From unknown Wed Jun 25 03:54:36 2025 X-Loop: help-debbugs@gnu.org Subject: bug#8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not. Resent-From: Mathieu Bridon Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 28 Mar 2011 04:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 8359 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: patch To: 8359@debbugs.gnu.org X-Debbugs-Original-To: bug-coreutils@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.13012875003116 (code B ref -1); Mon, 28 Mar 2011 04:45:02 +0000 Received: (at submit) by debbugs.gnu.org; 28 Mar 2011 04:45:00 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q44K3-0000oC-CI for submit@debbugs.gnu.org; Mon, 28 Mar 2011 00:44:59 -0400 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q43P3-0007y6-AA for submit@debbugs.gnu.org; Sun, 27 Mar 2011 23:46:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q43Ox-0002qD-At for submit@debbugs.gnu.org; Sun, 27 Mar 2011 23:46:00 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([199.232.76.165]:35194) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q43Ox-0002q9-8z for submit@debbugs.gnu.org; Sun, 27 Mar 2011 23:45:59 -0400 Received: from [140.186.70.92] (port=51751 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q43Ow-0000QB-EW for bug-coreutils@gnu.org; Sun, 27 Mar 2011 23:45:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q43Ov-0002pZ-6Q for bug-coreutils@gnu.org; Sun, 27 Mar 2011 23:45:58 -0400 Received: from karen.lavabit.com ([72.249.41.33]:33267) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q43Ov-0002pP-3J for bug-coreutils@gnu.org; Sun, 27 Mar 2011 23:45:57 -0400 Received: from a.earth.lavabit.com (a.earth.lavabit.com [192.168.111.10]) by karen.lavabit.com (Postfix) with ESMTP id 8424A11BCD6 for ; Sun, 27 Mar 2011 22:45:55 -0500 (CDT) Received: from 10.8.2.80 (network-box.com [175.45.17.220]) by lavabit.com with ESMTP id 19FL9TIII740 for ; Sun, 27 Mar 2011 22:45:52 -0500 From: Mathieu Bridon Content-Type: text/plain; charset="UTF-8" Organization: Fedora Project Date: Mon, 28 Mar 2011 11:45:43 +0800 Message-ID: <1301283943.2130.266.camel@bochecha> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 (2.32.2-1.fc14) Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 199.232.76.165 X-Spam-Score: -6.6 (------) X-Mailman-Approved-At: Mon, 28 Mar 2011 00:44:58 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.6 (------) The unit tests would run ls to see if the files had an SELinux context, and would assume SELinux is enabled if they did. This is not ideal, and can cause test failures in some environments: https://bugzilla.redhat.com/show_bug.cgi?id=573111#c26 The problem in the case of the above bug report is that the host has SELinux enabled (and thus files have a context) but the chroot (mock) fakes SELinux being disabled. Unfortunately, it can't remove the context, which makes ls thinks that SELinux is enabled. Later on, when running certain unit tests (e.g id-context), they fail as they use the libselinux which (correctly) thinks SELinux is disabled (and in the case of id-context, id will not return the context of the user). A better way to test if SELinux is enabled is to search for the SELinux filesystem (see the above bug report). This is what this commit does. --- tests/init.cfg | 9 +++------ 1 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/init.cfg b/tests/init.cfg index f74d50c..ca92297 100644 --- a/tests/init.cfg +++ b/tests/init.cfg @@ -216,12 +216,9 @@ skip_if_() require_selinux_() { - case `ls -Zd .` in - '? .'|'unlabeled .') - skip_test_ "this system (or maybe just" \ - "the current file system) lacks SELinux support" - ;; - esac + grep selinux /proc/filesystems > /dev/null || \ + skip_test_ "this system (or maybe just" \ + "the current file system) lacks SELinux support" } very_expensive_() -- 1.7.4 From unknown Wed Jun 25 03:54:36 2025 X-Loop: help-debbugs@gnu.org Subject: bug#8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not. Resent-From: Jim Meyering Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 28 Mar 2011 07:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8359 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: patch To: Mathieu Bridon Cc: 8359@debbugs.gnu.org Received: via spool by 8359-submit@debbugs.gnu.org id=B8359.130129887019355 (code B ref 8359); Mon, 28 Mar 2011 07:55:02 +0000 Received: (at 8359) by debbugs.gnu.org; 28 Mar 2011 07:54:30 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q47HQ-000528-Tx for submit@debbugs.gnu.org; Mon, 28 Mar 2011 03:54:29 -0400 Received: from mx.meyering.net ([82.230.74.64]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q47HO-00051u-HJ for 8359@debbugs.gnu.org; Mon, 28 Mar 2011 03:54:27 -0400 Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) id D7228603F6; Mon, 28 Mar 2011 09:54:19 +0200 (CEST) From: Jim Meyering In-Reply-To: <1301283943.2130.266.camel@bochecha> (Mathieu Bridon's message of "Mon, 28 Mar 2011 11:45:43 +0800") References: <1301283943.2130.266.camel@bochecha> Date: Mon, 28 Mar 2011 09:54:19 +0200 Message-ID: <874o6nk7dg.fsf@rho.meyering.net> Lines: 92 MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -5.9 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.9 (-----) Mathieu Bridon wrote: > The unit tests would run ls to see if the files had an SELinux > context, and would assume SELinux is enabled if they did. > > This is not ideal, and can cause test failures in some environments: > https://bugzilla.redhat.com/show_bug.cgi?id=573111#c26 > > The problem in the case of the above bug report is that the host has > SELinux enabled (and thus files have a context) but the chroot (mock) > fakes SELinux being disabled. Unfortunately, it can't remove the > context, which makes ls thinks that SELinux is enabled. > > Later on, when running certain unit tests (e.g id-context), they fail > as they use the libselinux which (correctly) thinks SELinux is disabled > (and in the case of id-context, id will not return the context of the > user). > > A better way to test if SELinux is enabled is to search for the SELinux > filesystem (see the above bug report). This is what this commit does. Thank you for the diagnosis and patch. However, I can't use that as-is, since removing the existing test would mistakenly enable guaranteed-to-fail tests that are run from a file system that does not support SELinux on a system for which it is enabled. > diff --git a/tests/init.cfg b/tests/init.cfg > index f74d50c..ca92297 100644 > --- a/tests/init.cfg > +++ b/tests/init.cfg > @@ -216,12 +216,9 @@ skip_if_() > > require_selinux_() > { > - case `ls -Zd .` in > - '? .'|'unlabeled .') > - skip_test_ "this system (or maybe just" \ > - "the current file system) lacks SELinux support" > - ;; > - esac > + grep selinux /proc/filesystems > /dev/null || \ > + skip_test_ "this system (or maybe just" \ > + "the current file system) lacks SELinux support" > } I've adjusted it to address the above. Also, I've tightened the regexp slightly, just in case, and made the diagnostic more precise. I've also rewritten the commit log. Hmm... actually, I now have mixed feelings about this change. Having SELinux enabled for id --context is conceptually a very different thing from having an SELinux-enabled file system. Now, I'm thinking that your new condition should guard only the id-context test, rather than causing us to skip all FS-context-requiring tests. In your environment, does any test other than id-context fail without this patch? >From 1ff10c3073e2c20c9a7a9ff0e2cc93a3e16b41bd Mon Sep 17 00:00:00 2001 From: Mathieu Bridon Date: Mon, 28 Mar 2011 09:39:53 +0200 Subject: [PATCH] tests: avoid unwarranted failure in mock-simulated non-SELinux env. * tests/init.cfg (require_selinux_): Skip the test also when /proc/filesystems does not list selinuxfs. Add comments. Based on the patch by Mathieu Bridon in http://debbugs.gnu.org/8359. More discussion in http://bugzilla.redhat.com/573111 --- tests/init.cfg | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/tests/init.cfg b/tests/init.cfg index f74d50c..0711455 100644 --- a/tests/init.cfg +++ b/tests/init.cfg @@ -216,6 +216,13 @@ skip_if_() require_selinux_() { + # When in a chroot of an SELinux-enabled system, but with a mock-simulated + # SELinux-*disabled* system, recognize that SELinux is disabled system wide: + grep 'selinuxfs$' /proc/filesystems > /dev/null \ + || skip_test_ "this system lacks SELinux support" + + # Independent of whether SELinux is enabled system-wide, + # the current file system may lack SELinux support. case `ls -Zd .