systemd-test-module"
-        cp systemd_test.if "$workspace/systemd-test-module"
-        cp systemd_test.fc "$workspace/systemd-test-module"
-        image_install -o sesearch
-        image_install runcon
-        image_install checkmodule semodule semodule_package m4 make load_policy sefcontext_compile
-        image_install -o /usr/libexec/selinux/hll/pp # Fedora/RHEL/...
-        image_install -o /usr/lib/selinux/hll/pp     # Debian/Ubuntu/...
-    )
+    mkdir "$workspace/systemd-test-module"
+    cp systemd_test.te "$workspace/systemd-test-module"
+    cp systemd_test.if "$workspace/systemd-test-module"
+    cp systemd_test.fc "$workspace/systemd-test-module"
+    image_install -o sesearch
+    image_install runcon
+    image_install checkmodule semodule semodule_package m4 make load_policy sefcontext_compile
+    image_install -o /usr/libexec/selinux/hll/pp # Fedora/RHEL/...
+    image_install -o /usr/lib/selinux/hll/pp     # Debian/Ubuntu/...
+
+    if ! chroot "$workspace" make -C /systemd-test-module -f /usr/share/selinux/devel/Makefile clean systemd_test.pp; then
+        dfatal "Failed to build the systemd test module"
+        exit 1
+    fi
 }

 do_test "$@"
--- a/test/testsuite-06.units/load-systemd-test-module.service
+++ b/test/testsuite-06.units/load-systemd-test-module.service
@ -9,7 +9,7 @@ Before=sysinit.target shutdown.target autorelabel.service
 ConditionSecurity=selinux

 [Service]
-ExecStart=sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile clean load'
+ExecStart=sh -x -c 'echo 0 >/sys/fs/selinux/enforce && make -C /systemd-test-module -f /usr/share/selinux/devel/Makefile load'
 Type=oneshot
 TimeoutSec=0
 RemainAfterExit=yes