[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] tests: fix false failure in cp --preserve=context test
From: |
Pádraig Brady |
Subject: |
[PATCH] tests: fix false failure in cp --preserve=context test |
Date: |
Fri, 18 Jul 2014 13:04:01 +0100 |
With libselinux-2.2.1-6.fc20.x86_64, kernel-3.12.6-300.fc20.x86_64
`cp --preserve=context src dst` was seen to succeed when src and
dst where on the same fixed context file system, as lsetfilecon()
returned success in this case when the context wasn't being changed.
* tests/cp/cp-a-selinux.sh: Copy from a different file system to
most likely have a different context that will test context
setting logic correctly.
---
tests/cp/cp-a-selinux.sh | 36 ++++++++++++++++++++----------------
1 files changed, 20 insertions(+), 16 deletions(-)
diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh
index db0d689..58887d2 100755
--- a/tests/cp/cp-a-selinux.sh
+++ b/tests/cp/cp-a-selinux.sh
@@ -41,6 +41,7 @@ ls -Z d | grep $ctx || fail=1
compare /dev/null err || fail=1
ls -Z e | grep $ctx || fail=1
ls -Z f | grep $ctx || fail=1
+rm -f f
# Check handling of existing dirs which requires specific handling
# due to recursion, and was handled incorrectly in coreutils-8.22
@@ -110,12 +111,15 @@ test $skip = 1 \
cd mnt || framework_failure_
-echo > f || framework_failure_
-
+# Create files with hopefully different contexts
+echo > ../f || framework_failure_
echo > g || framework_failure_
+test "$(stat -c%C ../f)" = "$(stat -c%C g)" &&
+ skip_ "files on separate file systems have the same security context"
+
# /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp
# succeed (giving no diagnostics), yet leaving the destination file empty.
-cp -a f g 2>err || fail=1
+cp -a ../f g 2>err || fail=1
test -s g || fail=1 # The destination file must not be empty.
compare /dev/null err || fail=1
@@ -123,14 +127,14 @@ compare /dev/null err || fail=1
# Here, we expect cp to succeed and not warn with "Operation not supported"
rm -f g
echo > g
-cp --preserve=all f g 2>err || fail=1
+cp --preserve=all ../f g 2>err || fail=1
test -s g || fail=1
grep "Operation not supported" err && fail=1
# =====================================================
# The same as above except destination does not exist
rm -f g
-cp --preserve=all f g 2>err || fail=1
+cp --preserve=all ../f g 2>err || fail=1
test -s g || fail=1
grep "Operation not supported" err && fail=1
@@ -150,7 +154,7 @@ echo > g
# =====================================================
# Here, we expect cp to fail, because it cannot set the SELinux
# security context through NFS or a mount with fixed context.
-cp --preserve=context f g 2> out && fail=1
+cp --preserve=context ../f g 2> out && fail=1
# Here, we *do* expect the destination to be empty.
compare /dev/null g || fail=1
sed "s/ .g'.*//" out > k
@@ -160,7 +164,7 @@ compare exp out || fail=1
rm -f g
echo > g
# Check if -a option doesn't silence --preserve=context option diagnostics
-cp -a --preserve=context f g 2> out2 && fail=1
+cp -a --preserve=context ../f g 2> out2 && fail=1
# Here, we *do* expect the destination to be empty.
compare /dev/null g || fail=1
sed "s/ .g'.*//" out2 > k
@@ -173,29 +177,29 @@ for no_g_cmd in '' 'rm -f g'; do
# the resulting ENOTSUP warning will be suppressed.
# With absolute path
$no_g_cmd
- cp -Z f $(realpath g) || fail=1
+ cp -Z ../f $(realpath g) || fail=1
# With relative path
$no_g_cmd
- cp -Z f g || fail=1
+ cp -Z ../f g || fail=1
# -Z overrides -a
$no_g_cmd
- cp -Z -a f g || fail=1
+ cp -Z -a ../f g || fail=1
# -Z doesn't take an arg
$no_g_cmd
- cp -Z "$ctx" f g && fail=1
+ cp -Z "$ctx" ../f g && fail=1
# Explicit context
$no_g_cmd
# Explicitly defaulting to the global $ctx should work
- cp --context="$ctx" f g || fail=1
+ cp --context="$ctx" ../f g || fail=1
# --context overrides -a
$no_g_cmd
- cp -a --context="$ctx" f g || fail=1
+ cp -a --context="$ctx" ../f g || fail=1
done
# Mutually exlusive options
-cp -Z --preserve=context f g && fail=1
-cp --preserve=context -Z f g && fail=1
-cp --preserve=context --context="$ctx" f g && fail=1
+cp -Z --preserve=context ../f g && fail=1
+cp --preserve=context -Z ../f g && fail=1
+cp --preserve=context --context="$ctx" ../f g && fail=1
Exit $fail
--
1.7.7.6
- [PATCH] tests: fix false failure in cp --preserve=context test,
Pádraig Brady <=