diff options
Diffstat (limited to 'tests/cp/cp-a-selinux')
-rwxr-xr-x | tests/cp/cp-a-selinux | 51 |
1 files changed, 30 insertions, 21 deletions
diff --git a/tests/cp/cp-a-selinux b/tests/cp/cp-a-selinux index 770dcc4fc..b65070a1c 100755 --- a/tests/cp/cp-a-selinux +++ b/tests/cp/cp-a-selinux @@ -60,51 +60,60 @@ test $skip = 1 \ cd mnt || framework_failure echo > f || framework_failure -echo > g || framework_failure - +echo > g || framework_failure # /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp # succeed (giving no diagnostics), yet leaving the destination file empty. cp -a f g 2>err || fail=1 test -s g || fail=1 # The destination file must not be empty. test -s err && fail=1 # There must be no stderr output. -rm -f g err +# ===================================================== +# Here, we expect cp to succeed and not warn with "Operation not supported" +rm -f g echo > g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 # ===================================================== +# The same as above except destination does not exist +rm -f g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 + +# An alternative to the following approach would be to run in a confined +# domain (maybe creating/loading it) that lacks the required permissions +# to the file type. +# Note: this test could also be run by a regular (non-root) user in an +# NFS mounted directory. When doing that, I get this diagnostic: +# cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \ +# Operation not supported +cat <<\EOF > exp || framework_failure=1 +cp: failed to set the security context of +EOF + +rm -f g +echo > g +# ===================================================== # Here, we expect cp to fail, because it cannot set the SELinux # security context through NFS or a mount with fixed context. cp --preserve=context f g 2> out && fail=1 - # Here, we *do* expect the destination to be empty. test -s g && fail=1 +sed "s/ .g' to .*//" out > k +mv k out +compare out exp || fail=1 rm -f g echo > g # Check if -a option doesn't silence --preserve=context option diagnostics cp -a --preserve=context f g 2> out2 && fail=1 - # Here, we *do* expect the destination to be empty. test -s g && fail=1 - -# An alternative to the current approach would be to run in a confined -# domain (maybe creating/loading it) that lacks the required permissions -# to the file type. -# Note: this test could also be run by a regular (non-root) user in an -# NFS mounted directory. When doing that, I get this diagnostic: -# cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \ -# Operation not supported -sed "s/ .g' to .*//" out > k -mv k out sed "s/ .g' to .*//" out2 > k mv k out2 - -cat <<\EOF > exp || fail=1 -cp: failed to set the security context of -EOF - -compare out exp || fail=1 compare out2 exp || fail=1 Exit $fail |