From unknown Wed Aug 20 05:17:35 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#22631 <22631@debbugs.gnu.org> To: bug#22631 <22631@debbugs.gnu.org> Subject: Status: [PATCH] tests: support non-MLS SELinux systems in mkdir tests Reply-To: bug#22631 <22631@debbugs.gnu.org> Date: Wed, 20 Aug 2025 12:17:35 +0000 retitle 22631 [PATCH] tests: support non-MLS SELinux systems in mkdir tests reassign 22631 coreutils submitter 22631 Nicolas Iooss severity 22631 normal tag 22631 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 11 09:09:53 2016 Received: (at submit) by debbugs.gnu.org; 11 Feb 2016 14:09:53 +0000 Received: from localhost ([127.0.0.1]:35777 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aTrwP-0007f4-FK for submit@debbugs.gnu.org; Thu, 11 Feb 2016 09:09:53 -0500 Received: from eggs.gnu.org ([208.118.235.92]:43302) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aTrwN-0007eo-QP for submit@debbugs.gnu.org; Thu, 11 Feb 2016 09:09:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aTrwE-0003Kw-KR for submit@debbugs.gnu.org; Thu, 11 Feb 2016 09:09:46 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:42844) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aTrwE-0003Ko-HM for submit@debbugs.gnu.org; Thu, 11 Feb 2016 09:09:42 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34267) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aTrwA-0001S3-MU for bug-coreutils@gnu.org; Thu, 11 Feb 2016 09:09:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aTrw5-0003Jy-JK for bug-coreutils@gnu.org; Thu, 11 Feb 2016 09:09:38 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:44040) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aTrw5-0003JJ-DG for bug-coreutils@gnu.org; Thu, 11 Feb 2016 09:09:33 -0500 Received: from iosakhe.numericable.fr (89-156-121-7.rev.numericable.fr [89.156.121.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 9CB725600B6 for ; Thu, 11 Feb 2016 15:09:28 +0100 (CET) From: Nicolas Iooss To: bug-coreutils@gnu.org Subject: [PATCH] tests: support non-MLS SELinux systems in mkdir tests Date: Thu, 11 Feb 2016 15:07:52 +0100 Message-Id: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.7.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Thu Feb 11 15:09:29 2016 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) When running "make check" on a Linux system running SELinux with a non-MLS policy, tests/mkdir/restorecon.sh test fails with: chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument Indeed in such a configuration, contexts cannot have ":s0" suffix. * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by using sestatus and in this case use a valid context when calling runcon. Update the sed pattern of get_selinux_type to always grab the SELinux type from the output of "ls -Zd" even with a non-MLS policy. --- tests/mkdir/restorecon.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh index 0e7f03bc93db..cfd3bdda9637 100755 --- a/tests/mkdir/restorecon.sh +++ b/tests/mkdir/restorecon.sh @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo require_selinux_ -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } mkdir subdir || framework_failure_ -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +else + chcon 'root:object_r:tmp_t' subdir || framework_failure_ +fi cd subdir # --- mkdir -Z --- -- 2.7.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 11 23:33:15 2016 Received: (at 22631) by debbugs.gnu.org; 12 Feb 2016 04:33:15 +0000 Received: from localhost ([127.0.0.1]:37184 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aU5Pu-0007vA-QW for submit@debbugs.gnu.org; Thu, 11 Feb 2016 23:33:14 -0500 Received: from mail.magicbluesmoke.com ([82.195.144.49]:47276) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aU5Pt-0007v2-6S for 22631@debbugs.gnu.org; Thu, 11 Feb 2016 23:33:13 -0500 Received: from localhost.localdomain (c-73-70-29-104.hsd1.ca.comcast.net [73.70.29.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 3C3434AAF; Fri, 12 Feb 2016 04:33:12 +0000 (GMT) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: Nicolas Iooss , 22631@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <56BD6086.4010304@draigBrady.com> Date: Thu, 11 Feb 2016 20:33:10 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 22631 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/02/16 06:07, Nicolas Iooss wrote: > When running "make check" on a Linux system running SELinux with a > non-MLS policy, tests/mkdir/restorecon.sh test fails with: > > chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument > > Indeed in such a configuration, contexts cannot have ":s0" suffix. > > * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by > using sestatus and in this case use a valid context when calling > runcon. Update the sed pattern of get_selinux_type to always grab the > SELinux type from the output of "ls -Zd" even with a non-MLS policy. > --- > tests/mkdir/restorecon.sh | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh > index 0e7f03bc93db..cfd3bdda9637 100755 > --- a/tests/mkdir/restorecon.sh > +++ b/tests/mkdir/restorecon.sh > @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo > require_selinux_ > > > -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } > +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } > > mkdir subdir || framework_failure_ > -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ > +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then > + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ > +else > + chcon 'root:object_r:tmp_t' subdir || framework_failure_ > +fi > cd subdir > > # --- mkdir -Z --- > +1 thanks! Pádraig From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 02:49:28 2016 Received: (at 22631) by debbugs.gnu.org; 1 Mar 2016 07:49:29 +0000 Received: from localhost ([127.0.0.1]:54670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaf3g-00066v-P0 for submit@debbugs.gnu.org; Tue, 01 Mar 2016 02:49:28 -0500 Received: from smarthost06.digicable.hu ([94.21.128.16]:42412) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaf3d-00066K-7t; Tue, 01 Mar 2016 02:49:26 -0500 Received: from [92.249.128.188] (helo=relay02.digicable.hu) by smarthost06.digicable.hu with esmtp id 1aaf3a-0004zn-CE ; Tue, 01 Mar 2016 08:49:22 +0100 Received: from [95.6.30.114] (helo=uvyf.net) by relay02.digicable.hu with esmtpa id 1aaf3Z-00032b-Hv ; Tue, 01 Mar 2016 08:49:22 +0100 From: To: "22584" <22584@debbugs.gnu.org>, "22599" <22599@debbugs.gnu.org>, "22624" <22624@debbugs.gnu.org>, "22631" <22631@debbugs.gnu.org>, "25 Euro Gutschrift bei Rufnr-Mitnahme" Subject: Fw: new important message Date: Tue, 1 Mar 2016 10:49:03 +0300 Message-ID: <00000950e5f2$22b9ad91$fc7dce9b$@gmx.de> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_536D09F5.5DF84BD0" X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdF6H37ydiwX4iHIjl+69/0NkQmU6g== Content-Language: en-us X-Original: 95.6.30.114 X-Original: 92.249.128.188 X-Spam-Score: 3.4 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello! New message, please read Ulf.Zibis@gmx.de [...] Content analysis details: (3.4 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ulf.zibis[at]gmx.de) 1.3 URIBL_MW_SURBL Contains a URL listed in the MW SURBL blocklist [URIs: nzdigitalmediaacademy.ac.nz] 1.3 URIBL_CR_SURBL Contains an URL listed in the CR SURBL blocklist [URIs: nzdigitalmediaacademy.ac.nz] 0.9 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom; id=ulf.zibis%40gmx.de; ip=94.21.128.16; r=debbugs.gnu.org] 0.0 HTML_MESSAGE BODY: HTML included in message X-Debbugs-Envelope-To: 22631 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 3.4 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello! New message, please read Ulf.Zibis@gmx.de [...] Content analysis details: (3.4 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 URIBL_CR_SURBL Contains an URL listed in the CR SURBL blocklist [URIs: nzdigitalmediaacademy.ac.nz] 1.3 URIBL_MW_SURBL Contains a URL listed in the MW SURBL blocklist [URIs: nzdigitalmediaacademy.ac.nz] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ulf.zibis[at]gmx.de) 0.9 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ulf.zibis%40gmx.de;ip=94.21.128.16;r=debbugs.gnu.org] 0.0 HTML_MESSAGE BODY: HTML included in message This is a multipart message in MIME format. ------=_NextPart_000_0001_536D09F5.5DF84BD0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello! New message, please read Ulf.Zibis@gmx.de ------=_NextPart_000_0001_536D09F5.5DF84BD0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

<= span lang=3DEN-US>Hello!

 

New message, please read http://nzdigitalmediaacademy.ac.= nz/forced.php

 

Ulf.Zibis@gmx.de

------=_NextPart_000_0001_536D09F5.5DF84BD0-- From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 16 15:47:36 2016 Received: (at 22631) by debbugs.gnu.org; 16 Dec 2016 20:47:36 +0000 Received: from localhost ([127.0.0.1]:44583 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cHzPk-0004JU-8q for submit@debbugs.gnu.org; Fri, 16 Dec 2016 15:47:36 -0500 Received: from mail-wm0-f53.google.com ([74.125.82.53]:37246) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cHzPi-0004JG-B6 for 22631@debbugs.gnu.org; Fri, 16 Dec 2016 15:47:34 -0500 Received: by mail-wm0-f53.google.com with SMTP id t79so48240886wmt.0 for <22631@debbugs.gnu.org>; Fri, 16 Dec 2016 12:47:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Uq7wZ7T/YvWbjgAFsRSXj4t+GjcK+K7U4wP0KRoC39Y=; b=Fe+DcyS7gp02druZudm3j87EKVlKq9PsTrUYTMjq2Vgy3TcU05zDuDtsqfUQ6Uw4LI IbQp4xjLw5mvBIr+xWHfHyD5ffUfvbFzjzlVJkYXSrcAsSz4R8y7V7c8UfXw/kTPSYxi YHyQU5qEBnSd5K8rzJ7Ch4QnTPOnHdVaWTuVbGJU2m/RfJqorCZZORrzr/bWrEovHD0v QU6LIEFRyeqQTxNJZdUeyR42UyLuIrVCLk8S/CvLmxWZWYg/L2dfACj/2T+qdaKoqoI/ ZiHoGeX3/p8xDgUebte4qpTOm9+il4ojjtXicp0qxlmQaq2XL/tlvF7bVZ396Igz1ZaI AJYw== X-Gm-Message-State: AIkVDXL0J0brqXT+mOk8ujaFKhG6jhfEynopkPWPhRfKOppEuEiTqKbFoQXYoNTqbF06cw== X-Received: by 10.28.26.197 with SMTP id a188mr4523522wma.93.1481921248325; Fri, 16 Dec 2016 12:47:28 -0800 (PST) Received: from [192.168.105.100] (81-66-120-207.rev.numericable.fr. [81.66.120.207]) by smtp.googlemail.com with ESMTPSA id ab10sm8388325wjc.45.2016.12.16.12.47.