From ad6723c44b52e20536a86ae6a0dbcd04e8a2b722 Mon Sep 17 00:00:00 2001
From: Sylvestre Ledru <sylvestre@debian.org>
Date: Sat, 15 Mar 2025 12:15:16 +0100
Subject: [PATCH] selinux test: collect and process the results

---
 .github/workflows/GnuTests.yml | 27 ++++++++++++++++++++++++---
 GNUmakefile                    |  4 +---
 util/run-gnu-test.sh           | 31 ++++++++++++++++++++++++++++---
 3 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/GnuTests.yml b/.github/workflows/GnuTests.yml
index 52a4ca13c..08979f2b6 100644
--- a/.github/workflows/GnuTests.yml
+++ b/.github/workflows/GnuTests.yml
@@ -55,12 +55,14 @@ jobs:
         #
         SUITE_LOG_FILE="${path_GNU_tests}/test-suite.log"
         ROOT_SUITE_LOG_FILE="${path_GNU_tests}/test-suite-root.log"
+        SELINUX_SUITE_LOG_FILE="${path_GNU_tests}/selinux-test-suite.log"
+        SELINUX_ROOT_SUITE_LOG_FILE="${path_GNU_tests}/selinux-test-suite-root.log"
         TEST_LOGS_GLOB="${path_GNU_tests}/**/*.log" ## note: not usable at bash CLI; [why] double globstar not enabled by default b/c MacOS includes only bash v3 which doesn't have double globstar support
         TEST_FILESET_PREFIX='test-fileset-IDs.sha1#'
         TEST_FILESET_SUFFIX='.txt'
         TEST_SUMMARY_FILE='gnu-result.json'
         TEST_FULL_SUMMARY_FILE='gnu-full-result.json'
-        outputs SUITE_LOG_FILE ROOT_SUITE_LOG_FILE TEST_FILESET_PREFIX TEST_FILESET_SUFFIX TEST_LOGS_GLOB TEST_SUMMARY_FILE TEST_FULL_SUMMARY_FILE
+        outputs SUITE_LOG_FILE ROOT_SUITE_LOG_FILE SELINUX_SUITE_LOG_FILE SELINUX_ROOT_SUITE_LOG_FILE TEST_FILESET_PREFIX TEST_FILESET_SUFFIX TEST_LOGS_GLOB TEST_SUMMARY_FILE TEST_FULL_SUMMARY_FILE
     - name: Checkout code (uutil)
       uses: actions/checkout@v4
       with:
@@ -198,6 +200,19 @@ jobs:
     - name: Selinux - Run selinux tests as root
       run: |
         lima bash -c "cd ~/work/uutils/ && CI=1 bash util/run-gnu-test.sh run-root \$(cat selinux-tests.txt)"
+    - name: Selinux - Collect test logs
+      run: |
+        # Create directories for SELinux test logs
+        mkdir -p ${{ steps.vars.outputs.path_GNU_tests }}-selinux
+
+        # Copy the test logs from the Lima VM to the host
+        lima bash -c "mkdir -p ~/work/gnu/tests-selinux && cp ~/work/gnu/tests/test-suite.log ~/work/gnu/tests-selinux/ || echo 'No test-suite.log found'"
+        lima bash -c "cp ~/work/gnu/tests/test-suite-root.log ~/work/gnu/tests-selinux/ || echo 'No test-suite-root.log found'"
+        rsync -v -a -e ssh lima-default:~/work/gnu/tests-selinux/ ./${{ steps.vars.outputs.path_GNU_tests }}-selinux/
+
+        # Copy SELinux logs to the main test directory for integrated processing
+        cp -f ${{ steps.vars.outputs.path_GNU_tests }}-selinux/test-suite.log ${{ steps.vars.outputs.path_GNU_tests }}/selinux-test-suite.log || echo "No SELinux test-suite.log found"
+        cp -f ${{ steps.vars.outputs.path_GNU_tests }}-selinux/test-suite-root.log ${{ steps.vars.outputs.path_GNU_tests }}/selinux-test-suite-root.log || echo "No SELinux test-suite-root.log found"
 
     - name: Run GNU tests
       shell: bash
@@ -230,11 +245,13 @@ jobs:
         #
         SUITE_LOG_FILE='${{ steps.vars.outputs.SUITE_LOG_FILE }}'
         ROOT_SUITE_LOG_FILE='${{ steps.vars.outputs.ROOT_SUITE_LOG_FILE }}'
-        ls -al ${SUITE_LOG_FILE} ${ROOT_SUITE_LOG_FILE}
+        SELINUX_SUITE_LOG_FILE='${{ steps.vars.outputs.SELINUX_SUITE_LOG_FILE }}'
+        SELINUX_ROOT_SUITE_LOG_FILE='${{ steps.vars.outputs.SELINUX_ROOT_SUITE_LOG_FILE }}'
+        ls -al ${SUITE_LOG_FILE} ${ROOT_SUITE_LOG_FILE} ${SELINUX_SUITE_LOG_FILE} ${SELINUX_ROOT_SUITE_LOG_FILE}
 
