[PATCH v4] selinux-testsuite: Add btrfs support for filesystem tests

[PATCH v4] selinux-testsuite: Add btrfs support for filesystem tests

[Stephen Smalley]

From: Richard Haines <richard_c_haines@btinternet.com>

This allows btrfs filesystems to be created to support the
filesystem mount(2) type calls and the fs_filesystem fsmount(2)
type calls.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
v4 drops the mkfs size for btrfs to 128M since it doesn't require
300M, unlike xfs.

v3 was just a re-base of Richard Haines' earlier patch which
ended at v2.

 README.md                      | 2 ++
 defconfig                      | 5 +++++
 tests/Makefile                 | 2 +-
 tests/filesystem/Filesystem.pm | 3 +++
 tests/filesystem/btrfs         | 1 +
 tests/filesystem/test          | 6 ++++++
 tests/fs_filesystem/btrfs      | 1 +
 tests/fs_filesystem/test       | 6 ++++++
 8 files changed, 25 insertions(+), 1 deletion(-)
 create mode 120000 tests/filesystem/btrfs
 create mode 120000 tests/fs_filesystem/btrfs

diff --git a/README.md b/README.md
index f067eeb..973028e 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,7 @@ similar dependencies):
 * e2fsprogs _(used by the ext4 filesystem tests)_
 * jfsutils _(used by the jfs filesystem tests)_
 * dosfstools _(used by the vfat filesystem tests)_
+* btrfs-progs _(used by the btrfs filesystem tests)_
 * nftables _(used by inet_socket and sctp tests if ver >= 9.3 for secmark testing )_
 * rdma-core-devel _(to build the `ibpkey` test program)_
 
@@ -136,6 +137,7 @@ command:
 		e2fsprogs \
 		jfsutils \
 		dosfstools \
+		btrfs-progs \
 		nftables \
 		netlabel-tools \
 		libibverbs-dev
diff --git a/defconfig b/defconfig
index b2d4a90..214eb26 100644
--- a/defconfig
+++ b/defconfig
@@ -122,6 +122,11 @@ CONFIG_XFS_QUOTA=y
 CONFIG_VFAT_FS=m
 CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
 
+
+# Test BTRFS filesystem.
+# This is not required for SELinux operation itself.
+CONFIG_BTRFS_FS=y
+
 # watch_queue for key changes.
 # They are not required for SELinux operation itself.
 CONFIG_WATCH_QUEUE=y
diff --git a/tests/Makefile b/tests/Makefile
index 903ab11..f002389 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -4,7 +4,7 @@ SBINDIR ?= $(PREFIX)/sbin
 POLDEV ?= $(PREFIX)/share/selinux/devel
 INCLUDEDIR ?= $(PREFIX)/include
 SELINUXFS ?= /sys/fs/selinux
-FILESYSTEMS ?= ext4 xfs jfs vfat
+FILESYSTEMS ?= ext4 xfs jfs vfat btrfs
 
 export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE
 
diff --git a/tests/filesystem/Filesystem.pm b/tests/filesystem/Filesystem.pm
index f169464..d5c68e6 100644
--- a/tests/filesystem/Filesystem.pm
+++ b/tests/filesystem/Filesystem.pm
@@ -123,6 +123,9 @@ sub attach_dev {
 sub make_fs {
     my ( $mk_type, $mk_dev, $mk_dir, $mk_opts ) = @_;
     my $mk_size = 16;
+    if ( $mk_type eq "btrfs" ) {
+        $mk_size = 128;
+    }
     if ( $mk_type eq "xfs" ) {
         $mk_size = 300;
     }
diff --git a/tests/filesystem/btrfs b/tests/filesystem/btrfs
new file mode 120000
index 0000000..945c9b4
--- /dev/null
+++ b/tests/filesystem/btrfs
@@ -0,0 +1 @@
+.
\ No newline at end of file
diff --git a/tests/filesystem/test b/tests/filesystem/test
index a7d8b24..56f116a 100755
--- a/tests/filesystem/test
+++ b/tests/filesystem/test
@@ -89,6 +89,12 @@ BEGIN {
         $test_count   = 55;
         $quota_checks = 0;
     }
+
+    # BTRFS uses internal quotas requiring no security hooks
+    elsif ( $fs_type eq "btrfs" ) {
+        $test_count   = 55;
+        $quota_checks = 0;
+    }
     else {
         $test_count = 69;
     }
diff --git a/tests/fs_filesystem/btrfs b/tests/fs_filesystem/btrfs
new file mode 120000
index 0000000..945c9b4
--- /dev/null
+++ b/tests/fs_filesystem/btrfs
@@ -0,0 +1 @@
+.
\ No newline at end of file
diff --git a/tests/fs_filesystem/test b/tests/fs_filesystem/test
index 9af8971..1d04bbc 100755
--- a/tests/fs_filesystem/test
+++ b/tests/fs_filesystem/test
@@ -92,6 +92,12 @@ BEGIN {
         $test_count   = 54;
         $quota_checks = 0;
     }
+
+    # BTRFS uses internal quotas requiring no security hooks
+    elsif ( $fs_type eq "btrfs" ) {
+        $test_count   = 54;
+        $quota_checks = 0;
+    }
     else {
         $test_count = 68;
     }
-- 
2.51.0

