From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 28 Aug 2016 14:44:23 -0400 Subject: [refpolicy] Testing in the Reference Policy In-Reply-To: References: <9e6f676d-edd4-e33c-a861-9334adfea081@gmail.com> <9b6be580-6efd-fa8f-daa8-94e371cc4bf3@ieee.org> <500fc9cb-11ee-18b9-c049-4587ba29633a@ieee.org> Message-ID: <614d53f3-3c4d-a669-31aa-ed15b963d816@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/28/16 14:25, Naftuli Tzvi Kay wrote: > Would most of you appreciate a Fedora VM or a CentOS VM for the Vagrant box? A minimal Fedora would probably be a better bet, as it is more up to date. On a side note, please do not send HTML emails to the list. > On Aug 25, 2016 15:54, "Naftuli Tzvi Kay" > wrote: > > Okay, I'll post back when I have something significant to report. > > Thanks, > - Naftuli Tzvi > > On Thu, Aug 25, 2016 at 3:51 PM, Chris PeBenito > wrote: > > On 08/25/16 18:48, Naftuli Tzvi Kay wrote: > > I'm hoping to have as few scripts as possible. Is there a > preference > here? I could use Ansible, but if shell scripts are the most > portable > thing with the least dependencies, I can do that. > > > I'd prefer shell scripts, because it doesn't incur even more > dependencies, but if they get too ugly, I'd be willing to > entertain something like an ansible playbook. > > > > On Thu, Aug 25, 2016 at 3:39 PM, Chris PeBenito > > >> wrote: > > On 08/24/16 18:14, Naftuli Tzvi Kay wrote: > > I was thinking of making a Vagrant environment where > users can test > their applications on a system running the currently > checked out > master > of refpolicy. This will make it easier for me to > update my > policy for > Syncthing for instance. > > In short, an environment to: > 1. compile the reference policy > 2. install it in the running kernel > 3. install applications and do integration tests of > the policy > against > actual running binaries when developing new policies for > applications > > > Will you be including configuration/scripts for > provisioning too? > How would the provisioning be done? Shell scripts? -- Chris PeBenito