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Dec 2016 12:47:27 -0800 (PST) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: =?UTF-8?Q?P=c3=a1draig_Brady?= , 22631@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> <56BD6086.4010304@draigBrady.com> From: Nicolas Iooss Message-ID: <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> Date: Fri, 16 Dec 2016 21:47:26 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <56BD6086.4010304@draigBrady.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 22631 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 12/02/16 05:33, Pádraig Brady wrote: > On 11/02/16 06:07, Nicolas Iooss wrote: >> When running "make check" on a Linux system running SELinux with a >> non-MLS policy, tests/mkdir/restorecon.sh test fails with: >> >> chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument >> >> Indeed in such a configuration, contexts cannot have ":s0" suffix. >> >> * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by >> using sestatus and in this case use a valid context when calling >> runcon. Update the sed pattern of get_selinux_type to always grab the >> SELinux type from the output of "ls -Zd" even with a non-MLS policy. >> --- >> tests/mkdir/restorecon.sh | 8 ++++++-- >> 1 file changed, 6 insertions(+), 2 deletions(-) >> >> diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh >> index 0e7f03bc93db..cfd3bdda9637 100755 >> --- a/tests/mkdir/restorecon.sh >> +++ b/tests/mkdir/restorecon.sh >> @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo >> require_selinux_ >> >> >> -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } >> +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } >> >> mkdir subdir || framework_failure_ >> -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ >> +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then >> + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ >> +else >> + chcon 'root:object_r:tmp_t' subdir || framework_failure_ >> +fi >> cd subdir >> >> # --- mkdir -Z --- >> > > +1 > > thanks! > Pádraig Hi, This patch has not been included in coreutils 8.26, which makes mkdir/restorecon.sh tests still fails on my system. What should I do for this patch to be merged? Moreover the code which was modified in this patch has been copied in tests/install/install-Z-selinux.sh. So this test also fails on systems where SELinux is configured with a non-MLS policy. Do I need to send a new patch which also modifies this file? Thanks, Nicolas From debbugs-submit-bounces@debbugs.gnu.org Sat Dec 17 08:11:37 2016 Received: (at 22631) by debbugs.gnu.org; 17 Dec 2016 13:11:37 +0000 Received: from localhost ([127.0.0.1]:44814 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIElu-0004WC-Ri for submit@debbugs.gnu.org; Sat, 17 Dec 2016 08:11:37 -0500 Received: from midir.magicbluesmoke.com ([82.195.144.46]:43694 helo=mail.magicbluesmoke.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIEls-0004W1-VL for 22631@debbugs.gnu.org; Sat, 17 Dec 2016 08:11:29 -0500 Received: from [192.168.1.80] (unknown [109.78.233.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id E5B0F4A6D; Sat, 17 Dec 2016 13:11:26 +0000 (GMT) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: Nicolas Iooss , 22631@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> <56BD6086.4010304@draigBrady.com> <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <85dd4152-b194-bed7-66ad-844d54201785@draigBrady.com> Date: Sat, 17 Dec 2016 13:11:26 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> Content-Type: multipart/mixed; boundary="------------FD53BA4F7B76A7B4328F70E0" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 22631 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) This is a multi-part message in MIME format. --------------FD53BA4F7B76A7B4328F70E0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit On 16/12/16 20:47, Nicolas Iooss wrote: > On 12/02/16 05:33, Pádraig Brady wrote: >> On 11/02/16 06:07, Nicolas Iooss wrote: >>> When running "make check" on a Linux system running SELinux with a >>> non-MLS policy, tests/mkdir/restorecon.sh test fails with: >>> >>> chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument >>> >>> Indeed in such a configuration, contexts cannot have ":s0" suffix. >>> >>> * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by >>> using sestatus and in this case use a valid context when calling >>> runcon. Update the sed pattern of get_selinux_type to always grab the >>> SELinux type from the output of "ls -Zd" even with a non-MLS policy. >>> --- >>> tests/mkdir/restorecon.sh | 8 ++++++-- >>> 1 file changed, 6 insertions(+), 2 deletions(-) >>> >>> diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh >>> index 