         if test -f "${SUITE_LOG_FILE}"
         then
-            source ${path_UUTILS}/util/analyze-gnu-results.sh ${SUITE_LOG_FILE} ${ROOT_SUITE_LOG_FILE}
+            source ${path_UUTILS}/util/analyze-gnu-results.sh ${SUITE_LOG_FILE} ${ROOT_SUITE_LOG_FILE} ${SELINUX_SUITE_LOG_FILE} ${SELINUX_ROOT_SUITE_LOG_FILE}
             if [[ "$TOTAL" -eq 0 || "$TOTAL" -eq 1 ]]; then
               echo "::error ::Failed to parse test results from '${SUITE_LOG_FILE}'; failing early"
               exit 1
@@ -287,7 +304,11 @@ jobs:
         have_new_failures=""
         REF_LOG_FILE='${{ steps.vars.outputs.path_reference }}/test-logs/test-suite.log'
         ROOT_REF_LOG_FILE='${{ steps.vars.outputs.path_reference }}/test-logs/test-suite-root.log'
+        SELINUX_REF_LOG_FILE='${{ steps.vars.outputs.path_reference }}/test-logs/selinux-test-suite.log'
+        SELINUX_ROOT_REF_LOG_FILE='${{ steps.vars.outputs.path_reference }}/test-logs/selinux-test-suite-root.log'
         REF_SUMMARY_FILE='${{ steps.vars.outputs.path_reference }}/test-summary/gnu-result.json'
+
+
         REPO_DEFAULT_BRANCH='${{ steps.vars.outputs.repo_default_branch }}'
         path_UUTILS='${{ steps.vars.outputs.path_UUTILS }}'
         # https://github.com/uutils/coreutils/issues/4294
diff --git a/GNUmakefile b/GNUmakefile
index 1e031e0ff..e043fbcf9 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -181,9 +181,7 @@ SELINUX_PROGS := \
 
 ifneq ($(OS),Windows_NT)
 	PROGS := $(PROGS) $(UNIX_PROGS)
-endif
-
-ifeq ($(SELINUX_ENABLED),1)
+# Build the selinux command even if not on the system
 	PROGS := $(PROGS) $(SELINUX_PROGS)
 endif
 
diff --git a/util/run-gnu-test.sh b/util/run-gnu-test.sh
index 4148c3f96..7fa52f84e 100755
--- a/util/run-gnu-test.sh
+++ b/util/run-gnu-test.sh
@@ -43,7 +43,27 @@ cd "${path_GNU}" && echo "[ pwd:'${PWD}' ]"
 
 export RUST_BACKTRACE=1
 
-if test "$1" != "run-root"; then
+# Determine if we have SELinux tests
+has_selinux_tests=false
+if test $# -ge 1; then
+    for t in "$@"; do
+        if [[ "$t" == *"selinux"* ]]; then
+                has_selinux_tests=true
+                break
+        fi
+    done
+fi
+
+if [[ "$1" == "run-root" && "$has_selinux_tests" == true ]]; then
+    # Handle SELinux root tests separately
+    shift
+    if test -n "$CI"; then
+        echo "Running SELinux tests as root"
+        # Don't use check-root here as the upstream root tests is hardcoded
+        sudo "${MAKE}" -j "$("${NPROC}")" check TESTS="$*" SUBDIRS=. RUN_EXPENSIVE_TESTS=yes RUN_VERY_EXPENSIVE_TESTS=yes VERBOSE=no gl_public_submodule_commit="" srcdir="${path_GNU}" TEST_SUITE_LOG="tests/test-suite-root.log" || :
+    fi
+    exit 0
+elif test "$1" != "run-root"; then
     if test $# -ge 1; then
         # if set, run only the tests passed
         SPECIFIC_TESTS=""
@@ -82,8 +102,13 @@ else
     # in case we would like to run tests requiring root
     if test -z "$1" -o "$1" == "run-root"; then
         if test -n "$CI"; then
-            echo "Running check-root to run only root tests"
-            sudo "${MAKE}" -j "$("${NPROC}")" check-root SUBDIRS=. RUN_EXPENSIVE_TESTS=yes RUN_VERY_EXPENSIVE_TESTS=yes VERBOSE=no gl_public_submodule_commit="" srcdir="${path_GNU}" TEST_SUITE_LOG="tests/test-suite-root.log" || :
+            if test $# -ge 2; then
+                echo "Running check-root to run only root tests"
+                sudo "${MAKE}" -j "$("${NPROC}")" check-root TESTS="$2" SUBDIRS=. RUN_EXPENSIVE_TESTS=yes RUN_VERY_EXPENSIVE_TESTS=yes VERBOSE=no gl_public_submodule_commit="" srcdir="${path_GNU}" TEST_SUITE_LOG="tests/test-suite-root.log" || :
+            else
+                echo "Running check-root to run only root tests"
+                sudo "${MAKE}" -j "$("${NPROC}")" check-root SUBDIRS=. RUN_EXPENSIVE_TESTS=yes RUN_VERY_EXPENSIVE_TESTS=yes VERBOSE=no gl_public_submodule_commit="" srcdir="${path_GNU}" TEST_SUITE_LOG="tests/test-suite-root.log" || :
+            fi
         fi
     fi
 fi