checkpolicy-2.5-0.99.rc1.1.fc24

Update to upstream rc1 release 2016-01-07
2016-01-08 23:39:39 +01:00
26 changed files with 21 additions and 1469 deletions
--- a/.gitignore
+++ b/.gitignore
@ -93,15 +93,3 @@ checkpolicy-2.0.22.tgz
 /checkpolicy-2.3.tgz
 /checkpolicy-2.4.tar.gz
 /checkpolicy-2.5-rc1.tar.gz
 /checkpolicy-2.5.tar.gz
 /checkpolicy-2.6.tar.gz
 /checkpolicy-2.7.tar.gz
 /checkpolicy-2.8-rc1.tar.gz
 /checkpolicy-2.8-rc3.tar.gz
 /checkpolicy-2.8.tar.gz
 /checkpolicy-2.9-rc1.tar.gz
 /checkpolicy-2.9-rc2.tar.gz
 /checkpolicy-2.9.tar.gz
 /checkpolicy-3.0-rc1.tar.gz
 /checkpolicy-3.0.tar.gz
 /checkpolicy-3.1.tar.gz
--- a/0001-libsepol-checkpolicy-optimize-storage-of-filename-tr.patch
+++ b/0001-libsepol-checkpolicy-optimize-storage-of-filename-tr.patch
@ -1,129 +0,0 @@
 From 42ae834a7428c57f7b2a9f448adf4cf991fa3487 Mon Sep 17 00:00:00 2001
 From: Ondrej Mosnacek <omosnace@redhat.com>
 Date: Fri, 31 Jul 2020 13:10:34 +0200
 Subject: [PATCH] libsepol,checkpolicy: optimize storage of filename
 transitions
 In preparation to support a new policy format with a more optimal
 representation of filename transition rules, this patch applies an
 equivalent change from kernel commit c3a276111ea2 ("selinux: optimize
 storage of filename transitions").
 See the kernel commit's description [1] for the rationale behind this
 representation. This change doesn't bring any measurable difference of
 policy build performance (semodule -B) on Fedora.
 [1] https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/commit/?id=c3a276111ea2572399281988b3129683e2a6b60b
 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
 ---
 checkpolicy/policy_define.c | 49 ++++++++++---------------------------
 checkpolicy/test/dispol.c   | 20 ++++++++++-----
 2 files changed, 27 insertions(+), 42 deletions(-)
 diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
 index c6733fa469c5..395f62284e3c 100644
 --- a/checkpolicy/policy_define.c
 +++ b/checkpolicy/policy_define.c
@@ -3303,8 +3303,6 @@ int define_filename_trans(void)
 	ebitmap_t e_stypes, e_ttypes;
 	ebitmap_t e_tclasses;
 	ebitmap_node_t *snode, *tnode, *cnode;
 -	filename_trans_t *ft;
 -	filename_trans_datum_t *ftdatum;
 	filename_trans_rule_t *ftr;
 	type_datum_t *typdatum;
 	uint32_t otype;
@@ -3388,40 +3386,19 @@ int define_filename_trans(void)
 	ebitmap_for_each_positive_bit(&e_tclasses, cnode, c) {
 		ebitmap_for_each_positive_bit(&e_stypes, snode, s) {
 			ebitmap_for_each_positive_bit(&e_ttypes, tnode, t) {
 -				ft = calloc(1, sizeof(*ft));
 -				if (!ft) {
 -					yyerror("out of memory");
 -					goto bad;
 -				}
 -				ft->stype = s+1;
 -				ft->ttype = t+1;
 -				ft->tclass = c+1;
 -				ft->name = strdup(name);
 -				if (!ft->name) {
 -					yyerror("out of memory");
 -					goto bad;
 -				}
 -
 -				ftdatum = hashtab_search(policydbp->filename_trans,
 -							 (hashtab_key_t)ft);
 -				if (ftdatum) {
 -					yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
 -						 name,
 -						 policydbp->p_type_val_to_name[s],
 -						 policydbp->p_type_val_to_name[t],
 -						 policydbp->p_class_val_to_name[c]);
 -					goto bad;
 -				}
 -
 -				ftdatum = calloc(1, sizeof(*ftdatum));
 -				if (!ftdatum) {
 -					yyerror("out of memory");
 -					goto bad;
 -				}
 -				rc = hashtab_insert(policydbp->filename_trans,
 -						    (hashtab_key_t)ft,
 -						    ftdatum);
 -				if (rc) {
 +				rc = policydb_filetrans_insert(
 +					policydbp, s+1, t+1, c+1, name,
 +					NULL, otype, NULL
 +				);
 +				if (rc != SEPOL_OK) {
 +					if (rc == SEPOL_EEXIST) {
 +						yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
 +							name,
 +							policydbp->p_type_val_to_name[s],
 +							policydbp->p_type_val_to_name[t],
 +							policydbp->p_class_val_to_name[c]);
 +						goto bad;
 +					}
 					yyerror("out of memory");
 					goto bad;
 				}
 diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
 index d72d9fb331cf..8785b7252824 100644
 --- a/checkpolicy/test/dispol.c
 +++ b/checkpolicy/test/dispol.c
@@ -335,17 +335,25 @@ static int filenametr_display(hashtab_key_t key,
 			      hashtab_datum_t datum,
 			      void *ptr)
 {
 -	struct filename_trans *ft = (struct filename_trans *)key;
 +	struct filename_trans_key *ft = (struct filename_trans_key *)key;
 	struct filename_trans_datum *ftdatum = datum;
 	struct filenametr_display_args *args = ptr;
 	policydb_t *p = args->p;
 	FILE *fp = args->fp;
 +	ebitmap_node_t *node;
 +	uint32_t bit;
 +
 +	do {
 +		ebitmap_for_each_positive_bit(&ftdatum->stypes, node, bit) {
 +			display_id(p, fp, SYM_TYPES, bit, "");
 +			display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
 +			display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
 +			display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");
 +			fprintf(fp, " %s\n", ft->name);
 +		}
 +		ftdatum = ftdatum->next;
 +	} while (ftdatum);
 -	display_id(p, fp, SYM_TYPES, ft->stype - 1, "");
 -	display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
 -	display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
 -	display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");
 -	fprintf(fp, " %s\n", ft->name);
 	return 0;
 }
 -- 
 2.29.0
--- a/0002-libsepol-cil-fix-signed-overflow-caused-by-using-1-3.patch
+++ b/0002-libsepol-cil-fix-signed-overflow-caused-by-using-1-3.patch
@ -1,90 +0,0 @@