0e7f03bc93db..cfd3bdda9637 100755 >>> --- a/tests/mkdir/restorecon.sh >>> +++ b/tests/mkdir/restorecon.sh >>> @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo >>> require_selinux_ >>> >>> >>> -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } >>> +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } >>> >>> mkdir subdir || framework_failure_ >>> -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ >>> +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then >>> + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ >>> +else >>> + chcon 'root:object_r:tmp_t' subdir || framework_failure_ >>> +fi >>> cd subdir >>> >>> # --- mkdir -Z --- >>> >> >> +1 >> >> thanks! >> Pádraig > > Hi, > This patch has not been included in coreutils 8.26, which makes > mkdir/restorecon.sh tests still fails on my system. What should I do for > this patch to be merged? > > Moreover the code which was modified in this patch has been copied in > tests/install/install-Z-selinux.sh. So this test also fails on systems > where SELinux is configured with a non-MLS policy. Do I need to send a > new patch which also modifies this file? My bad. Sorry I missed this. I presume these root tests have the same issue? $ git grep -l ':s0' tests | xargs grep -l require_root_ tests/cp/cp-a-selinux.sh tests/misc/chcon.sh tests/misc/selinux.sh I updated those also which can be tested like: git am < cu-non-mls-tests.patch sudo make TESTS="$(echo $(git show --name-only | grep ^tests))" check SUBDIRS=. Do those pass on your system? I'll apply the attached in your name if so. thanks for the follow up. Pádraig --------------FD53BA4F7B76A7B4328F70E0 Content-Type: text/x-patch; name="cu-non-mls-tests.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="cu-non-mls-tests.patch" =46rom f2b9fa2c99ec01c9e767700afaa16fd84f30c97e Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Thu, 11 Feb 2016 15:07:52 +0100 Subject: [PATCH] tests: support non-MLS enabled SELinux systems When running "make check" on a Linux system running SELinux with a non-MLS policy, tests/mkdir/restorecon.sh test fails with: chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument Indeed in such a configuration, contexts cannot have ":s0" suffix. * init.cfg (get_selinux_type): Refactor this function to here from various tests. Update to work with a non-MLS policy. (mls_enabled_): A new function to detect if MLS is enabled. * tests/mkdir/restorecon.sh: Use a valid non-MLS context when needed. * tests/install/install-Z-selinux.sh: Likewise. * tests/cp/cp-a-selinux.sh: Likewise. * tests/misc/selinux.sh: Likewise. * tests/misc/chcon.sh: Skip if non-MLS as --range used throughout. Fixes http://bugs.gnu.org/22631 --- init.cfg | 9 +++++++++ tests/cp/cp-a-selinux.sh | 4 ++-- tests/install/install-Z-selinux.sh | 7 +++---- tests/misc/chcon.sh | 1 + tests/misc/selinux.sh | 3 ++- tests/mkdir/restorecon.sh | 7 +++---- 6 files changed, 20 insertions(+), 11 deletions(-) diff --git a/init.cfg b/init.cfg index db86194..df39183 100644 --- a/init.cfg +++ b/init.cfg @@ -128,6 +128,15 @@ require_selinux_() esac } =20 +# Return the SELinux type component if available +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } + +# Whether SELinux Multi Level Security is enabled +mls_enabled_() { + sestatus 2>&1 | + grep 'Policy MLS status:.*enabled' > /dev/null +} + # Skip this test if we're not in SELinux "enforcing" mode. require_selinux_enforcing_() { diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh index 89735b6..3915952 100755 --- a/tests/cp/cp-a-selinux.sh +++ b/tests/cp/cp-a-selinux.sh @@ -28,7 +28,8 @@ cwd=3D$(pwd) cleanup_() { cd /; umount "$cwd/mnt"; } =20 # This context is special: it works even when mcstransd isn't running. -ctx=3Droot:object_r:tmp_t:s0 +ctx=3D'root:object_r:tmp_t' +mls_enabled_ && ctx=3D"$ctx:s0" =20 # Check basic functionality - before check on fixed context mount touch c || framework_failure_ @@ -62,7 +63,6 @@ grep $ctx ed_ctx && { ls -lZd restore/existing_dir; fail=3D1; } =20 # Check restorecon (-Z) functionality for file and directory -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } # Also make a dir with our known context mkdir c_d || framework_failure_ chcon $ctx c_d || framework_failure_ diff --git a/tests/install/install-Z-selinux.sh b/tests/install/install-Z= -selinux.sh index 9c3b642..c63a478 100755 --- a/tests/install/install-Z-selinux.sh +++ b/tests/install/install-Z-selinux.sh @@ -21,11 +21,10 @@ print_ver_ ginstall require_selinux_ =20 - -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } - mkdir subdir || framework_failure_ -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +ctx=3D'root:object_r:tmp_t' +mls_enabled_ && ctx=3D"$ctx:s0" +chcon "$ctx" subdir || framework_failure_ cd subdir =20 # Since in a tmp_t dir, dirs can be created as user_tmp_t ... diff --git a/tests/misc/chcon.sh b/tests/misc/chcon.sh index bd40fbc..c990219 100755 --- a/tests/misc/chcon.sh +++ b/tests/misc/chcon.sh @@ -21,6 +21,7 @@ print_ver_ chcon require_root_ require_selinux_ skip_if_mcstransd_is_running_ +mls_enabled_ || skip_ 'MLS is disabled' =20 mkdir -p d/sub/s2 || framework_failure_ touch f g d/sub/1 d/sub/2 || framework_failure_ diff --git a/tests/misc/selinux.sh b/tests/misc/selinux.sh index a951568..28c05c4 100755 --- a/tests/misc/selinux.sh +++ b/tests/misc/selinux.sh @@ -30,7 +30,8 @@ mkfifo_or_skip_ p =20 =20 # special context that works both with and without mcstransd -ctx=3Droot:object_r:tmp_t:s0 +ctx=3D'root:object_r:tmp_t' +mls_enabled_ && ctx=3D"$ctx:s0" =20 chcon $ctx f d p || skip_ '"chcon '$ctx' ..." failed' diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh index 0e7f03b..49e7219 100755 --- a/tests/mkdir/restorecon.sh +++ b/tests/mkdir/restorecon.sh @@ -20,11 +20,10 @@ print_ver_ mkdir mknod mkfifo require_selinux_ =20 - -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } - mkdir subdir || framework_failure_ -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +ctx=3D'root:object_r:tmp_t' +mls_enabled_ && ctx=3D"$ctx:s0" +chcon "$ctx" subdir || framework_failure_ cd subdir =20 # --- mkdir -Z --- --=20 2.5.5 --------------FD53BA4F7B76A7B4328F70E0-- From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 18 14:29:38 2016 Received: (at 22631) by debbugs.gnu.org; 18 Dec 2016 19:29:38 +0000 Received: from localhost ([127.0.0.1]:46432 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIh9I-0005xn-7r for submit@debbugs.gnu.org; Sun, 18 Dec 2016 14:29:38 -0500 Received: from mail-wj0-f193.google.com ([209.85.210.193]:35541) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIh9G-0005xa-IR for 22631@debbugs.gnu.org; Sun, 18 Dec 2016 14:29:31 -0500 Received: by mail-wj0-f193.google.com with SMTP id he10so21093162wjc.2 for <22631@debbugs.gnu.org>; Sun, 18 Dec 2016 11:29:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=iTt9UujN+wekGfoi9g8OXNywbM7i1v7qoWBcO4xCp5Y=; b=QvE0dO1BcA9ZtHCTykgAwWDPbU4QE9Dxmjnu5nNQPQLHSDpNLKDrZFP1byaMtwSk2O KfiKb/hxkELa9vmp8PY+l2kNe3qFKHwdjEqQ3a/V5Zss5bYr9AUV7MP2W53NmbrMQhso UY6xnXGYxAyt6DAPIjSk1ZTdV4f5CRT6abN6xdBCV7j7tXJy+xVRrjG3RaOxWn1l75ki m+75GugM5M1G7yQ7QO5iRJMv9cxQPjSYXrKkbyrZ1Cwv7BtVz68t8AlDickC/u5dDol0 W9pYfZXOVxF7ScsF67bAyYq4rChaFwAUBSKn8Zn0qhk5aS6yZbZS5PSv9sVPH8xlf8Cl 7AnA== X-Gm-Message-State: AKaTC00C97gskwx/lhIYtQJ+TB1lPiK5V8MBP8LoLvqzhDUBY69W+AUx1lufGT5jcyWMEA== X-Received: by 10.194.105.228 with SMTP id gp4mr10593585wjb.208.1482089364756; Sun, 18 Dec 2016 11:29:24 -0800 (PST) Received: from ?IPv6:2a02:8428:4da:9800:40fa:f57a:9062:4a4? (2a02-8428-04da-9800-40fa-f57a-9062-04a4.rev.sfr.net. [2a02:8428:4da:9800:40fa:f57a:9062:4a4]) by smtp.googlemail.com with ESMTPSA id u78sm13812546wma.11.2016.12.18.11.29.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Dec 2016 11:29:23 -0800 (PST) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: =?UTF-8?Q?P=c3=a1draig_Brady?= , 22631@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> <56BD6086.4010304@draigBrady.com> <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> <85dd4152-b194-bed7-66ad-844d54201785@draigBrady.com> From: Nicolas Iooss Message-ID: <55a89be0-fbb2-1273-266c-6569cfdf39d1@m4x.org> Date: Sun, 18 Dec 2016 20:29:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <85dd4152-b194-bed7-66ad-844d54201785@draigBrady.com> Content-Type: multipart/mixed; boundary="------------51E72B9239398BE61B9291DE" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 22631 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) This is a multi-part message in MIME format. --------------51E72B9239398BE61B9291DE Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit On 17/12/16 14:11, Pádraig Brady wrote: > On 16/12/16 20:47, Nicolas Iooss wrote: >> On 12/02/16 05:33, Pádraig Brady wrote: >>> On 11/02/16 06:07, Nicolas Iooss wrote: >>>> When running "make check" on a Linux system running SELinux with a >>>> non-MLS policy, tests/mkdir/restorecon.sh test fails with: >>>> >>>> chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument >>>> >>>> Indeed in such a configuration, contexts cannot have ":s0" suffix. >>>> >>>> * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by >>>> using sestatus and in this case use a valid context when calling >>>> runcon. Update the sed pattern of get_selinux_type to always grab the >>>> SELinux type from the output of "ls -Zd" even with a non-MLS policy. >>>> --- >>>> tests/mkdir/restorecon.sh | 8 ++++++-- >>>> 1 file changed, 6 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh >>>> index 0e7f03bc93db..cfd3bdda9637 100755 >>>> --- a/tests/mkdir/restorecon.sh >>>> +++ b/tests/mkdir/restorecon.sh >>>> @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo >>>> require_selinux_ >>>> >>>> >>>> -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } >>>> +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } >>>> >>>> mkdir subdir || framework_failure_ >>>> -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ >>>> +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then >>>> + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ >>>> +else >>>> + chcon 'root:object_r:tmp_t' subdir || framework_failure_ >>>> +fi >>>> cd subdir >>>> >>>> # --- mkdir -Z --- >>>> >>> >>> +1 >>> >>> thanks! >>> Pádraig >> >> Hi, >> This patch has not been included in coreutils 8.26, which makes >> mkdir/restorecon.sh tests still fails on my system. What should I do for >> this patch to be merged? >> >> Moreover the code which was modified in this patch has been copied in >> tests/install/install-Z-selinux.sh. So this test also fails on systems >> where SELinux is configured with a non-MLS policy. Do I need to send a >> new patch which also modifies this file? > > My bad. Sorry I missed this. > > I presume these root tests have the same issue? > > $ git grep -l ':s0' tests | xargs grep -l require_root_ > tests/cp/cp-a-selinux.sh > tests/misc/chcon.sh > tests/misc/selinux.sh > > I updated those also which can be tested like: > > git am < cu-non-mls-tests.patch > sudo make TESTS="$(echo $(git show --name-only | grep ^tests))" check SUBDIRS=. > > Do those pass on your system? > > I'll apply the attached in your name if so. > > thanks for the follow up. > Pádraig Thanks for your quick reply. With your patch I get 3 PASS and 2 SKIP on my system instead of 3 ERROR and 2 SKIP: PASS: tests/mkdir/restorecon.sh chcon.sh: skipped test: unexpected context 'sysadm_u:object_r:user_home_t'; turn off mcstransd SKIP: tests/misc/chcon.sh PASS: tests/install/install-Z-selinux.sh PASS: tests/cp/cp-a-selinux.sh selinux.sh: skipped test: unexpected context 'sysadm_u:object_r:user_home_t'; turn off mcstransd SKIP: tests/misc/selinux.sh I am not running mcstransd on and the SKIP were due to incorrect matching in skip_if_mcstransd_is_running_ function. I updated this function to accept contexts with three components if MLS is disabled and got one more PASS: PASS: tests/mkdir/restorecon.sh chcon.sh: skipped test: MLS is disabled SKIP: tests/misc/chcon.sh PASS: tests/install/install-Z-selinux.sh PASS: tests/cp/cp-a-selinux.sh PASS: tests/misc/selinux.sh My updated patch is attached to this email. Regards, Nicolas --------------51E72B9239398BE61B9291DE Content-Type: text/x-patch; name="0001-tests-support-non-MLS-enabled-SELinux-systems.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-tests-support-non-MLS-enabled-SELinux-systems.patch" >From e462bc8d16cdec6c34fda61a3e01f9636152f0e3 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Thu, 11 Feb 2016 15:07:52 +0100 Subject: [PATCH 1/1] tests: support non-MLS enabled SELinux systems When running "make check" on a Linux system running SELinux with a non-MLS policy, tests/mkdir/restorecon.sh test fails with: chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument Indeed in such a configuration, contexts cannot have ":s0" suffix. * init.cfg (get_selinux_type): Refactor this function to here from various tests. Update to work with a non-MLS policy. (mls_enabled_): A new function to detect if MLS is enabled. * tests/mkdir/restorecon.sh: Use a valid non-MLS context when needed. * tests/install/install-Z-selinux.sh: Likewise. * tests/cp/cp-a-selinux.sh: Likewise. * tests/misc/selinux.sh: Likewise. * tests/misc/chcon.sh: Skip if non-MLS as --range used throughout. Fixes http://bugs.gnu.org/22631 --- init.cfg | 11 +++++++++++ tests/cp/cp-a-selinux.sh | 4 ++-- tests/install/install-Z-selinux.sh | 7 +++---- tests/misc/chcon.sh | 1 + tests/misc/selinux.sh | 3 ++- tests/mkdir/restorecon.sh | 7 +++---- 6 files changed, 22 insertions(+), 11 deletions(-) diff --git a/init.cfg b/init.cfg index db861944c6af..8bbf7812f520 100644 --- a/init.cfg +++ b/init.cfg @@ -128,6 +128,15 @@ require_selinux_() esac } +# Return the SELinux type component if available +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } + +# Whether SELinux Multi Level Security is enabled +mls_enabled_() { + sestatus 2>&1 | + grep 'Policy MLS status:.*enabled' > /dev/null +} + # Skip this test if we're not in SELinux "enforcing" mode. require_selinux_enforcing_() { @@ -638,6 +647,8 @@ skip_if_mcstransd_is_running_() __ctx=$(stat --printf='%C\n' .) || framework_failure_ case $__ctx in *:*:*:*) ;; # four components is ok + *:*:*) # three components is ok too if ther is no MLS + mls_enabled_ && skip_ "unexpected context '$__ctx'; turn off mcstransd" ;; *) # anything else probably means mcstransd is running skip_ "unexpected context '$__ctx'; turn off mcstransd" ;; esac diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh index 89735b65a832..3915952188dd 100755 --- a/tests/cp/cp-a-selinux.sh +++ b/tests/cp/cp-a-selinux.sh @@ -28,7 +28,8 @@ cwd=$(pwd) cleanup_() { cd /; umount "$cwd/mnt"; } # This context is special: it works even when mcstransd isn't running. -ctx=root:object_r:tmp_t:s0 +ctx='root:object_r:tmp_t' +mls_enabled_ && ctx="$ctx:s0" # Check basic functionality - before check on fixed context mount touch c || framework_failure_ @@ -62,7 +63,6 @@ grep $ctx ed_ctx && { ls -lZd restore/existing_dir; fail=1; } # Check restorecon (-Z) functionality for file and directory -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } # Also make a dir with our known context mkdir c_d || framework_failure_ chcon $ctx c_d || framework_failure_ diff --git a/tests/install/install-Z-selinux.sh b/tests/install/install-Z-selinux.sh index 9c3b6420bc95..c63a4786230a 100755 --- a/tests/install/install-Z-selinux.sh +++ b/tests/install/install-Z-selinux.sh @@ -21,11 +21,10 @@ print_ver_ ginstall require_selinux_ - -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } - mkdir subdir || framework_failure_ -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +ctx='root:object_r:tmp_t' +mls_enabled_ && ctx="$ctx:s0" +chcon "$ctx" subdir || framework_failure_ cd subdir # Since in a tmp_t dir, dirs can be created as user_tmp_t ... diff --git a/tests/misc/chcon.sh b/tests/misc/chcon.sh index bd40fbc7d314..c99021907172 100755 --- a/tests/misc/chcon.sh +++ b/tests/misc/chcon.sh @@ -21,6 +21,7 @@ print_ver_ chcon require_root_ require_selinux_ skip_if_mcstransd_is_running_ +mls_enabled_ || skip_ 'MLS is disabled' mkdir -p d/sub/s2 || framework_failure_ touch f g d/sub/1 d/sub/2 || framework_failure_ diff --git a/tests/misc/selinux.sh b/tests/misc/selinux.sh index a9515680a44f..28c05c4f82d7 100755 --- a/tests/misc/selinux.sh +++ b/tests/misc/selinux.sh @@ -30,7 +30,8 @@ mkfifo_or_skip_ p # special context that works both with and without mcstransd -ctx=root:object_r:tmp_t:s0 +ctx='root:object_r:tmp_t' +mls_enabled_ && ctx="$ctx:s0" chcon $ctx f d p || skip_ '"chcon '$ctx' ..." failed' diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh index 0e7f03bc93db..49e72196ff88 100755 --- a/tests/mkdir/restorecon.sh +++ b/tests/mkdir/restorecon.sh @@ -20,11 +20,10 @@ print_ver_ mkdir mknod mkfifo require_selinux_ - -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } - mkdir subdir || framework_failure_ -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +ctx='root:object_r:tmp_t' +mls_enabled_ && ctx="$ctx:s0" +chcon "$ctx" subdir || framework_failure_ cd subdir # --- mkdir -Z --- -- 2.11.0 --------------51E72B9239398BE61B9291DE-- From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 18 15:10:20 2016 Received: (at 22631-done) by debbugs.gnu.org; 18 Dec 2016 20:10:20 +0000 Received: from localhost ([127.0.0.1]:46441 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIhmm-0006tl-43 for submit@debbugs.gnu.org; Sun, 18 Dec 2016 15:10:20 -0500 Received: from midir.magicbluesmoke.com ([82.195.144.46]:49972 helo=mail.magicbluesmoke.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIhmk-0006td-N1 for 22631-done@debbugs.gnu.org; Sun, 18 Dec 2016 15:10:19 -0500 Received: from [192.168.1.80] (unknown [109.78.233.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 572284503; Sun, 18 Dec 2016 20:10:17 +0000 (GMT) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: Nicolas Iooss , 22631-done@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> <56BD6086.4010304@draigBrady.com> <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> <85dd4152-b194-bed7-66ad-844d54201785@draigBrady.com> <55a89be0-fbb2-1273-266c-6569cfdf39d1@m4x.org> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <1c1fae03-bbb0-25d5-92c0-46a4feed9a08@draigBrady.com> Date: Sun, 18 Dec 2016 20:10:16 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <55a89be0-fbb2-1273-266c-6569cfdf39d1@m4x.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 22631-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 18/12/16 19:29, Nicolas Iooss wrote: > I am not running mcstransd on and the SKIP were due to incorrect > matching in skip_if_mcstransd_is_running_ function. I updated this > function to accept contexts with three components if MLS is disabled and > got one more PASS: Excellent. I tweaked that a little to be less than 80 chars line length, and avoid a duplicated error message, and pushed at: http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.26-5-gbe2f82f Marking this bug as done. cheers, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 18 15:27:26 2016 Received: (at 22631-done) by debbugs.gnu.org; 18 Dec 2016 20:27:26 +0000 Received: from localhost ([127.0.0.1]:46448 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIi3K-0007IM-Ie for submit@debbugs.gnu.org; Sun, 18 Dec 2016 15:27:26 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:34226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIi3I-0007I9-KM for 22631-done@debbugs.gnu.org; Sun, 18 Dec 2016 15:27:24 -0500 Received: by mail-wm0-f67.google.com with SMTP id g23so15258343wme.1 for <22631-done@debbugs.gnu.org>; Sun, 18 Dec 2016 12:27:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=swjfH2FsrxWXPIcjwrxUHtsws5y2GTi3/fDacwnat+c=; b=WJ+6PQcNu8zlFGwqPse6EekAN2y1YY2JSbaaQvSBqHut+5j18vTID8hRZyLbW5pMIe qV891suNf+r64WhafoEh8GIVvbF/WDlayMFOrN6YjtKbg1RR1X6FU0QyADYQqYKkjidZ GHGKWJjwNCWdH5vuE+hoGOWypVMrInpDuY/In9kg1lIQSNKurJhVsdnD9Vas1pbMN9iy eYiG945y8Ri4cVVd2XUl0bRgaNA0QKsKxzlnkfdKZNlA6im9Z+ekkKE9QnF5HeHzhtuM OxsNswyShZY97V1KESfjGXxk/7QWvOevcbHUmAxmm9zOxV11ntiIw4aRsot7qIzxkjCY DQkA== X-Gm-Message-State: AIkVDXJU7QwFcuYQIZuf1LS7vAP+9KOT2DrOn/Ko0gZavPdYklW2SAPgKp6ACgLVtp+58A== X-Received: by 10.28.45.212 with SMTP id t203mr11089720wmt.46.1482092838860; Sun, 18 Dec 2016 12:27:18 -0800 (PST) Received: from ?IPv6:2a02:8428:4da:9800:40fa:f57a:9062:4a4? (2a02-8428-04da-9800-40fa-f57a-9062-04a4.rev.sfr.net. [2a02:8428:4da:9800:40fa:f57a:9062:4a4]) by smtp.googlemail.com with ESMTPSA id ia7sm17389245wjb.23.2016.12.18.12.27.