[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2 final selinux changes before cutting snapshot

From: Pádraig Brady
Subject: 2 final selinux changes before cutting snapshot
Date: Thu, 05 Dec 2013 00:59:00 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2;a=commit;h=37e001d2
    tests: fix false failure with disabled SELinux support

    This could trigger on SELinux systems where we build --without-selinux
    or where the SELinux development libraries are not installed.

    * init.cfg (require_selinux_enforcing_): Call require_selinux_()
    to determine if the current build supports SELinux.  This avoids
    a false failure in tests/mkdir/ where only mkdir would
    determine that SELinux was disabled and thus ignore invalid contexts.
    (require_selinux_): Refactor a little to distinguish whether it's
    the build or the (file) system that doesn't support SELinux.;a=commit;h=0013de3e
    selinux: fix --context=CTX for cp and diagnose defaultcon() errors

    * src/selinux.h (ignorable_ctx_err): A new function used
    to determine if a warning should be given after a call
    to defaultcon() or restorecon().
    * src/cp.c (main): Fix the setfscreatecon() call to use
    the argument passed by the user.
    * src/mkdir.c (make_ancestor): Show all but "ignoreable" errors
    from defaultcon() and restorecon().
    * tests/misc/ Add a test run as root in selinux enforcing
    mode, to ensure cp --context=invalid is honored and fails immediately.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]