[Swan-dev] [Testing] Test Suite & Docker

Ondrej Moris omoris at redhat.com
Sun May 15 21:51:30 UTC 2016

On 05/15/2016 08:09 PM, Paul Wouters wrote:
> On Sun, 15 May 2016, Ondrej Moris wrote:
>> Off-topic - are you runnig test suite executed in FIPS mode? If not, are
>> you interested in that? There would probably be tons of both true and
>> false positives though. And I am very very doubtful about FIPS in
>> Fedora. OTOH it might be doable in RHEL...
> Our problem was that we couldn't easilly add fips=1 on a per-test basis
> to the VM. Similarly, we need a MLS on/off method so we can run the MLS
> labeled ipsec tests. We might be able to virt-install a FIPS and
> FIPS+MLS image, eg east-fips, west-fips, and then use those.

I see, well there is still --impair-force-fips for per-test FIPS
testing. Sure, it is not the "FIPS product" when kernel is not in FIPS
mode but for testing user-space it should be sufficient. MLS would be a
much bigger step I guess. At least in Fedora since almost nobody cares
about selinux-mls-policy there. We recently started the same testing we
did for Common Criteria in RHEL in Fedora 23 and there are tons of
selinux denials. In RHEL both FIPS and MLS testing should be possible.

>>> - Similarly, if we want to test against systems that are not amd64,
>>> KVM would be need
>> You're right. But that can change in the future, lacking support for
>> 32bit is more or less just a plumbing issue (you just need support in
>> registries basically). Is KVM testsuite running in 32-bit environment?
> It should, we might not have tested that in a long time. The good thing
> about KVM is we can fairly easilly using virt-install add a mips or
> sparc or arm client. We haven't looked into that much at this moment.
> Paul

More information about the Swan-dev mailing list