 From 521e6a2f478a4c7a7c198c017d4d12e8667d89e7 Mon Sep 17 00:00:00 2001
 From: Nicolas Iooss <nicolas.iooss@m4x.org>
 Date: Sat, 3 Oct 2020 15:19:08 +0200
 Subject: [PATCH] libsepol/cil: fix signed overflow caused by using (1 << 31) -
 1
 When compiling SELinux userspace tools with -ftrapv (this option
 generates traps for signed overflow on addition, subtraction,
 multiplication operations, instead of silently wrapping around),
 semodule crashes when running the tests from
 scripts/ci/fedora-test-runner.sh in a Fedora 32 virtual machine:
    [root@localhost selinux-testsuite]# make test
    make -C policy load
    make[1]: Entering directory '/root/selinux-testsuite/policy'
    # Test for "expand-check = 0" in /etc/selinux/semanage.conf
    # General policy build
    make[2]: Entering directory '/root/selinux-testsuite/policy/test_policy'
    Compiling targeted test_policy module
    Creating targeted test_policy.pp policy package
    rm tmp/test_policy.mod.fc
    make[2]: Leaving directory '/root/selinux-testsuite/policy/test_policy'
    # General policy load
    domain_fd_use --> off
    /usr/sbin/semodule -i test_policy/test_policy.pp test_mlsconstrain.cil test_overlay_defaultrange.cil test_add_levels.cil test_glblub.cil
    make[1]: *** [Makefile:174: load] Aborted (core dumped)
 Using "coredumpctl gdb" leads to the following strack trace:
    (gdb) bt
    #0  0x00007f608fe4fa25 in raise () from /lib64/libc.so.6
    #1  0x00007f608fe38895 in abort () from /lib64/libc.so.6
    #2  0x00007f6090028aca in __addvsi3.cold () from /lib64/libsepol.so.1
    #3  0x00007f6090096f59 in __avrule_xperm_setrangebits (low=30, high=30, xperms=0x8b9eea0)
        at ../cil/src/cil_binary.c:1551
    #4  0x00007f60900970dd in __cil_permx_bitmap_to_sepol_xperms_list (xperms=0xb650a30, xperms_list=0x7ffce2653b18)
        at ../cil/src/cil_binary.c:1596
    #5  0x00007f6090097286 in __cil_avrulex_ioctl_to_policydb (k=0xb8ec200 "@\023\214\022\006", datum=0xb650a30,
        args=0x239a640) at ../cil/src/cil_binary.c:1649
    #6  0x00007f609003f1e5 in hashtab_map (h=0x41f8710, apply=0x7f60900971da <__cil_avrulex_ioctl_to_policydb>,
        args=0x239a640) at hashtab.c:234
    #7  0x00007f609009ea19 in cil_binary_create_allocated_pdb (db=0x2394f10, policydb=0x239a640)
        at ../cil/src/cil_binary.c:4969
    #8  0x00007f609009d19d in cil_binary_create (db=0x2394f10, policydb=0x7ffce2653d30) at ../cil/src/cil_binary.c:4329
    #9  0x00007f609008ec23 in cil_build_policydb_create_pdb (db=0x2394f10, sepol_db=0x7ffce2653d30)
        at ../cil/src/cil.c:631
    #10 0x00007f608fff4bf3 in semanage_direct_commit () from /lib64/libsemanage.so.1
    #11 0x00007f608fff9fae in semanage_commit () from /lib64/libsemanage.so.1
    #12 0x0000000000403e2b in main (argc=7, argv=0x7ffce2655058) at semodule.c:753
    (gdb) f 3
    #3  0x00007f6090096f59 in __avrule_xperm_setrangebits (low=30, high=30, xperms=0x8b9eea0)
        at ../cil/src/cil_binary.c:1551
    1551     xperms->perms[i] |= XPERM_SETBITS(h) - XPERM_SETBITS(low);
 A signed integer overflow therefore occurs in XPERM_SETBITS(h):
    #define XPERM_SETBITS(x) ((1 << (x & 0x1f)) - 1)
 This macro is expanded with h=31, so "(1 << 31) - 1" is computed:
 * (1 << 31) = -0x80000000 is the lowest signed 32-bit integer value
 * (1 << 31) - 1 overflows the capacity of a signed 32-bit integer and
  results in 0x7fffffff (which is unsigned)
 Using unsigned integers (with "1U") fixes the crash, as
 (1U << 31) = 0x80000000U has no overflowing issues.
 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 Acked-by: Petr Lautrbach <plautrba@redhat.com>
 ---
 checkpolicy/policy_define.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
 index 395f62284e3c..bf6c3e68bef3 100644
 --- a/checkpolicy/policy_define.c
 +++ b/checkpolicy/policy_define.c
@@ -2147,7 +2147,7 @@ out:
 /* index of the u32 containing the permission */
 #define XPERM_IDX(x) (x >> 5)
 /* set bits 0 through x-1 within the u32 */
 -#define XPERM_SETBITS(x) ((1 << (x & 0x1f)) - 1)
 +#define XPERM_SETBITS(x) ((1U << (x & 0x1f)) - 1)
 /* low value for this u32 */
 #define XPERM_LOW(x) (x << 5)
 /* high value for this u32 */
 -- 
 2.29.0
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@ -1,21 +1,16 @@
-%define libselinuxver 3.1-4
+%define libselinuxver 2.5-0
-%define libsepolver 3.1-4
+%define libsepolver 2.5-0
 Summary: SELinux policy compiler
 Name: checkpolicy
-Version: 3.1
+Version: 2.5
-Release: 4%{?dist}
+Release: 0.99.rc1.1%{?dist}
 License: GPLv2
-Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/checkpolicy-3.1.tar.gz
+Group: Development/System
-# $ git clone https://github.com/fedora-selinux/selinux.git
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160107/checkpolicy-2.5-rc1.tar.gz
-# $ cd selinux
+
-# $ git format-patch -N checkpolicy-3.1 -- checkpolicy
+Conflicts: selinux-policy-base < 3.13.1-138
-# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
+BuildRoot: %{_tmppath}/%{name}-buildroot
 # Patch list start
 Patch0001: 0001-libsepol-checkpolicy-optimize-storage-of-filename-tr.patch
 Patch0002: 0002-libsepol-cil-fix-signed-overflow-caused-by-using-1-3.patch
 # Patch list end
 BuildRequires: gcc
 BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel  >= %{libselinuxver} 
 %description
@ -33,159 +28,39 @@ This package contains checkpolicy, the SELinux policy compiler.