Re: [PATCH v4] selinux-testsuite: Add btrfs support for filesystem tests

[Paul Moore]

On Wed, Oct 8, 2025 at 10:40 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> From: Richard Haines <richard_c_haines@btinternet.com>
>
> This allows btrfs filesystems to be created to support the
> filesystem mount(2) type calls and the fs_filesystem fsmount(2)
> type calls.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
> v4 drops the mkfs size for btrfs to 128M since it doesn't require
> 300M, unlike xfs.
>
> v3 was just a re-base of Richard Haines' earlier patch which
> ended at v2.
>
>  README.md                      | 2 ++
>  defconfig                      | 5 +++++
>  tests/Makefile                 | 2 +-
>  tests/filesystem/Filesystem.pm | 3 +++
>  tests/filesystem/btrfs         | 1 +
>  tests/filesystem/test          | 6 ++++++
>  tests/fs_filesystem/btrfs      | 1 +
>  tests/fs_filesystem/test       | 6 ++++++
>  8 files changed, 25 insertions(+), 1 deletion(-)
>  create mode 120000 tests/filesystem/btrfs
>  create mode 120000 tests/fs_filesystem/btrfs

I'd probably still give it a few days to let Ondrej comment/merge if
he is available, but otherwise it looks okay to me.

Acked-by: Paul Moore <paul@paul-moore.com>

-- 
paul-moore.com

Re: [PATCH v4] selinux-testsuite: Add btrfs support for filesystem tests

[Ondrej Mosnacek]

On Wed, Oct 8, 2025 at 4:40 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> From: Richard Haines <richard_c_haines@btinternet.com>
>
> This allows btrfs filesystems to be created to support the
> filesystem mount(2) type calls and the fs_filesystem fsmount(2)
> type calls.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
> v4 drops the mkfs size for btrfs to 128M since it doesn't require
> 300M, unlike xfs.
>
> v3 was just a re-base of Richard Haines' earlier patch which
> ended at v2.

Hm... indeed this passes in the CI now. I had recently rebased my
older branch with Richard's patch and it failed for a reason I wasn't
able to determine. The only significant difference I had was $mk_size
= 115000; instead of your 128 (not sure if that was in the original
patch or if I was just trying things out...), so maybe that was it.

Looks good to me except for two minor points below.

