diff options
author | Kamil Dudka <kdudka@redhat.com> | 2016-07-08 18:59:35 +0200 |
---|---|---|
committer | Pádraig Brady <P@draigBrady.com> | 2016-07-08 18:40:23 +0100 |
commit | 502518b44039138d148e2e15157d125c82d02af0 (patch) | |
tree | eb58a064b254bf46526c372059c88d334778c8f3 /tests | |
parent | 54c1397510cb08433680b5b7da46a8201770e9ee (diff) | |
download | coreutils-502518b44039138d148e2e15157d125c82d02af0.tar.xz |
install: with -Z, set default SELinux context for created directories
* doc/coreutils.texi (install invocation): Update -Z documentation.
* src/install.c (make_ancestor): Set default security context before
calling mkdir() if the -Z option is given.
(process_dir): Call restorecon() on the destination directory if the
-Z option is given.
(usage): Update -Z documentation.
* tests/install/install-Z-selinux.sh: A new test for 'install -Z -D'
and 'install -Z -d' based on tests/mkdir/restorecon.sh.
* tests/local.mk: Reference the test.
* NEWS: Mention the improvement.
Reported at https://bugzilla.redhat.com/1339135
Fixes http://bugs.gnu.org/23868
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/install/install-Z-selinux.sh | 58 | ||||
-rw-r--r-- | tests/local.mk | 1 |
2 files changed, 59 insertions, 0 deletions
diff --git a/tests/install/install-Z-selinux.sh b/tests/install/install-Z-selinux.sh new file mode 100755 index 000000000..9c3b6420b --- /dev/null +++ b/tests/install/install-Z-selinux.sh @@ -0,0 +1,58 @@ +#!/bin/sh +# test 'install -Z -D' and 'install -Z -d' +# based on tests/mkdir/restorecon.sh + +# Copyright (C) 2013-2016 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ ginstall +require_selinux_ + + +get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } + +mkdir subdir || framework_failure_ +chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ +cd subdir + +# Since in a tmp_t dir, dirs can be created as user_tmp_t ... +touch standard || framework_failure_ +mkdir restored || framework_failure_ +if restorecon restored 2>/dev/null; then + # ... but when restored can be set to user_home_t + # So ensure the type for these mkdir -Z cases matches + # the directory type as set by restorecon. + ginstall -Z standard single || fail=1 + ginstall -Z -d single_d || fail=1 + # Run these as separate processes in case global context + # set for an arg, impacts on another arg + # TODO: Have the defaultcon() vary over these directories + for dst in single_d/existing/file multi/ple/file; do + ginstall -Z -D standard "$dst" || fail=1 + done + restored_type=$(get_selinux_type 'restored') + test "$(get_selinux_type 'single')" = "$restored_type" || fail=1 + test "$(get_selinux_type 'single_d')" = "$restored_type" || fail=1 + test "$(get_selinux_type 'single_d/existing')" = "$restored_type" || fail=1 + test "$(get_selinux_type 'multi')" = "$restored_type" || fail=1 + test "$(get_selinux_type 'multi/ple')" = "$restored_type" || fail=1 +fi +if test "$fail" = '1'; then + ls -UZd standard restored + ls -UZd single single_d single_d/existing multi multi/ple +fi + +Exit $fail diff --git a/tests/local.mk b/tests/local.mk index 3032bdafa..27cbf6e5d 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -550,6 +550,7 @@ all_tests = \ tests/install/d-slashdot.sh \ tests/install/install-C.sh \ tests/install/install-C-selinux.sh \ + tests/install/install-Z-selinux.sh \ tests/install/strip-program.sh \ tests/install/trap.sh \ tests/ln/backup-1.sh \ |