 Only required for building policies. 
 %prep
-%autosetup -p 2 -n checkpolicy-%{version}
+%setup -q -n checkpolicy-2.5-rc1
 %build
-
+make clean
-%set_build_flags
+make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" 
 %make_build LIBDIR="%{_libdir}"
 cd test
-%make_build LIBDIR="%{_libdir}"
+make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" 
 %install
 rm -rf ${RPM_BUILD_ROOT}
 mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
-%make_install LIBDIR="%{_libdir}"
+make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
 install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
 install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
 %clean
 rm -rf ${RPM_BUILD_ROOT}
 %files
 %defattr(-,root,root)
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_bindir}/checkpolicy
 %{_bindir}/checkmodule
 %{_mandir}/man8/checkpolicy.8.gz
 %{_mandir}/man8/checkmodule.8.gz
 %{_mandir}/ru/man8/checkpolicy.8.gz
 %{_mandir}/ru/man8/checkmodule.8.gz
 %{_bindir}/sedismod
 %{_bindir}/sedispol
 %changelog
-* Sun Nov  1 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4
+* Fri Jan 08 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.99.rc1.1
 - Fix signed overflow caused by using (1 << 31) - 1
 - Optimize storage of filename transitions
 - Rebuild with libsepol.so.2
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
 - Use make macros
 - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 * Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
 - SELinux userspace 3.1 release
 * Tue Jan 28 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-3
 - Fix -fno-common issues discovered by GCC 10
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
 - SELinux userspace 3.0 release
 * Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
 - SELinux userspace 3.0-rc1 release candidate
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
 - SELinux userspace 2.9 release
 * Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
 - SELinux userspace 2.9-rc2 release
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
 - SELinux userspace 2.9-rc1 release
 * Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
 - Check the result value of hashtable_search
 - Destroy the class datum if it fails to initialize
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
 - SELinux userspace 2.8 release
 * Tue May 15 2018 Petr Lautrbach <plautrba@workstation> - 2.8-0.rc3.1
 - SELinux userspace 2.8-rc3 release candidate
 * Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
 - SELinux userspace 2.8-rc1 release candidate
 * Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-7
 - Add support for the SCTP portcon keyword
 * Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
 - build: follow standard semantics for DESTDIR and PREFIX
 * Thu Feb 22 2018 Florian Weimer <fweimer@redhat.com> - 2.7-5
 - Use LDFLAGS from redhat-rpm-config
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-3
 - Rebuild with libsepol-2.7-3 and libselinux-2.7-6
 * Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2
 - Rebuilt with libsepol-2.7-2
 * Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
 - Update to upstream release 2017-08-04
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1
 - Update to upstream release 2016-10-14
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-8
 - Add types associated to a role in the current scope when parsing
 * Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-7
 - Extend checkpolicy pathname matching
 - Rebuilt with libsepol-2.5-9
 * Mon Jun 27 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-6
 - Fix typos in sedispol
 * Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
 - Set flex as default lexer
 - Fix checkmodule output message
 * Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
 - Rebuilt with libsepol-2.5-6
 * Fri Apr 29 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
 - Build policy on systems not supporting DCCP protocol
 - Fail if module name different than output base filename
 * Fri Apr 08 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-2
 - Add support for portcon dccp protocol
 * Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
 - Update to upstream release 2016-02-23
 * Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1
 - Update to upstream rc1 release 2016-01-07
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-2.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-1.1
 - Update to 2.4 release
--- a/gating.yaml
+++ b/gating.yaml
@ -1,16 +0,0 @@
 --- !Policy
 product_versions:
  - fedora-*
 decision_context: bodhi_update_push_testing
 subject_type: koji_build
 rules:
  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
 --- !Policy
 product_versions:
  - fedora-*
 decision_context: bodhi_update_push_stable
 subject_type: koji_build
 rules:
  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (checkpolicy-3.1.tar.gz) = 2276a5a0919286049d2ceba386ef5f6de523745b588bb81cb4fed5eced5fd0b8070249b7a3ae5a85e2abb9369a86318f727d4073aad14ab75c43750a46069168
+3387013d526c51272b2b76f94c3211fb  checkpolicy-2.5-rc1.tar.gz
--- a/tests/checkmodule/Makefile
+++ b/tests/checkmodule/Makefile
@ -1,67 +0,0 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Makefile of /CoreOS/checkpolicy/Sanity/checkmodule
 #   Description: runs checkmodule with various options to find out if it behaves correctly
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 export TEST=/CoreOS/checkpolicy/Sanity/checkmodule
 export TESTVERSION=1.0
 BUILT_FILES=
 FILES=$(METADATA) runtest.sh Makefile PURPOSE mypolicy.te
 .PHONY: all install download clean
 run: $(FILES) build
 	./runtest.sh
 build: $(BUILT_FILES)
 	chmod a+x runtest.sh
 clean:
 	rm -f *~ $(BUILT_FILES)
 include /usr/share/rhts/lib/rhts-make.include
 $(METADATA): Makefile
 	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
 	@echo "Name:            $(TEST)" >> $(METADATA)
 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
 	@echo "Description:     runs checkmodule with various options to find out if it behaves correctly" >> $(METADATA)
 	@echo "Type:            Sanity" >> $(METADATA)
 	@echo "TestTime:        10m" >> $(METADATA)
 	@echo "RunFor:          checkpolicy" >> $(METADATA)
 	@echo "Requires:        checkpolicy" >> $(METADATA)
 	@echo "Requires:        man" >> $(METADATA)
 	@echo "Requires:        grep" >> $(METADATA)
 	@echo "Requires:        mktemp" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)
 	@echo "Destructive:     no" >> $(METADATA)
 	@echo "Releases:        -RHEL4" >> $(METADATA)
 	rhts-lint $(METADATA)
--- a/tests/checkmodule/PURPOSE
+++ b/tests/checkmodule/PURPOSE
@ -1,5 +0,0 @@
 PURPOSE of /CoreOS/checkpolicy/Sanity/checkmodule
 Author: Milos Malik <mmalik@redhat.com>
 This TC runs checkmodule with various options to find out if it behaves correctly.
