#!/bin/sh # Test SELinux-related options. if test "$VERBOSE" = yes; then set -x ls --version fi . $srcdir/../envvar-check . $srcdir/../lang-default PRIV_CHECK_ARG=require-non-root . $srcdir/../priv-check test "`ls -Zd .`" = '? .' && { echo "$0: skipping this test; this system lacks SELinux support" 1>&2 exit 77 } pwd=`pwd` t0=`echo "$0"|sed 's,.*/,,'`.tmp; tmp=$t0/$$ trap 'status=$?; cd $pwd; chmod -R u+rwx $t0; rm -rf $t0 && exit $status' 0 trap '(exit $?); exit $?' 1 2 13 15 framework_failure=0 mkdir -p $tmp || framework_failure=1 cd $tmp || framework_failure=1 # Create a regular file, dir, fifo. touch f || framework_failure=1 mkdir d s1 s2 || framework_failure=1 mkfifo p || framework_failure=1 if test $framework_failure = 1; then echo "$0: failure in testing framework" 1>&2 (exit 1); exit 1 fi fail=0 ctx=root:object_r:tmp_t # FIXME, what if $ctx is no different from the default. Not likely. # give each a different context, via chcon chcon $ctx f d p || fail=1 # inspect that context with both ls -Z and stat. for i in d f p; do c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1 c=`stat --printf %C $i`; test x$c = x$ctx || fail=1 done # Copy each to a new directory and ensure that context is preserved. cp -r --preserve=all d f p s1 || fail=1 for i in d f p; do c=`stat --printf %C s1/$i`; test x$c = x$ctx || fail=1 done # Now, move each to a new directory and ensure that context is preserved. mv d f p s2 || fail=1 for i in d f p; do c=`stat --printf %C s2/$i`; test x$c = x$ctx || fail=1 done (exit $fail); exit $fail