` in '? .'|'unlabeled .') skip_test_ "this system (or maybe just" \ -- 1.7.4.1.688.g95e3e From unknown Wed Jun 25 03:54:36 2025 X-Loop: help-debbugs@gnu.org Subject: bug#8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not. Resent-From: Mathieu Bridon Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 28 Mar 2011 08:39:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8359 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: patch To: Jim Meyering Cc: 8359@debbugs.gnu.org Received: via spool by 8359-submit@debbugs.gnu.org id=B8359.130130148323045 (code B ref 8359); Mon, 28 Mar 2011 08:39:03 +0000 Received: (at 8359) by debbugs.gnu.org; 28 Mar 2011 08:38:03 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q47xb-0005ze-3u for submit@debbugs.gnu.org; Mon, 28 Mar 2011 04:38:03 -0400 Received: from karen.lavabit.com ([72.249.41.33]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q47xZ-0005zB-Tu for 8359@debbugs.gnu.org; Mon, 28 Mar 2011 04:38:02 -0400 Received: from a.earth.lavabit.com (a.earth.lavabit.com [192.168.111.10]) by karen.lavabit.com (Postfix) with ESMTP id 1A76811BDF5; Mon, 28 Mar 2011 03:37:56 -0500 (CDT) Received: from 10.8.2.80 (network-box.com [175.45.17.220]) by lavabit.com with ESMTP id 9JR5LN4HZZSJ; Mon, 28 Mar 2011 03:37:52 -0500 From: Mathieu Bridon In-Reply-To: <874o6nk7dg.fsf@rho.meyering.net> References: <1301283943.2130.266.camel@bochecha> <874o6nk7dg.fsf@rho.meyering.net> Content-Type: text/plain; charset="UTF-8" Organization: Fedora Project Date: Mon, 28 Mar 2011 16:37:44 +0800 Message-ID: <1301301464.2130.273.camel@bochecha> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 (2.32.2-1.fc14) Content-Transfer-Encoding: 7bit X-Spam-Score: -4.6 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.9 (---) On Mon, 2011-03-28 at 09:54 +0200, Jim Meyering wrote: > Mathieu Bridon wrote: [... snip ...] > > A better way to test if SELinux is enabled is to search for the SELinux > > filesystem (see the above bug report). This is what this commit does. > > Thank you for the diagnosis and patch. > However, I can't use that as-is, since removing the existing test would > mistakenly enable guaranteed-to-fail tests that are run from a file system > that does not support SELinux on a system for which it is enabled. Right, I didn't think about this case. :-/ > Hmm... actually, I now have mixed feelings about this change. > Having SELinux enabled for id --context is conceptually a very > different thing from having an SELinux-enabled file system. > Now, I'm thinking that your new condition should guard only the id-context > test, rather than causing us to skip all FS-context-requiring tests. > In your environment, does any test other than id-context fail without > this patch? Yes, 3 tests are failing: - misc/id-context - id/no-context - install/install-C-selinux The three are skipped (which is expected) after applying the patch I submitted. I didn't try with your version of the patch, but looking at it I think it's safe to assume they would be skipped as well. -- Mathieu From unknown Wed Jun 25 03:54:36 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Mathieu Bridon Subject: bug#8359: closed (Re: bug#8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not.) Message-ID: References: <87wrjj1rvs.fsf@rho.meyering.net> <1301283943.2130.266.camel@bochecha> X-Gnu-PR-Message: they-closed 8359 X-Gnu-PR-Package: coreutils X-Gnu-PR-Keywords: patch Reply-To: 8359@debbugs.gnu.org Date: Mon, 28 Mar 2011 10:07:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1301306822-30484-1" This is a multi-part message in MIME format... ------------=_1301306822-30484-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or no= t. which was filed against the coreutils package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 8359@debbugs.gnu.org. --=20 8359: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D8359 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1301306822-30484-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 