--- a/tests/checkmodule/mypolicy.te
+++ b/tests/checkmodule/mypolicy.te
@ -1,9 +0,0 @@
 module mypolicy 1.0;
 require {
        type httpd_log_t;
        type postfix_postdrop_t;
        class dir getattr;
        class file { read getattr };
 }
 allow postfix_postdrop_t httpd_log_t:file getattr; 
--- a/tests/checkmodule/runtest.sh
+++ b/tests/checkmodule/runtest.sh
@ -1,101 +0,0 @@
 #!/bin/bash
 # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   runtest.sh of /CoreOS/checkpolicy/Sanity/checkmodule
 #   Description: runs checkmodule with various options to find out if it behaves correctly
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Include rhts environment
 . /usr/bin/rhts-environment.sh
 . /usr/share/beakerlib/beakerlib.sh
 PACKAGE="checkpolicy"
 rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm ${PACKAGE}
        TEST_FILE=`mktemp`
        TEST_DIR=`mktemp -d`
        rlRun "rpm -ql ${PACKAGE} | grep bin/checkmodule"
    rlPhaseEnd
    rlPhaseStartTest
        rlRun "checkmodule >& ${TEST_FILE}" 1
        rlAssertGrep "loading policy configuration from policy.conf" ${TEST_FILE}
        rlRun "checkmodule -b >& ${TEST_FILE}" 1
        rlAssertGrep "loading policy configuration from policy" ${TEST_FILE}
        rlRun "checkmodule -V"
        rlRun "checkmodule -U 1>/dev/null" 1
        rlRun "rm -f policy.conf"
        for OPTION in "deny" "reject" "allow" ; do
            rlRun "checkmodule -U ${OPTION} >& ${TEST_FILE}" 1
            rlAssertGrep "unable to open policy.conf" ${TEST_FILE}
        done
        rlRun "rm -f ${TEST_FILE}"
        rlRun "touch ${TEST_FILE}"
        rlRun "rm -rf ${TEST_DIR}"
        rlRun "mkdir ${TEST_DIR}"
        rlRun "checkmodule ${TEST_FILE}" 1,2
        rlRun "checkmodule -b ${TEST_FILE}" 1
        rlRun "checkmodule ${TEST_DIR}" 1,2
        rlRun "checkmodule -b ${TEST_DIR}" 1
        rlRun "rm -f ${TEST_FILE}"
        rlRun "rm -rf ${TEST_DIR}"
        rlRun "checkmodule ${TEST_FILE}" 1
        rlRun "checkmodule -b ${TEST_FILE}" 1
        if rlIsRHEL 5 ; then
            rlRun "checkmodule --help 2>&1 | grep -- -d"
        fi
        rlRun "checkmodule --help 2>&1 | grep -- -h"
        rlRun "checkmodule --help 2>&1 | grep -- -U"
    rlPhaseEnd
    rlPhaseStartTest
        for POLICY_KIND in minimum mls targeted ; do
            rlRun "checkmodule -M -m -b -o testmod.mod /etc/selinux/${POLICY_KIND}/policy/policy.* >& ${TEST_FILE}" 1
            rlRun "grep -i \"checkmodule.*-b and -m are incompatible with each other\" ${TEST_FILE}"
        done
    rlPhaseEnd
    rlPhaseStartTest
        INPUT_FILE="mypolicy.te"
        OUTPUT_FILE="mypolicy.output"
        rlRun "ls -l ${INPUT_FILE}"
        rlRun "checkmodule -m -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*loading policy configuration from ${INPUT_FILE}\""
        rlRun "checkmodule -m -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*writing binary representation.*to ${OUTPUT_FILE}\""
        rlRun "ls -l ${OUTPUT_FILE}"
        if checkmodule --help | grep -q " CIL " ; then
            rlRun "rm -f ${OUTPUT_FILE}"
            rlRun "checkmodule -m -C -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*loading policy configuration from ${INPUT_FILE}\""
            rlRun "checkmodule -m -C -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*writing CIL to ${OUTPUT_FILE}\""
            rlRun "ls -l ${OUTPUT_FILE}"
        fi
    rlPhaseEnd
    rlPhaseStartCleanup
        rlRun "rm -rf ${TEST_FILE} ${TEST_DIR} ${OUTPUT_FILE}"
    rlPhaseEnd
 rlJournalPrintText
 rlJournalEnd
--- a/tests/checkpolicy-docs/Makefile
+++ b/tests/checkpolicy-docs/Makefile
@ -1,64 +0,0 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Makefile of /CoreOS/checkpolicy/Sanity/checkpolicy
 #   Description: covers an issue where manpage included an unsupported option.
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 export TEST=/CoreOS/checkpolicy/Sanity/checkpolicy
 export TESTVERSION=1.0
 BUILT_FILES=
 FILES=$(METADATA) runtest.sh Makefile PURPOSE
 .PHONY: all install download clean
 run: $(FILES) build
 	./runtest.sh
 build: $(BUILT_FILES)
 	chmod a+x runtest.sh
 clean:
 	rm -f *~ $(BUILT_FILES)
 include /usr/share/rhts/lib/rhts-make.include
 $(METADATA): Makefile
 	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
 	@echo "Name:            $(TEST)" >> $(METADATA)
 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
 	@echo "Description:     covers an issue where manpage included an unsupported option." >> $(METADATA)
 	@echo "Type:            Sanity" >> $(METADATA)
 	@echo "TestTime:        1m" >> $(METADATA)
 	@echo "RunFor:          checkpolicy" >> $(METADATA)
 	@echo "Requires:        checkpolicy" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)
 	@echo "Destructive:     no" >> $(METADATA)
 	@echo "Releases:        -RHEL4" >> $(METADATA)
 	rhts-lint $(METADATA)
--- a/tests/checkpolicy-docs/PURPOSE
+++ b/tests/checkpolicy-docs/PURPOSE
@ -1,7 +0,0 @@
 PURPOSE of /CoreOS/checkpolicy/Sanity/checkpolicy
 Description: covers an issue where manpage included an unsupported option.
