[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] test: run id-command context tests also with SMACK
From: |
Jarkko Sakkinen |
Subject: |
Re: [PATCH] test: run id-command context tests also with SMACK |
Date: |
Thu, 31 Oct 2013 10:11:22 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Wed, Oct 30, 2013 at 12:52:09PM +0000, Pádraig Brady wrote:
> Too much copy/paste.
> Please refactor to have a helper function
> take a list of supported LSM file systems.
OK, I'll rework on this. I merely did this patch to get some guidance
on direction I should take. Thanks.
> thanks,
> Pádraig.
/Jarkko
> On 10/16/2013 04:11 PM, Jarkko Sakkinen wrote:
> > init.cfg: new require_lsm_ function for checking for any supported
> > LSM
> > tests/id/context.sh: change guard from require_selinux_ to
> > require_lsm_.
> > tests/id/no_context.sh: change guard from require_selinux_ to
> > require_lsm_.
> > ---
> > init.cfg | 17 +++++++++++++++++
> > tests/id/context.sh | 2 +-
> > tests/id/no-context.sh | 2 +-
> > 3 files changed, 19 insertions(+), 2 deletions(-)
> >
> > diff --git a/init.cfg b/init.cfg
> > index c48607c..0548fb0 100644
> > --- a/init.cfg
> > +++ b/init.cfg
> > @@ -316,6 +316,23 @@ require_selinux_()
> > esac
> > }
> >
> > +require_lsm_()
> > +{
> > + # When in a chroot of an LSM-enabled system, but with a mock-simulated
> > + # LSM-*disabled* system, recognize that LSM is disabled system wide:
> > + grep 'selinuxfs\|smackfs$' /proc/filesystems > /dev/null \
> > + || skip_ "this system lacks LSM support"
> > +
> > + # Independent of whether LSM is enabled system-wide,
> > + # the current file system may lack LSM support.
> > + case $(ls -Zd .) in
> > + '? .'|'unlabeled .')
> > + skip_ "this system (or maybe just" \
> > + "the current file system) lacks LSM support"
> > + ;;
> > + esac
> > +}
> > +
> > very_expensive_()
> > {
> > if test "$RUN_VERY_EXPENSIVE_TESTS" != yes; then
> > diff --git a/tests/id/context.sh b/tests/id/context.sh
> > index dc02303..9cf4fae 100755
> > --- a/tests/id/context.sh
> > +++ b/tests/id/context.sh
> > @@ -18,7 +18,7 @@
> > . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> > print_ver_ id
> > # Require selinux - when selinux is disabled, id never prints scontext.
> > -require_selinux_
> > +require_lsm_
> >
> >
> > # Check without specified user, context string should be present.
> > diff --git a/tests/id/no-context.sh b/tests/id/no-context.sh
> > index 7038beb..f17f582 100755
> > --- a/tests/id/no-context.sh
> > +++ b/tests/id/no-context.sh
> > @@ -21,7 +21,7 @@ print_ver_ id
> >
> > # We don't need selinux *FS* support to test id,
> > # but this is as good a witness as any, in general.
> > -require_selinux_
> > +require_lsm_
> >
> >
> > # Require the context=... part by default.
> >
>