From 0013de3e603162081c4464ea1f7ad3285f633d78 Mon Sep 17 00:00:00 2001 From: Pádraig Brady Date: Wed, 4 Dec 2013 19:10:37 +0000 Subject: selinux: fix --context=CTX for cp and diagnose defaultcon() errors * src/selinux.h (ignorable_ctx_err): A new function used to determine if a warning should be given after a call to defaultcon() or restorecon(). * src/cp.c (main): Fix the setfscreatecon() call to use the argument passed by the user. * src/mkdir.c (make_ancestor): Show all but "ignoreable" errors from defaultcon() and restorecon(). * tests/misc/selinux.sh: Add a test run as root in selinux enforcing mode, to ensure cp --context=invalid is honored and fails immediately. --- tests/misc/selinux.sh | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'tests/misc') diff --git a/tests/misc/selinux.sh b/tests/misc/selinux.sh index b30bcbcf7..3c53b9fce 100755 --- a/tests/misc/selinux.sh +++ b/tests/misc/selinux.sh @@ -44,6 +44,12 @@ done # ensure that ls -l output includes the ".". c=$(ls -l f|cut -c11); test "$c" = . || fail=1 +# Copy with an invalid context and ensure it fails +# Note this may succeed when root and selinux is in permissive mode +if test "$(getenforce)" = Enforcing; then + cp --context='invalid-selinux-context' f f.cp && fail=1 +fi + # Copy each to a new directory and ensure that context is preserved. cp -r --preserve=all d f p s1 || fail=1 for i in d f p; do -- cgit v1.2.3-70-g09d2