 Author: Milos Malik <mmalik@redhat.com>
--- a/tests/checkpolicy-docs/runtest.sh
+++ b/tests/checkpolicy-docs/runtest.sh
@ -1,53 +0,0 @@
 #!/bin/bash
 # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   runtest.sh of /CoreOS/checkpolicy/Sanity/checkpolicy-docs
 #   Description: covers an issue where manpage included an unsupported option.
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Include rhts environment
 . /usr/bin/rhts-environment.sh
 . /usr/share/beakerlib/beakerlib.sh
 PACKAGE="checkpolicy"
 rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm ${PACKAGE}
        rlAssertExists "/usr/share/man/man8/checkpolicy.8.gz"
    rlPhaseEnd
    rlPhaseStartTest
        rlRun "man checkpolicy | col -b | grep -- '-m]'" 1
        rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/.*checkmodule"
        if rlIsRHEL 5 ; then
            rlRun "man checkmodule | col -b | grep -- -d"
        fi
        rlRun "man checkmodule | col -b | grep -- -h"
        rlRun "man checkmodule | col -b | grep -- -U"
    rlPhaseEnd
 rlJournalPrintText
 rlJournalEnd
--- a/tests/checkpolicy/Makefile
+++ b/tests/checkpolicy/Makefile
@ -1,64 +0,0 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Makefile of /CoreOS/checkpolicy/Sanity/checkpolicy
 #   Description: runs checkpolicy with various options to find out if it behaves correctly
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 export TEST=/CoreOS/checkpolicy/Sanity/checkpolicy
 export TESTVERSION=1.0
 BUILT_FILES=
 FILES=$(METADATA) runtest.sh Makefile PURPOSE policy.conf.from.secilc
 .PHONY: all install download clean
 run: $(FILES) build
 	./runtest.sh
 build: $(BUILT_FILES)
 	chmod a+x runtest.sh
 clean:
 	rm -f *~ $(BUILT_FILES)
 include /usr/share/rhts/lib/rhts-make.include
 $(METADATA): Makefile
 	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
 	@echo "Name:            $(TEST)" >> $(METADATA)
 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
 	@echo "Description:     runs checkpolicy with various options to find out if it behaves correctly" >> $(METADATA)
 	@echo "Type:            Sanity" >> $(METADATA)
 	@echo "TestTime:        10m" >> $(METADATA)
 	@echo "RunFor:          checkpolicy setools" >> $(METADATA)
 	@echo "Requires:        checkpolicy setools-console selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)
 	@echo "Destructive:     no" >> $(METADATA)
 	@echo "Releases:        -RHEL4" >> $(METADATA)
 	rhts-lint $(METADATA)
--- a/tests/checkpolicy/PURPOSE
+++ b/tests/checkpolicy/PURPOSE
@ -1,7 +0,0 @@
 PURPOSE of /CoreOS/checkpolicy/Sanity/checkpolicy
 Description: runs checkpolicy with various options to find out if it behaves correctly
 Author: Milos Malik <mmalik@redhat.com>
--- a/tests/checkpolicy/policy.conf.from.secilc
+++ b/tests/checkpolicy/policy.conf.from.secilc
@ -1,143 +0,0 @@
 class file
 class process
 class char
 sid kernel
 sid security
 sid unlabeled
 common file {ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton }
 class file inherits file { execute_no_trans entrypoint execmod open audit_access }
 class char inherits file { foo transition }
 class process { open }
 sensitivity s0 alias sens0;
 sensitivity s1;
 dominance { s0 s1 }
 category c0 alias cat0;
 category c1;
 category c2;
 level s0:c0.c2;
 level s1:c0.c2;
 mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1 eq r2)));
 mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or (r1 != r2));
 mlsconstrain file { open } (l1 dom h2);
 mlsconstrain file { open } (h1 domby l2);
 mlsconstrain file { open } (l1 incomp l2);
 mlsvalidatetrans file (h1 domby l2);
 attribute foo_type;
 attribute bar_type;
 attribute baz_type;
 attribute exec_type;
 type bin_t, bar_type, exec_type;
 type kernel_t, foo_type, exec_type, baz_type;
 type security_t, baz_type;
 type unlabeled_t, baz_type;
 type exec_t, baz_type;
 type console_t, baz_type;
 type auditadm_t, baz_type;
 type console_device_t, baz_type;
 type user_tty_device_t, baz_type;
 type device_t, baz_type;
 type getty_t, baz_type;
 type a_t, baz_type;
 type b_t, baz_type;
 typealias bin_t alias sbin_t;
 bool secure_mode false;
 bool console_login true;
 bool b1 false;
 role system_r;
 role user_r;
 role system_r types bin_t; 
 role system_r types kernel_t; 
 role system_r types security_t; 
 role system_r types unlabeled_t; 
 policycap open_perms;
 permissive device_t;
 range_transition device_t console_t : file s0:c0 - s1:c0.c1;
 type_transition device_t console_t : file console_device_t;
 type_member device_t bin_t : file exec_t;
 if console_login{
 	type_change auditadm_t console_device_t : file user_tty_device_t;
 }
 role_transition system_r bin_t user_r;
 auditallow device_t auditadm_t: file { open };
 dontaudit device_t auditadm_t: file { read };
 allow system_r user_r;
 allow console_t console_device_t: char { write setattr };
 allow console_t console_device_t: file { open read getattr };
 allow foo_type self: file { execute };
 allow bin_t device_t: file { execute };
 allow bin_t exec_t: file { execute };
 allow bin_t bin_t: file { execute };
 allow a_t b_t : file { write };
 allow console_t console_device_t: file { read write getattr setattr lock append };
 allow kernel_t kernel_t : file { execute };
 if b1 {
 	allow a_t b_t : file { read };
 }
 if secure_mode{
 	auditallow device_t exec_t: file { read write };
 }
 if console_login{
 	allow getty_t console_device_t: file { getattr open read write append };
 }
 else {
 	dontaudit getty_t console_device_t: file { getattr open read write append };
 }
 if (not ((secure_mode eq console_login) xor ((secure_mode or console_login) and secure_mode))){
 	allow bin_t exec_t: file { execute };
 }
 user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1; 
 user user_u roles user_r level s0:c0 range s0:c0 - s0:c0;
 validatetrans file (t1 == exec_t);
 constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
 constrain file { open } (r1 dom r2);
 constrain file { open }	(r1 domby r2);
 constrain file { open }	(r1 incomp r2);
 constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
 constrain char { write setattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2)));
 sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1
 sid security system_u:system_r:security_t:s0:c0 - s1:c0,c1