>
>  README.md                      | 2 ++
>  defconfig                      | 5 +++++
>  tests/Makefile                 | 2 +-
>  tests/filesystem/Filesystem.pm | 3 +++
>  tests/filesystem/btrfs         | 1 +
>  tests/filesystem/test          | 6 ++++++
>  tests/fs_filesystem/btrfs      | 1 +
>  tests/fs_filesystem/test       | 6 ++++++
>  8 files changed, 25 insertions(+), 1 deletion(-)
>  create mode 120000 tests/filesystem/btrfs
>  create mode 120000 tests/fs_filesystem/btrfs
>
> diff --git a/README.md b/README.md
> index f067eeb..973028e 100644
> --- a/README.md
> +++ b/README.md
> @@ -61,6 +61,7 @@ similar dependencies):
>  * e2fsprogs _(used by the ext4 filesystem tests)_
>  * jfsutils _(used by the jfs filesystem tests)_
>  * dosfstools _(used by the vfat filesystem tests)_
> +* btrfs-progs _(used by the btrfs filesystem tests)_
>  * nftables _(used by inet_socket and sctp tests if ver >= 9.3 for secmark testing )_
>  * rdma-core-devel _(to build the `ibpkey` test program)_
>
> @@ -136,6 +137,7 @@ command:
>                 e2fsprogs \
>                 jfsutils \
>                 dosfstools \
> +               btrfs-progs \
>                 nftables \
>                 netlabel-tools \
>                 libibverbs-dev

You should add btrfs-progs also to the Fedora dnf command and also to
the tmt/tests.fmf (under "/run" -> "require").

> diff --git a/defconfig b/defconfig
> index b2d4a90..214eb26 100644
> --- a/defconfig
> +++ b/defconfig
> @@ -122,6 +122,11 @@ CONFIG_XFS_QUOTA=y
>  CONFIG_VFAT_FS=m
>  CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
>
> +
> +# Test BTRFS filesystem.
> +# This is not required for SELinux operation itself.
> +CONFIG_BTRFS_FS=y
> +
>  # watch_queue for key changes.
>  # They are not required for SELinux operation itself.
>  CONFIG_WATCH_QUEUE=y
> diff --git a/tests/Makefile b/tests/Makefile
> index 903ab11..f002389 100644
> --- a/tests/Makefile
> +++ b/tests/Makefile
> @@ -4,7 +4,7 @@ SBINDIR ?= $(PREFIX)/sbin
>  POLDEV ?= $(PREFIX)/share/selinux/devel
>  INCLUDEDIR ?= $(PREFIX)/include
>  SELINUXFS ?= /sys/fs/selinux
> -FILESYSTEMS ?= ext4 xfs jfs vfat
> +FILESYSTEMS ?= ext4 xfs jfs vfat btrfs
>
>  export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE
>
> diff --git a/tests/filesystem/Filesystem.pm b/tests/filesystem/Filesystem.pm
> index f169464..d5c68e6 100644
> --- a/tests/filesystem/Filesystem.pm
> +++ b/tests/filesystem/Filesystem.pm
> @@ -123,6 +123,9 @@ sub attach_dev {
>  sub make_fs {
>      my ( $mk_type, $mk_dev, $mk_dir, $mk_opts ) = @_;
>      my $mk_size = 16;
> +    if ( $mk_type eq "btrfs" ) {
> +        $mk_size = 128;
> +    }
>      if ( $mk_type eq "xfs" ) {
>          $mk_size = 300;
>      }

I'd prefer if-elsif here (no need to test for "xfs" when "btrfs"
matches) and maybe have the "btrfs" check below the "xfs" one (but
that's less important).

> diff --git a/tests/filesystem/btrfs b/tests/filesystem/btrfs
> new file mode 120000
> index 0000000..945c9b4
> --- /dev/null
> +++ b/tests/filesystem/btrfs
> @@ -0,0 +1 @@
> +.
> \ No newline at end of file
> diff --git a/tests/filesystem/test b/tests/filesystem/test
> index a7d8b24..56f116a 100755
> --- a/tests/filesystem/test
> +++ b/tests/filesystem/test
> @@ -89,6 +89,12 @@ BEGIN {
>          $test_count   = 55;
>          $quota_checks = 0;
>      }
> +
> +    # BTRFS uses internal quotas requiring no security hooks
> +    elsif ( $fs_type eq "btrfs" ) {
> +        $test_count   = 55;
> +        $quota_checks = 0;
> +    }
>      else {
>          $test_count = 69;
>      }
> diff --git a/tests/fs_filesystem/btrfs b/tests/fs_filesystem/btrfs
> new file mode 120000
> index 0000000..945c9b4
> --- /dev/null
> +++ b/tests/fs_filesystem/btrfs
> @@ -0,0 +1 @@
> +.
> \ No newline at end of file
> diff --git a/tests/fs_filesystem/test b/tests/fs_filesystem/test
> index 9af8971..1d04bbc 100755
> --- a/tests/fs_filesystem/test
> +++ b/tests/fs_filesystem/test
> @@ -92,6 +92,12 @@ BEGIN {
>          $test_count   = 54;
>          $quota_checks = 0;
>      }
> +
> +    # BTRFS uses internal quotas requiring no security hooks
> +    elsif ( $fs_type eq "btrfs" ) {
> +        $test_count   = 54;
> +        $quota_checks = 0;
> +    }
>      else {
>          $test_count = 68;
>      }
> --
> 2.51.0
>


--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.

