GNU bug report logs -
#22631
[PATCH] tests: support non-MLS SELinux systems in mkdir tests
Previous Next
Reported by: Nicolas Iooss <nicolas.iooss <at> m4x.org>
Date: Thu, 11 Feb 2016 14:10:02 UTC
Severity: normal
Tags: patch
Done: Pádraig Brady <P <at> draigBrady.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On 11/02/16 06:07, Nicolas Iooss wrote:
> When running "make check" on a Linux system running SELinux with a
> non-MLS policy, tests/mkdir/restorecon.sh test fails with:
>
> chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument
>
> Indeed in such a configuration, contexts cannot have ":s0" suffix.
>
> * tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by
> using sestatus and in this case use a valid context when calling
> runcon. Update the sed pattern of get_selinux_type to always grab the
> SELinux type from the output of "ls -Zd" even with a non-MLS policy.
> ---
> tests/mkdir/restorecon.sh | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh
> index 0e7f03bc93db..cfd3bdda9637 100755
> --- a/tests/mkdir/restorecon.sh
> +++ b/tests/mkdir/restorecon.sh
> @@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo
> require_selinux_
>
>
> -get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; }
> +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; }
>
> mkdir subdir || framework_failure_
> -chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
> +if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then
> + chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
> +else
> + chcon 'root:object_r:tmp_t' subdir || framework_failure_
> +fi
> cd subdir
>
> # --- mkdir -Z ---
>
+1
thanks!
Pádraig
This bug report was last modified 8 years and 235 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.