diff options
| author | Stefano Lattarini <stefano.lattarini@gmail.com> | 2012-08-30 14:13:12 +0200 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2012-08-30 18:55:59 +0200 |
| commit | 9eb4c31eb78c28dd9f72d1cbb940270311be343c (patch) | |
| tree | ea3078bc1b002a9f948ed41445ca32318002a1d3 /tests/cp/cp-a-selinux.sh | |
| parent | 00f5ba15dd91a3d9780fe1fbd06a4df436ae6714 (diff) | |
| download | coreutils-9eb4c31eb78c28dd9f72d1cbb940270311be343c.tar.xz | |
tests: add .sh and .pl suffixes to shell and perl tests, respectively
Not only this shrinks the size of the generated Makefile (from > 6300
lines to ~3000), but will allow further simplifications in future
changes.
* tests/Makefile.am (TEST_EXTENSIONS): Add '.sh' and '.pl'.
(PL_LOG_COMPILER, SH_LOG_COMPILER): New, still defined simply to
$(LOG_COMPILER) for the time being.
(TESTS, root_tests): Adjust as described.
* All tests: Rename as described.
Diffstat (limited to 'tests/cp/cp-a-selinux.sh')
| -rwxr-xr-x | tests/cp/cp-a-selinux.sh | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh new file mode 100755 index 000000000..b85298488 --- /dev/null +++ b/tests/cp/cp-a-selinux.sh @@ -0,0 +1,114 @@ +#!/bin/sh +# Ensure that cp -a and cp --preserve=context work properly. +# In particular, test on a writable NFS partition. +# Check also locally if --preserve=context, -a and --preserve=all +# does work + +# Copyright (C) 2007-2012 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +. "${srcdir=.}/init.sh"; path_prepend_ ../src +print_ver_ cp +require_root_ +require_selinux_ + +cwd=$(pwd) +cleanup_() { cd /; umount "$cwd/mnt"; } + +# This context is special: it works even when mcstransd isn't running. +ctx=root:object_r:tmp_t:s0 + +# Check basic functionality - before check on fixed context mount +touch c || framework_failure_ +chcon $ctx c || framework_failure_ +cp -a c d 2>err || framework_failure_ +cp --preserve=context c e || framework_failure_ +cp --preserve=all c f || framework_failure_ +ls -Z d | grep $ctx || fail=1 +test -s err && fail=1 #there must be no stderr output for -a +ls -Z e | grep $ctx || fail=1 +ls -Z f | grep $ctx || fail=1 + +skip=0 +# Create a file system, then mount it with the context=... option. +dd if=/dev/zero of=blob bs=8192 count=200 || skip=1 +mkdir mnt || skip=1 +mkfs -t ext2 -F blob || + skip_ "failed to create an ext2 file system" + +mount -oloop,context=$ctx blob mnt || skip=1 +test $skip = 1 \ + && skip_ "insufficient mount/ext2 support" + +cd mnt || framework_failure_ + +echo > f || framework_failure_ + +echo > g || framework_failure_ +# /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp +# succeed (giving no diagnostics), yet leaving the destination file empty. +cp -a f g 2>err || fail=1 +test -s g || fail=1 # The destination file must not be empty. +test -s err && fail=1 # There must be no stderr output. + +# ===================================================== +# Here, we expect cp to succeed and not warn with "Operation not supported" +rm -f g +echo > g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 + +# ===================================================== +# The same as above except destination does not exist +rm -f g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 + +# An alternative to the following approach would be to run in a confined +# domain (maybe creating/loading it) that lacks the required permissions +# to the file type. +# Note: this test could also be run by a regular (non-root) user in an +# NFS mounted directory. When doing that, I get this diagnostic: +# cp: failed to set the security context of 'g' to 'system_u:object_r:nfs_t': \ +# Operation not supported +cat <<\EOF > exp || framework_failure_ +cp: failed to set the security context of +EOF + +rm -f g +echo > g +# ===================================================== +# Here, we expect cp to fail, because it cannot set the SELinux +# security context through NFS or a mount with fixed context. +cp --preserve=context f g 2> out && fail=1 +# Here, we *do* expect the destination to be empty. +test -s g && fail=1 +sed "s/ .g' to .*//" out > k +mv k out +compare exp out || fail=1 + +rm -f g +echo > g +# Check if -a option doesn't silence --preserve=context option diagnostics +cp -a --preserve=context f g 2> out2 && fail=1 +# Here, we *do* expect the destination to be empty. +test -s g && fail=1 +sed "s/ .g' to .*//" out2 > k +mv k out2 +compare exp out2 || fail=1 + +Exit $fail |