 sid unlabeled system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1
 fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1;
 genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1
 portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
 portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
 netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
 nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
 nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222:: system_u:system_r:bin_t:s0:c0 - s1:c0,c1
--- a/tests/checkpolicy/runtest.sh
+++ b/tests/checkpolicy/runtest.sh
@ -1,153 +0,0 @@
 #!/bin/bash
 # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   runtest.sh of /CoreOS/checkpolicy/Sanity/checkpolicy
 #   Description: runs checkpolicy with various options to find out if it behaves correctly
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Include rhts environment
 . /usr/bin/rhts-environment.sh
 . /usr/share/beakerlib/beakerlib.sh
 PACKAGE="checkpolicy"
 rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm ${PACKAGE}
        rlAssertRpm selinux-policy-minimum
        rlAssertRpm selinux-policy-mls
        rlAssertRpm selinux-policy-targeted
        rlRun "uname -a"
        TEST_FILE=`mktemp`
        TEST_DIR=`mktemp -d`
        OUTPUT_FILE=`mktemp`
        rlAssertExists "/usr/bin/checkpolicy"
    rlPhaseEnd
    rlPhaseStartTest "compilation from policy.conf"
        MIN_VERSION="15"
        MAX_VERSION=`find /etc/selinux/ -name policy.?? | cut -d / -f 6 | cut -d . -f 2 | head -n 1`
        if rlIsRHEL 5 6 ; then
            VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION}`
        else
            # some versions are skipped because seinfo segfaults when inspecting binary policies between v.20 and v.23"
            VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION} | grep -v -e 19 -e 20 -e 21 -e 22 -e 23`
        fi
        for CUR_VERSION in ${VERSIONS} ; do
            rlRun "rm -f policy.out"
            rlWatchdog "checkpolicy -M -c ${CUR_VERSION} -o policy.out policy.conf.from.secilc" 15
            if [ -s policy.out ] ; then
                rlRun "seinfo policy.out 2>&1 | tee ${OUTPUT_FILE}"
                rlRun "grep -i -e \"policy version.*${CUR_VERSION}\" -e \"unable to open policy\" ${OUTPUT_FILE}"
            else
                rlRun "ls -l policy.out"
            fi
        done
    rlPhaseEnd
    rlPhaseStartTest
        rlRun "checkpolicy >& ${TEST_FILE}" 1
        rlAssertGrep "loading policy configuration from policy.conf" ${TEST_FILE}
        rlRun "checkpolicy -b >& ${TEST_FILE}" 1
        rlAssertGrep "loading policy configuration from policy" ${TEST_FILE}
        rlRun "checkpolicy -V"
        rlRun "checkpolicy -U 2>&1 | grep \"option requires an argument\""
        rlRun "checkpolicy -U xyz" 1
        rlRun "rm -f policy.conf"
        if ! rlIsRHEL 4 ; then
            for OPTION in "deny" "reject" "allow" ; do
                rlRun "checkpolicy -U ${OPTION} >& ${TEST_FILE}" 1
                rlAssertGrep "unable to open policy.conf" ${TEST_FILE}
            done
        fi
        rlRun "rm -f ${TEST_FILE}"
        rlRun "touch ${TEST_FILE}"
        rlRun "rm -rf ${TEST_DIR}"
        rlRun "mkdir ${TEST_DIR}"
        rlRun "checkpolicy ${TEST_FILE}" 1,2
        rlRun "checkpolicy -b ${TEST_FILE}" 1
        rlRun "checkpolicy ${TEST_DIR}" 1,2
        rlRun "checkpolicy -b ${TEST_DIR}" 1
        rlRun "rm -f ${TEST_FILE}"
        rlRun "rm -rf ${TEST_DIR}"
        rlRun "checkpolicy ${TEST_FILE}" 1
        rlRun "checkpolicy -b ${TEST_FILE}" 1
        rlRun "checkpolicy -c 2>&1 | grep \"option requires an argument\""
        rlRun "checkpolicy -c 0 2>&1 | grep \"value 0 not in range\""
        rlRun "checkpolicy -t 2>&1 | grep \"option requires an argument\""
        rlRun "checkpolicy -t xyz 2>&1 | grep -i \"unknown target platform\""
        rlRun "checkpolicy --help 2>&1 | grep -- '-m]'" 1
    rlPhaseEnd
    rlPhaseStartTest
        if rlIsRHEL 5 6 ; then
            ACTIVE_POLICY="/selinux/policy"
        else
            ACTIVE_POLICY="/sys/fs/selinux/policy"
        fi
        rlRun "echo -e 'q\n' | checkpolicy -Mdb ${ACTIVE_POLICY} | tee ${OUTPUT_FILE}"
        rlRun "grep -qi -e error -e ebitmap -e 'not match' ${OUTPUT_FILE}" 1
        for POLICY_TYPE in minimum mls targeted ; do
            if [ ! -e /etc/selinux/${POLICY_TYPE}/policy/policy.* ] ; then
                continue
            fi
            rlRun "echo -e 'q\n' | checkpolicy -Mdb /etc/selinux/${POLICY_TYPE}/policy/policy.* | tee ${OUTPUT_FILE}"
            rlRun "grep -qi -e error -e ebitmap -e 'not match' ${OUTPUT_FILE}" 1
        done
    rlPhaseEnd
    rlPhaseStartTest
        if rlIsRHEL 5 6 ; then
            ACTIVE_POLICY_TREE="/selinux"
        else # RHEL-7 and above
            ACTIVE_POLICY_TREE="/sys/fs/selinux"
        fi
        MIN_VERSION="15"
        MAX_VERSION=`find /etc/selinux/ -name policy.?? | cut -d / -f 6 | cut -d . -f 2 | head -n 1`
        for POLICY_TYPE in minimum mls targeted ; do
            if rlIsRHEL 5 6 ; then
                VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION}`
            else
                # some versions are skipped because seinfo segfaults when inspecting binary policies between v.20 and v.23"
                VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION} | grep -v -e 19 -e 20 -e 21 -e 22 -e 23`
            fi
            for CUR_VERSION in ${VERSIONS} ; do
                rlRun "rm -f policy.out"
                rlWatchdog "checkpolicy -b -M -c ${CUR_VERSION} -o policy.out /etc/selinux/${POLICY_TYPE}/policy/policy.${MAX_VERSION}" 15
                if [ -s policy.out ] ; then
                    rlRun "seinfo policy.out 2>&1 | tee ${OUTPUT_FILE}"
                    rlRun "grep -i -e \"policy version.*${CUR_VERSION}\" -e \"unable to open policy\" ${OUTPUT_FILE}"
                else
                    rlRun "ls -l policy.out"
                fi
            done
        done
    rlPhaseEnd
    rlPhaseStartCleanup
        rm -f ${OUTPUT_FILE} policy.out
    rlPhaseEnd
 rlJournalPrintText
 rlJournalEnd
--- a/tests/sedismod/Makefile
+++ b/tests/sedismod/Makefile
@ -1,65 +0,0 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Makefile of /CoreOS/checkpolicy/Sanity/sedismod