Re: [PATCH v4] selinux-testsuite: Add btrfs support for filesystem tests

[Stephen Smalley]

On Thu, Oct 9, 2025 at 3:03 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> On Wed, Oct 8, 2025 at 4:40 PM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > From: Richard Haines <richard_c_haines@btinternet.com>
> >
> > This allows btrfs filesystems to be created to support the
> > filesystem mount(2) type calls and the fs_filesystem fsmount(2)
> > type calls.
> >
> > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > ---
> > v4 drops the mkfs size for btrfs to 128M since it doesn't require
> > 300M, unlike xfs.
> >
> > v3 was just a re-base of Richard Haines' earlier patch which
> > ended at v2.
>
> Hm... indeed this passes in the CI now. I had recently rebased my
> older branch with Richard's patch and it failed for a reason I wasn't
> able to determine. The only significant difference I had was $mk_size
> = 115000; instead of your 128 (not sure if that was in the original
> patch or if I was just trying things out...), so maybe that was it.

I should have mentioned that in my changelog - the original patch from
Richard was based on an older version of Filesystem.pm where the dd
command was invoked with a block size of 4096 but this was
subsequently changed upstream to a block size of 1M, and his patch set
the count to 28000 based on a minimum btrfs partition size of 115M. I
likewise was trying different count values to get it to work but
stderr is redirected to /dev/null for the mkfs command in
Filesystem.pm to avoid noise in the output which made it hard to
debug. I ultimately found that a count of 109 would work (109MiB =
114294784 bytes = the reported min size from mkfs.btrfs) but Paul
suggested bumping to 128 just to provide some future proofing.

> Looks good to me except for two minor points below.

Ok, v5 coming up.

