GNU bug report logs - #22631
[PATCH] tests: support non-MLS SELinux systems in mkdir tests

Previous Next

Package: coreutils;

Reported by: Nicolas Iooss <nicolas.iooss <at> m4x.org>

Date: Thu, 11 Feb 2016 14:10:02 UTC

Severity: normal

Tags: patch

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 22631 <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Iooss <nicolas.iooss <at> m4x.org>
To: Pádraig Brady <P <at> draigBrady.com>, 22631 <at> debbugs.gnu.org
Subject: Re: bug#22631: [PATCH] tests: support non-MLS SELinux systems in
 mkdir tests
Date: Fri, 16 Dec 2016 21:47:26 +0100

On 12/02/16 05:33, Pádraig Brady wrote:
> On 11/02/16 06:07, Nicolas Iooss wrote:
>> When running "make check" on a Linux system running SELinux with a
>> non-MLS policy, tests/mkdir/restorecon.sh test fails with:
>>
>>   chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument
>>
>> Indeed in such a configuration, contexts cannot have ":s0" suffix.
>>
>> * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by
>>   using sestatus and in this case use a valid context when calling
>>   runcon.  Update the sed pattern of get_selinux_type to always grab the
>>   SELinux type from the output of "ls -Zd" even with a non-MLS policy.
>> ---
>>  tests/mkdir/restorecon.sh | 8 ++++++--
>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh
>> index 0e7f03bc93db..cfd3bdda9637 100755
>> --- a/tests/mkdir/restorecon.sh
>> +++ b/tests/mkdir/restorecon.sh
>> @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo
>>  require_selinux_
>>  
>>  
>> -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; }
>> +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; }
>>  
>>  mkdir subdir || framework_failure_
>> -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
>> +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then
>> +  chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
>> +else
>> +  chcon 'root:object_r:tmp_t' subdir || framework_failure_
>> +fi
>>  cd subdir
>>  
>>  # --- mkdir -Z ---
>>
> 
> +1
> 
> thanks!
> Pádraig

Hi,
This patch has not been included in coreutils 8.26, which makes
mkdir/restorecon.sh tests still fails on my system. What should I do for
this patch to be merged?

Moreover the code which was modified in this patch has been copied in
tests/install/install-Z-selinux.sh. So this test also fails on systems
where SELinux is configured with a non-MLS policy. Do I need to send a
new patch which also modifies this file?

Thanks,
Nicolas
This bug report was last modified 8 years and 234 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.