diff options
author | Ondřej Vašík <ovasik@redhat.com> | 2008-04-23 12:38:54 +0200 |
---|---|---|
committer | Jim Meyering <meyering@redhat.com> | 2008-04-23 17:51:44 +0200 |
commit | 1a5b6e3a50b25f3af9d3b83ccdfc1db518ba09ca (patch) | |
tree | f3dd58aeb9bcdfb57bbd084213b6e006ee25dac4 | |
parent | 0a4a938b6bf60903475d85cad399f874f8afe51c (diff) | |
download | coreutils-1a5b6e3a50b25f3af9d3b83ccdfc1db518ba09ca.tar.xz |
id: do not print SELinux context when invoked with a USERNAME argument
* NEWS: Mention new behaviour.
* src/id.c (main): Do not print SELinux context when user is specified.
* tests/Makefile.am: Add the new test.
* tests/misc/id-context: New file. Test for the fix.
Problem reported by Ronny Buchmann in http://bugzilla.redhat.com/443485.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | src/id.c | 10 | ||||
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rwxr-xr-x | tests/misc/id-context | 37 |
4 files changed, 46 insertions, 5 deletions
@@ -4,6 +4,9 @@ GNU coreutils NEWS -*- outline -*- ** Bug fixes + id with no options now prints the SELinux context only when invoked + with no USERNAME argument. + id and groups once again print the AFS-specific nameless group-ID (PAG). Printing of such large-numbered, kernel-only (not in /etc/group) group-IDs was suppressed in 6.11 due to ignorance that they are useful. @@ -179,11 +179,11 @@ main (int argc, char **argv) cannot display context when selinux not enabled or when displaying the id\n\ of a different user")); - /* If we are on a selinux-enabled kernel, get our context. - Otherwise, leave the context variable alone - it has - been initialized known invalid value; if we see this invalid - value later, we will know we are on a non-selinux kernel. */ - if (selinux_enabled) + /* If we are on a selinux-enabled kernel and no user is specified, + get our context. Otherwise, leave the context variable alone - + it has been initialized known invalid value and will be not + displayed in print_full_info() */ + if (selinux_enabled && argc == optind) { if (getcon (&context) && just_context) error (EXIT_FAILURE, 0, _("can't get process context")); diff --git a/tests/Makefile.am b/tests/Makefile.am index b8fdc5795..7dfafac64 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -163,6 +163,7 @@ TESTS = \ misc/groups-version \ misc/head-c \ misc/head-pos \ + misc/id-context \ misc/md5sum \ misc/md5sum-newline \ misc/mknod \ diff --git a/tests/misc/id-context b/tests/misc/id-context new file mode 100755 index 000000000..5dca74493 --- /dev/null +++ b/tests/misc/id-context @@ -0,0 +1,37 @@ +#!/bin/sh +# Ensure that "id" outputs SELinux context only without specified user +# Copyright (C) 2008 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +if test "$VERBOSE" = yes; then + set -x + id --version +fi + +. $top_srcdir/tests/test-lib.sh +# Require selinux - when selinux is disabled, id never prints scontext. +require_selinux_ + +fail=0 + +# Check without specified user, context string should be present. +id | grep context= >/dev/null || fail=1 + +# Check with specified user, no context string should be present. +# But if the current user is nameless, skip this part. +id -nu > /dev/null \ + && id $(id -nu) | grep context= >/dev/null && fail=1 + +(exit $fail); exit $fail |