diff options
| author | Pádraig Brady <P@draigBrady.com> | 2013-12-04 19:10:37 +0000 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2013-12-05 00:18:36 +0000 |
| commit | 0013de3e603162081c4464ea1f7ad3285f633d78 (patch) | |
| tree | d93f83bc57d79b098b7d20d9cb60cf1b8296779e /tests | |
| parent | b53b0fd940382497e58a9e912f1262c2084fe534 (diff) | |
| download | coreutils-0013de3e603162081c4464ea1f7ad3285f633d78.tar.xz | |
selinux: fix --context=CTX for cp and diagnose defaultcon() errors
* src/selinux.h (ignorable_ctx_err): A new function used
to determine if a warning should be given after a call
to defaultcon() or restorecon().
* src/cp.c (main): Fix the setfscreatecon() call to use
the argument passed by the user.
* src/mkdir.c (make_ancestor): Show all but "ignoreable" errors
from defaultcon() and restorecon().
* tests/misc/selinux.sh: Add a test run as root in selinux enforcing
mode, to ensure cp --context=invalid is honored and fails immediately.
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/misc/selinux.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/misc/selinux.sh b/tests/misc/selinux.sh index b30bcbcf7..3c53b9fce 100755 --- a/tests/misc/selinux.sh +++ b/tests/misc/selinux.sh @@ -44,6 +44,12 @@ done # ensure that ls -l output includes the ".". c=$(ls -l f|cut -c11); test "$c" = . || fail=1 +# Copy with an invalid context and ensure it fails +# Note this may succeed when root and selinux is in permissive mode +if test "$(getenforce)" = Enforcing; then + cp --context='invalid-selinux-context' f f.cp && fail=1 +fi + # Copy each to a new directory and ensure that context is preserved. cp -r --preserve=all d f p s1 || fail=1 for i in d f p; do |