>
> >
> >  README.md                      | 2 ++
> >  defconfig                      | 5 +++++
> >  tests/Makefile                 | 2 +-
> >  tests/filesystem/Filesystem.pm | 3 +++
> >  tests/filesystem/btrfs         | 1 +
> >  tests/filesystem/test          | 6 ++++++
> >  tests/fs_filesystem/btrfs      | 1 +
> >  tests/fs_filesystem/test       | 6 ++++++
> >  8 files changed, 25 insertions(+), 1 deletion(-)
> >  create mode 120000 tests/filesystem/btrfs
> >  create mode 120000 tests/fs_filesystem/btrfs
> >
> > diff --git a/README.md b/README.md
> > index f067eeb..973028e 100644
> > --- a/README.md
> > +++ b/README.md
> > @@ -61,6 +61,7 @@ similar dependencies):
> >  * e2fsprogs _(used by the ext4 filesystem tests)_
> >  * jfsutils _(used by the jfs filesystem tests)_
> >  * dosfstools _(used by the vfat filesystem tests)_
> > +* btrfs-progs _(used by the btrfs filesystem tests)_
> >  * nftables _(used by inet_socket and sctp tests if ver >= 9.3 for secmark testing )_
> >  * rdma-core-devel _(to build the `ibpkey` test program)_
> >
> > @@ -136,6 +137,7 @@ command:
> >                 e2fsprogs \
> >                 jfsutils \
> >                 dosfstools \
> > +               btrfs-progs \
> >                 nftables \
> >                 netlabel-tools \
> >                 libibverbs-dev
>
> You should add btrfs-progs also to the Fedora dnf command and also to
> the tmt/tests.fmf (under "/run" -> "require").
>
> > diff --git a/defconfig b/defconfig
> > index b2d4a90..214eb26 100644
> > --- a/defconfig
> > +++ b/defconfig
> > @@ -122,6 +122,11 @@ CONFIG_XFS_QUOTA=y
> >  CONFIG_VFAT_FS=m
> >  CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
> >
> > +
> > +# Test BTRFS filesystem.
> > +# This is not required for SELinux operation itself.
> > +CONFIG_BTRFS_FS=y
> > +
> >  # watch_queue for key changes.
> >  # They are not required for SELinux operation itself.
> >  CONFIG_WATCH_QUEUE=y
> > diff --git a/tests/Makefile b/tests/Makefile
> > index 903ab11..f002389 100644
> > --- a/tests/Makefile
> > +++ b/tests/Makefile
> > @@ -4,7 +4,7 @@ SBINDIR ?= $(PREFIX)/sbin
> >  POLDEV ?= $(PREFIX)/share/selinux/devel
> >  INCLUDEDIR ?= $(PREFIX)/include
> >  SELINUXFS ?= /sys/fs/selinux
> > -FILESYSTEMS ?= ext4 xfs jfs vfat
> > +FILESYSTEMS ?= ext4 xfs jfs vfat btrfs
> >
> >  export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE
> >
> > diff --git a/tests/filesystem/Filesystem.pm b/tests/filesystem/Filesystem.pm
> > index f169464..d5c68e6 100644
> > --- a/tests/filesystem/Filesystem.pm
> > +++ b/tests/filesystem/Filesystem.pm
> > @@ -123,6 +123,9 @@ sub attach_dev {
> >  sub make_fs {
> >      my ( $mk_type, $mk_dev, $mk_dir, $mk_opts ) = @_;
> >      my $mk_size = 16;
> > +    if ( $mk_type eq "btrfs" ) {
> > +        $mk_size = 128;
> > +    }
> >      if ( $mk_type eq "xfs" ) {
> >          $mk_size = 300;
> >      }
>
> I'd prefer if-elsif here (no need to test for "xfs" when "btrfs"
> matches) and maybe have the "btrfs" check below the "xfs" one (but
> that's less important).
>
> > diff --git a/tests/filesystem/btrfs b/tests/filesystem/btrfs
> > new file mode 120000
> > index 0000000..945c9b4
> > --- /dev/null
> > +++ b/tests/filesystem/btrfs
> > @@ -0,0 +1 @@
> > +.
> > \ No newline at end of file
> > diff --git a/tests/filesystem/test b/tests/filesystem/test
> > index a7d8b24..56f116a 100755
> > --- a/tests/filesystem/test
> > +++ b/tests/filesystem/test
> > @@ -89,6 +89,12 @@ BEGIN {
> >          $test_count   = 55;
> >          $quota_checks = 0;
> >      }
> > +
> > +    # BTRFS uses internal quotas requiring no security hooks
> > +    elsif ( $fs_type eq "btrfs" ) {
> > +        $test_count   = 55;
> > +        $quota_checks = 0;
> > +    }
> >      else {
> >          $test_count = 69;
> >      }
> > diff --git a/tests/fs_filesystem/btrfs b/tests/fs_filesystem/btrfs
> > new file mode 120000
> > index 0000000..945c9b4
> > --- /dev/null
> > +++ b/tests/fs_filesystem/btrfs
> > @@ -0,0 +1 @@
> > +.
> > \ No newline at end of file
> > diff --git a/tests/fs_filesystem/test b/tests/fs_filesystem/test
> > index 9af8971..1d04bbc 100755
> > --- a/tests/fs_filesystem/test
> > +++ b/tests/fs_filesystem/test
> > @@ -92,6 +92,12 @@ BEGIN {
> >          $test_count   = 54;
> >          $quota_checks = 0;
> >      }
> > +
> > +    # BTRFS uses internal quotas requiring no security hooks
> > +    elsif ( $fs_type eq "btrfs" ) {
> > +        $test_count   = 54;
> > +        $quota_checks = 0;
> > +    }
> >      else {
> >          $test_count = 68;
> >      }
> > --
> > 2.51.0
> >
>
>
> --
> Ondrej Mosnacek
> Senior Software Engineer, Linux Security - SELinux kernel
> Red Hat, Inc.
>