[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests
From: |
Pádraig Brady |
Subject: |
bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests |
Date: |
Sat, 17 Dec 2016 13:11:26 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 16/12/16 20:47, Nicolas Iooss wrote:
> On 12/02/16 05:33, Pádraig Brady wrote:
>> On 11/02/16 06:07, Nicolas Iooss wrote:
>>> When running "make check" on a Linux system running SELinux with a
>>> non-MLS policy, tests/mkdir/restorecon.sh test fails with:
>>>
>>> chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument
>>>
>>> Indeed in such a configuration, contexts cannot have ":s0" suffix.
>>>
>>> * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by
>>> using sestatus and in this case use a valid context when calling
>>> runcon. Update the sed pattern of get_selinux_type to always grab the
>>> SELinux type from the output of "ls -Zd" even with a non-MLS policy.
>>> ---
>>> tests/mkdir/restorecon.sh | 8 ++++++--
>>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh
>>> index 0e7f03bc93db..cfd3bdda9637 100755
>>> --- a/tests/mkdir/restorecon.sh
>>> +++ b/tests/mkdir/restorecon.sh
>>> @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo
>>> require_selinux_
>>>
>>>
>>> -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; }
>>> +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; }
>>>
>>> mkdir subdir || framework_failure_
>>> -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
>>> +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then
>>> + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
>>> +else
>>> + chcon 'root:object_r:tmp_t' subdir || framework_failure_
>>> +fi
>>> cd subdir
>>>
>>> # --- mkdir -Z ---
>>>
>>
>> +1
>>
>> thanks!
>> Pádraig
>
> Hi,
> This patch has not been included in coreutils 8.26, which makes
> mkdir/restorecon.sh tests still fails on my system. What should I do for
> this patch to be merged?
>
> Moreover the code which was modified in this patch has been copied in
> tests/install/install-Z-selinux.sh. So this test also fails on systems
> where SELinux is configured with a non-MLS policy. Do I need to send a
> new patch which also modifies this file?
My bad. Sorry I missed this.
I presume these root tests have the same issue?
$ git grep -l ':s0' tests | xargs grep -l require_root_
tests/cp/cp-a-selinux.sh
tests/misc/chcon.sh
tests/misc/selinux.sh
I updated those also which can be tested like:
git am < cu-non-mls-tests.patch
sudo make TESTS="$(echo $(git show --name-only | grep ^tests))" check
SUBDIRS=.
Do those pass on your system?
I'll apply the attached in your name if so.
thanks for the follow up.
Pádraig
cu-non-mls-tests.patch
Description: Text Data