8359-done) by debbugs.gnu.org; 28 Mar 2011 10:06:25 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q49L6-0007uv-FL for submit@debbugs.gnu.org; Mon, 28 Mar 2011 06:06:24 -0400 Received: from mx.meyering.net ([82.230.74.64]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q49L3-0007ui-FR for 8359-done@debbugs.gnu.org; Mon, 28 Mar 2011 06:06:22 -0400 Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) id 45ACC60235; Mon, 28 Mar 2011 12:06:15 +0200 (CEST) From: Jim Meyering To: Mathieu Bridon Subject: Re: bug#8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not. In-Reply-To: <1301301464.2130.273.camel@bochecha> (Mathieu Bridon's message of "Mon, 28 Mar 2011 16:37:44 +0800") References: <1301283943.2130.266.camel@bochecha> <874o6nk7dg.fsf@rho.meyering.net> <1301301464.2130.273.camel@bochecha> Date: Mon, 28 Mar 2011 12:06:15 +0200 Message-ID: <87wrjj1rvs.fsf@rho.meyering.net> Lines: 96 MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -5.9 (-----) X-Debbugs-Envelope-To: 8359-done Cc: 8359-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.9 (-----) Mathieu Bridon wrote: > On Mon, 2011-03-28 at 09:54 +0200, Jim Meyering wrote: >> Mathieu Bridon wrote: > [... snip ...] >> > A better way to test if SELinux is enabled is to search for the SELinux >> > filesystem (see the above bug report). This is what this commit does. >> >> Thank you for the diagnosis and patch. >> However, I can't use that as-is, since removing the existing test would >> mistakenly enable guaranteed-to-fail tests that are run from a file system >> that does not support SELinux on a system for which it is enabled. > > Right, I didn't think about this case. :-/ > >> Hmm... actually, I now have mixed feelings about this change. >> Having SELinux enabled for id --context is conceptually a very >> different thing from having an SELinux-enabled file system. >> Now, I'm thinking that your new condition should guard only the id-context >> test, rather than causing us to skip all FS-context-requiring tests. >> In your environment, does any test other than id-context fail without >> this patch? > > Yes, 3 tests are failing: > - misc/id-context > - id/no-context > - install/install-C-selinux > > The three are skipped (which is expected) after applying the patch I > submitted. I didn't try with your version of the patch, but looking at > it I think it's safe to assume they would be skipped as well. Thanks. I've decided not to bother separating the tests after all: less risk of introducing false-positive failures that way. I had to make one more change to avoid the syntax-check failure due to the new use of "filesystems": (we prefer to spell it "file systems"; I've exempted the entire init.cfg file rather than obfuscating it e.g., via /proc/file''systems) Here's what I've pushed. I've closed the bug, but you're welcome to reopen if problems persist. >From 17a7e4592727b44d0a5550d1340e354786109af7 Mon Sep 17 00:00:00 2001 From: Mathieu Bridon Date: Mon, 28 Mar 2011 09:39:53 +0200 Subject: [PATCH] tests: avoid unwarranted failure in mock-simulated non-SELinux env. * tests/init.cfg (require_selinux_): Skip the test also when /proc/filesystems does not list selinuxfs. Add comments. * cfg.mk (exclude_file_name_regexp--sc_file_system): Exempt tests/init.cfg, with its use of /proc/filesystems. Based on the patch by Mathieu Bridon in http://debbugs.gnu.org/8359. More discussion in http://bugzilla.redhat.com/573111 --- cfg.mk | 3 ++- tests/init.cfg | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/cfg.mk b/cfg.mk index fe2dd13..99a6e5e 100644 --- a/cfg.mk +++ b/cfg.mk @@ -345,7 +345,8 @@ exclude_file_name_regexp--sc_po_check = ^gl/ exclude_file_name_regexp--sc_prohibit_always-defined_macros = ^src/seq\.c$$ exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = ^tests/pr/ exclude_file_name_regexp--sc_program_name = ^(gl/.*|lib/euidaccess-stat)\.c$$ -exclude_file_name_regexp--sc_file_system = NEWS|^(src/df\.c|tests/misc/df-P)$$ +exclude_file_name_regexp--sc_file_system = \ + NEWS|^(tests/init\.cfg|src/df\.c|tests/misc/df-P)$$ exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \ ^m4/stat-prog\.m4$$ exclude_file_name_regexp--sc_prohibit_fail_0 = \ diff --git a/tests/init.cfg b/tests/init.cfg index f74d50c..0711455 100644 --- a/tests/init.cfg +++ b/tests/init.cfg @@ -216,6 +216,13 @@ skip_if_() require_selinux_() { + # When in a chroot of an SELinux-enabled system, but with a mock-simulated + # SELinux-*disabled* system, recognize that SELinux is disabled system wide: + grep 'selinuxfs$' /proc/filesystems > /dev/null \ + || skip_test_ "this system lacks SELinux support" + + # Independent of whether SELinux is enabled system-wide, + # the current file system may lack SELinux support. case `ls -Zd .` in '? .'|'unlabeled .') skip_test_ "this system (or maybe just" \ -- 1.7.4.1.688.g95e3e ------------=_1301306822-30484-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 28 Mar 2011 04:45:00 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q44K3-0000oC-CI for submit@debbugs.gnu.org; Mon, 28 Mar 2011 00:44:59 -0400 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Q43P3-0007y6-AA for submit@debbugs.gnu.org; Sun, 27 Mar 2011 23:46:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q43Ox-0002qD-At for submit@debbugs.gnu.org; Sun, 27 Mar 2011 23:46:00 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([199.232.76.165]:35194) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q43Ox-0002q9-8z for submit@debbugs.gnu.org; Sun, 27 Mar 2011 23:45:59 -0400 Received: from [140.186.70.92] (port=51751 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q43Ow-0000QB-EW for bug-coreutils@gnu.org; Sun, 27 Mar 2011 23:45:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q43Ov-0002pZ-6Q for bug-coreutils@gnu.org; Sun, 27 Mar 2011 23:45:58 -0400 Received: from karen.lavabit.com ([72.249.41.33]:33267) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q43Ov-0002pP-3J for bug-coreutils@gnu.org; Sun, 27 Mar 2011 23:45:57 -0400 Received: from a.earth.lavabit.com (a.earth.lavabit.com [192.168.111.10]) by karen.lavabit.com (Postfix) with ESMTP id 8424A11BCD6 for ; Sun, 27 Mar 2011 22:45:55 -0500 (CDT) Received: from 10.8.2.80 (network-box.com [175.45.17.220]) by lavabit.com with ESMTP id 19FL9TIII740 for ; Sun, 27 Mar 2011 22:45:52 -0500 Subject: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not. From: Mathieu Bridon To: bug-coreutils@gnu.org Content-Type: text/plain; charset="UTF-8" Organization: Fedora Project Date: Mon, 28 Mar 2011 11:45:43 +0800 Message-ID: <1301283943.2130.266.camel@bochecha> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 (2.32.2-1.fc14) Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 199.232.76.165 X-Spam-Score: -6.6 (------) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 28 Mar 2011 00:44:58 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.6 (------) The unit tests would run ls to see if the files had an SELinux context, and would assume SELinux is enabled if they did. This is not ideal, and can cause test failures in some environments: https://bugzilla.redhat.com/show_bug.cgi?id=573111#c26 The problem in the case of the above bug report is that the host has SELinux enabled (and thus files have a context) but the chroot (mock) fakes SELinux being disabled. Unfortunately, it can't remove the context, which makes ls thinks that SELinux is enabled. Later on, when running certain unit tests (e.g id-context), they fail as they use the libselinux which (correctly) thinks SELinux is disabled (and in the case of id-context, id will not return the context of the user). A better way to test if SELinux is enabled is to search for the SELinux filesystem (see the above bug report). This is what this commit does. --- tests/init.cfg | 9 +++------ 1 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/init.cfg b/tests/init.cfg index f74d50c..ca92297 100644 --- a/tests/init.cfg +++ b/tests/init.cfg @@ -216,12 +216,9 @@ skip_if_() require_selinux_() { - case `ls -Zd .` in - '? .'|'unlabeled .') - skip_test_ "this system (or maybe just" \ - "the current file system) lacks SELinux support" - ;; - esac + grep selinux /proc/filesystems > /dev/null || \ + skip_test_ "this system (or maybe just" \ + "the current file system) lacks SELinux support" } very_expensive_() -- 1.7.4 ------------=_1301306822-30484-1--