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Dec 2016 12:27:18 -0800 (PST) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: =?UTF-8?Q?P=c3=a1draig_Brady?= , 22631-done@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> <56BD6086.4010304@draigBrady.com> <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> <85dd4152-b194-bed7-66ad-844d54201785@draigBrady.com> <55a89be0-fbb2-1273-266c-6569cfdf39d1@m4x.org> <1c1fae03-bbb0-25d5-92c0-46a4feed9a08@draigBrady.com> From: Nicolas Iooss Message-ID: <8fe33eac-bcd3-75d1-e652-59f2d3cbadc5@m4x.org> Date: Sun, 18 Dec 2016 21:27:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <1c1fae03-bbb0-25d5-92c0-46a4feed9a08@draigBrady.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 22631-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) On 18/12/16 21:10, Pádraig Brady wrote: > On 18/12/16 19:29, Nicolas Iooss wrote: >> I am not running mcstransd on and the SKIP were due to incorrect >> matching in skip_if_mcstransd_is_running_ function. I updated this >> function to accept contexts with three components if MLS is disabled and >> got one more PASS: > > Excellent. I tweaked that a little to be less than 80 chars line length, > and avoid a duplicated error message, and pushed at: > http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.26-5-gbe2f82f > > Marking this bug as done. Sorry to bother you but there are two errors in this commit with "mls_enabled_ && __ctk_ok=1": 3-component contexts are fine when MLS is disabled so the operator needs to be || instead, and there is a K instead of an X in the variable name (which would be __ctx_ok). Thanks, Nicolas From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 18 15:43:29 2016 Received: (at 22631) by debbugs.gnu.org; 18 Dec 2016 20:43:29 +0000 Received: from localhost ([127.0.0.1]:46467 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIiIr-0007gH-B3 for submit@debbugs.gnu.org; Sun, 18 Dec 2016 15:43:29 -0500 Received: from midir.magicbluesmoke.com ([82.195.144.46]:50086 helo=mail.magicbluesmoke.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cIiIp-0007g8-PX for 22631@debbugs.gnu.org; Sun, 18 Dec 2016 15:43:28 -0500 Received: from [192.168.1.80] (unknown [109.78.233.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 0A90D4503; Sun, 18 Dec 2016 20:43:27 +0000 (GMT) Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in mkdir tests To: Nicolas Iooss , 22631@debbugs.gnu.org References: <1455199672-8801-1-git-send-email-nicolas.iooss@m4x.org> <56BD6086.4010304@draigBrady.com> <035c8e78-0fa0-ad46-5f9b-95d94f37b7f9@m4x.org> <85dd4152-b194-bed7-66ad-844d54201785@draigBrady.com> <55a89be0-fbb2-1273-266c-6569cfdf39d1@m4x.org> <1c1fae03-bbb0-25d5-92c0-46a4feed9a08@draigBrady.com> <8fe33eac-bcd3-75d1-e652-59f2d3cbadc5@m4x.org> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <896140c8-eda3-31e6-55f3-21225010ce41@draigBrady.com> Date: Sun, 18 Dec 2016 20:43:26 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <8fe33eac-bcd3-75d1-e652-59f2d3cbadc5@m4x.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 22631 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 18/12/16 20:27, Nicolas Iooss wrote: > > > On 18/12/16 21:10, Pádraig Brady wrote: >> On 18/12/16 19:29, Nicolas Iooss wrote: >>> I am not running mcstransd on and the SKIP were due to incorrect >>> matching in skip_if_mcstransd_is_running_ function. I updated this >>> function to accept contexts with three components if MLS is disabled and >>> got one more PASS: >> >> Excellent. I tweaked that a little to be less than 80 chars line length, >> and avoid a duplicated error message, and pushed at: >> http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.26-5-gbe2f82f >> >> Marking this bug as done. > > Sorry to bother you but there are two errors in this commit with > "mls_enabled_ && __ctk_ok=1": 3-component contexts are fine when MLS is > disabled so the operator needs to be || instead, and there is a K > instead of an X in the variable name (which would be __ctx_ok). Wow. That's a lesson in not doing even trivial commits while being distracted :/ I've pushed that fix highlighting that the issue was mine. cheers, Pádraig. From unknown Wed Aug 20 05:17:35 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 16 Jan 2017 12:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator