[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] tests: avoid false failure when restorecon is ineffective
From: |
Pádraig Brady |
Subject: |
[PATCH] tests: avoid false failure when restorecon is ineffective |
Date: |
Sat, 10 Oct 2015 17:06:56 +0100 |
* tests/cp/cp-a-selinux.sh: Ensure we skip the portion of the test
depending on restorecon to be effective. I.E. also skip when restorecon
warns, as it doesn't exit with error status when matchpathcon fails to
find a match for a file. This is the case in /tmp on Fedora for
example, in which case the new destination that cp creates will have the
default security context of the process, rather than the explicit
context we set on the source file.
Details at: http://bugzilla.redhat.com/1247641
---
tests/cp/cp-a-selinux.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh
index d000ee8..a889ad0 100755
--- a/tests/cp/cp-a-selinux.sh
+++ b/tests/cp/cp-a-selinux.sh
@@ -73,7 +73,8 @@ old_type_d=$(get_selinux_type c_d)
# and get the adjusted type for comparison
cp -a c Z1 || fail=1
cp -a c_d Z1_d || fail=1
-if restorecon Z1 Z1_d 2>/dev/null; then
+if restorecon Z1 Z1_d 2>restorecon.err \
+ && compare /dev/null restorecon.err; then
new_type_f=$(get_selinux_type Z1)
new_type_d=$(get_selinux_type Z1_d)
--
2.5.0
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] tests: avoid false failure when restorecon is ineffective,
Pádraig Brady <=