 #   Description: Does sedismod work correctly ?)
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2016 Red Hat, Inc.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 export TEST=/CoreOS/checkpolicy/Sanity/sedismod
 export TESTVERSION=1.0
 BUILT_FILES=
 FILES=$(METADATA) runtest.sh Makefile PURPOSE sedismod.exp
 .PHONY: all install download clean
 run: $(FILES) build
 	./runtest.sh
 build: $(BUILT_FILES)
 	test -x runtest.sh || chmod a+x runtest.sh
 	test -x sedismod.exp || chmod a+x sedismod.exp
 clean:
 	rm -f *~ $(BUILT_FILES)
 include /usr/share/rhts/lib/rhts-make.include
 $(METADATA): Makefile
 	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
 	@echo "Name:            $(TEST)" >> $(METADATA)
 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
 	@echo "Description:     Does sedismod work correctly?" >> $(METADATA)
 	@echo "Type:            Sanity" >> $(METADATA)
 	@echo "TestTime:        10m" >> $(METADATA)
 	@echo "RunFor:          checkpolicy" >> $(METADATA)
 	@echo "Requires:        checkpolicy selinux-policy-targeted expect policycoreutils psmisc" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)
 	@echo "Destructive:     no" >> $(METADATA)
 	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
 	rhts-lint $(METADATA)
--- a/tests/sedismod/PURPOSE
+++ b/tests/sedismod/PURPOSE
@ -1,5 +0,0 @@
 PURPOSE of /CoreOS/checkpolicy/Sanity/sedismod
 Author: Milos Malik <mmalik@redhat.com>
 Does sedismod work correctly?
--- a/tests/sedismod/runtest.sh
+++ b/tests/sedismod/runtest.sh
@ -1,83 +0,0 @@
 #!/bin/bash
 # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   runtest.sh of /CoreOS/checkpolicy/Sanity/sedismod
 #   Description: Does sedismod work correctly 
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2016 Red Hat, Inc.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Include Beaker environment
 . /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 PACKAGE="checkpolicy"
 # TODO: repeat for all policy modules that are installed under /etc/selinux
 if rlIsFedora ; then
    POLICY_FILE="`find /var/lib/selinux/targeted -type d -name base`/hll"
 elif rlIsRHEL '<7.3' ; then
    POLICY_FILE=`find /etc/selinux/targeted -type f -name base.pp`
 else # RHEL-7.3 and above
    POLICY_FILE="`find /etc/selinux/targeted -type d -name base`/hll"
 fi
 rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm ${PACKAGE}
        OUTPUT_FILE=`mktemp`
        if rlIsRHEL '>=7.3' || rlIsFedora ; then
            rlRun "semodule -H -E base"
        else
            rlRun "cp ${POLICY_FILE} ./base.pp.bz2"
            rlRun "rm -f base.pp"
            rlRun "bzip2 -d ./base.pp.bz2"
        fi
        POLICY_FILE="base.pp"
        rlRun "ls -l ${POLICY_FILE}"
    rlPhaseEnd
    rlPhaseStartTest "check all available options"
        if rlIsRHEL 6 ; then
            AVAILABLE_OPTIONS="1 2 3 4 5 6 7 8 0 a b c u"
        else # RHEL-7 and above
            AVAILABLE_OPTIONS="1 2 3 4 5 6 7 8 9 0 a b c u F"
        fi
        for OPTION in ${AVAILABLE_OPTIONS} ; do
            rlRun "rm -f ${OUTPUT_FILE}"
            rlWatchdog "./sedismod.exp ${OPTION} ${POLICY_FILE} ${OUTPUT_FILE}" 65
            # rlWatchdog kills the expect script, but we need to kill the sedismod process too
            rlRun "killall sedismod" 0,1
            rlRun "ls -l ${OUTPUT_FILE}"
            if [ -s ${OUTPUT_FILE} ] ; then
                rlPass "sedismod produced some output"
            else
                rlFail "sedismod did not produce any output"
            fi
        done
    rlPhaseEnd
    rlPhaseStartCleanup
        rlRun "rm -f ${OUTPUT_FILE} ${POLICY_FILE}"
    rlPhaseEnd
 rlJournalPrintText
 rlJournalEnd
--- a/tests/sedismod/sedismod.exp
+++ b/tests/sedismod/sedismod.exp
@ -1,21 +0,0 @@
 #!/usr/bin/expect -f
 # ./sedismod.exp option policyfile outputfile
 set option [lrange $argv 0 0]
 set policyfile [lrange $argv 1 1]
 set outputfile [lrange $argv 2 2]
 set timeout 60
 spawn sedismod $policyfile
 expect "Command*:" {
  send -- "f\r"
 }
 expect "Filename*:" {
  send -- "$outputfile\r"
 }
 expect "Command*:" {
  send -- "$option\r"
 }
 expect "Command*:" {
  send -- "q\r"
 }
 expect eof
--- a/tests/sedispol/Makefile
+++ b/tests/sedispol/Makefile
@ -1,65 +0,0 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Makefile of /CoreOS/checkpolicy/Sanity/sedispol
 #   Description: Does sedispol work correctly?
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2016 Red Hat, Inc.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 export TEST=/CoreOS/checkpolicy/Sanity/sedispol
 export TESTVERSION=1.0
 BUILT_FILES=
 FILES=$(METADATA) runtest.sh Makefile PURPOSE sedispol.exp
 .PHONY: all install download clean
 run: $(FILES) build
 	./runtest.sh
 build: $(BUILT_FILES)
 	test -x runtest.sh || chmod a+x runtest.sh
 	test -x sedispol.exp || chmod a+x sedispol.exp
 clean:
 	rm -f *~ $(BUILT_FILES)
 include /usr/share/rhts/lib/rhts-make.include
 $(METADATA): Makefile
 	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
 	@echo "Name:            $(TEST)" >> $(METADATA)
 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
 	@echo "Description:     Does sedispol work correctly?" >> $(METADATA)
 	@echo "Type:            Sanity" >> $(METADATA)
 	@echo "TestTime:        10m" >> $(METADATA)
 	@echo "RunFor:          checkpolicy" >> $(METADATA)
 	@echo "Requires:        checkpolicy selinux-policy expect" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)
 	@echo "Destructive:     no" >> $(METADATA)
 	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
 	rhts-lint $(METADATA)
--- a/tests/sedispol/PURPOSE
+++ b/tests/sedispol/PURPOSE
@ -1,5 +0,0 @@
 PURPOSE of /CoreOS/checkpolicy/Sanity/sedispol
 Author: Milos Malik <mmalik@redhat.com>
 Does sedispol work correctly?
--- a/tests/sedispol/runtest.sh
+++ b/tests/sedispol/runtest.sh
@ -1,77 +0,0 @@
 #!/bin/bash
 # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   runtest.sh of /CoreOS/checkpolicy/Sanity/sedispol
 #   Description: Does sedispol work correctly?
 #   Author: Milos Malik <mmalik@redhat.com>
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 #   Copyright (c) 2016 Red Hat, Inc.
 #
 #   This copyrighted material is made available to anyone wishing
 #   to use, modify, copy, or redistribute it subject to the terms
 #   and conditions of the GNU General Public License version 2.
 #
 #   This program is distributed in the hope that it will be
 #   useful, but WITHOUT ANY WARRANTY; without even the implied
 #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
 #   PURPOSE. See the GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public
 #   License along with this program; if not, write to the Free
 #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 #   Boston, MA 02110-1301, USA.
 #
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Include Beaker environment
 . /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 PACKAGE="checkpolicy"
 # TODO: repeat for all policy files that are installed under /etc/selinux
 POLICY_FILE=`find /etc/selinux/targeted/policy/ -type f`
 rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm ${PACKAGE}
        OUTPUT_FILE=`mktemp`
    rlPhaseEnd
    rlPhaseStartTest
        if rlIsRHEL 6 ; then
            AVAILABLE_OPTIONS="1 2 3 4 5 6 c p u"
        else # RHEL-7 and above
            AVAILABLE_OPTIONS="1 2 3 4 5 6 8 c p u F"
        fi
        for OPTION in ${AVAILABLE_OPTIONS} ; do
            rlRun "rm -f ${OUTPUT_FILE}"
            rlWatchdog "./sedispol.exp ${OPTION} ${POLICY_FILE} ${OUTPUT_FILE}" 65
            # rlWatchdog kills the expect script, but we need to kill the sedispol process too
            rlRun "killall sedispol" 0,1
            rlRun "ls -l ${OUTPUT_FILE}"
            if [ -s ${OUTPUT_FILE} ] ; then
                rlPass "sedispol produced some output"
            else
                rlFail "sedispol did not produce any output"
            fi
        done
    rlPhaseEnd
    rlPhaseStartTest
        rlRun "echo q | sedispol ${POLICY_FILE} >& ${OUTPUT_FILE}"
        rlRun "grep AVTAB ${OUTPUT_FILE}"
        rlRun "grep AVTAG ${OUTPUT_FILE}" 1
        rlRun "echo -en 'u\nq\n' | sedispol ${POLICY_FILE} >& ${OUTPUT_FILE}"
        rlRun "grep permissions ${OUTPUT_FILE}"
        rlRun "grep permisions ${OUTPUT_FILE}" 1
    rlPhaseEnd
    rlPhaseStartCleanup
        rlRun "rm -f ${OUTPUT_FILE}"
    rlPhaseEnd
 rlJournalPrintText
 rlJournalEnd
--- a/tests/sedispol/sedispol.exp
+++ b/tests/sedispol/sedispol.exp
@ -1,21 +0,0 @@
 #!/usr/bin/expect -f
 # ./sedispol.exp option policyfile outputfile
 set option [lrange $argv 0 0]
 set policyfile [lrange $argv 1 1]
 set outputfile [lrange $argv 2 2]
 set timeout 60
 spawn sedispol $policyfile
 expect "Command*:" {
  send -- "f\r"
 }
 expect "Filename*:" {
  send -- "$outputfile\r"
 }
 expect "Command*:" {
  send -- "$option\r"
 }
 expect "Command*:" {
  send -- "q\r"
 }
 expect eof
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,61 +0,0 @@
 ---
 # Tests for Classic
 - hosts: localhost
  roles:
  - role: standard-test-beakerlib
    tags:
    - classic
    repositories:
    - repo: "https://src.fedoraproject.org/tests/selinux.git"
      dest: "selinux"
      fmf_filter: "tier:1 | component:checkpolicy"
    required_packages:
    - checkpolicy              # Required by all tests
    - man                      # Required by checkpolicy-docs
    - grep                     # Required by checkmodule
    - coreutils                # Required by checkmodule
    - setools-console          # Required by checkpolicy
    - selinux-policy-minimum   # Required by checkpolicy
    - selinux-policy-mls       # Required by checkpolicy
    - selinux-policy-targeted  # Required by checkpolicy and sedismod
    - expect                   # Required by sedismod and sedispol
    - policycoreutils          # Required by sedismod
    - psmisc                   # Required by sedismod
    - selinux-policy           # Required by sedispol
    - e2fsprogs
    - gcc
    - git
    - libselinux
    - libselinux-utils
    - libsemanage
    - libsepol
    - libsepol-devel
    - policycoreutils-python-utils
    - selinux-policy-devel
 # Tests for Container
 - hosts: localhost
  roles:
  - role: standard-test-beakerlib
    tags:
    - container
    repositories:
    - repo: "https://src.fedoraproject.org/tests/selinux.git"
      dest: "selinux"
    tests:
    - selinux/checkpolicy/checkmodule
    - selinux/checkpolicy/checkpolicy
    - selinux/checkpolicy/sedismod
    - selinux/checkpolicy/sedispol
    required_packages:
    - checkpolicy              # Required by all tests
    - grep                     # Required by checkmodule
    - coreutils                # Required by checkmodule
    - setools-console          # Required by checkpolicy
    - selinux-policy-minimum   # Required by checkpolicy
    - selinux-policy-mls       # Required by checkpolicy
    - selinux-policy-targeted  # Required by checkpolicy and sedismod
    - expect                   # Required by sedismod and sedispol
    - policycoreutils          # Required by sedismod
    - psmisc                   # Required by sedismod
    - selinux-policy           # Required by sedispol
`@ -1 +1 @@`
	`SHA512 (checkpolicy-3.1.tar.gz) = 2276a5a0919286049d2ceba386ef5f6de523745b588bb81cb4fed5eced5fd0b8070249b7a3ae5a85e2abb9369a86318f727d4073aad14ab75c43750a46069168`	`3387013d526c51272b2b76f94c3211fb checkpolicy-2.5-rc1.tar.gz`