[PATCH] test: add user_xattr check for securityselinuxlabeltest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



libvirt unit test used setxattr with "user.libvirt.selinux" name to
emulate setfilecon of selinux. But for some old kernel filesystem
(like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with
user_xattr flag, the setxattr with "user.libvirt.selinux" will fail.

So adding testUserXattrEnabled() in securityselinuxlabeltest.c,
if user_xattr is not enabled, skip this case.

The user_xattr is departed in newer kernel, therefore this commit is
only for the compatablity for old kernel.

Signed-off-by: Jincheng Miao <jmiao@xxxxxxxxxx>
---
 tests/securityselinuxlabeltest.c |   33 +++++++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 88ec35a..3f155e3 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -28,6 +28,7 @@
 
 #include <selinux/selinux.h>
 #include <selinux/context.h>
+#include <attr/xattr.h>
 
 #include "internal.h"
 #include "testutils.h"
@@ -56,6 +57,35 @@ struct testSELinuxFile {
     char *context;
 };
 
+static int
+testUserXattrEnabled(void)
+{
+    int ret = -1;
+    ssize_t len;
+    const char *con_value = "system_u:object_r:svirt_image_t:s0:c41,c264";
+    char *path = NULL;
+    if (virAsprintf(&path, "%s/securityselinuxlabeldata/testxattr",
+                    abs_srcdir) < 0)
+        goto cleanup;
+
+    if (virFileTouch(path, 0600) < 0)
+        goto cleanup;
+
+    len = setxattr(path, "user.libvirt.selinux", con_value,
+                   strlen(con_value), 0);
+    if (len < 0) {
+        if (errno == EOPNOTSUPP)
+            ret = 0;
+        goto cleanup;
+    }
+
+    ret = 1;
+
+ cleanup:
+    unlink(path);
+    VIR_FREE(path);
+    return ret;
+}
 
 static int
 testSELinuxMungePath(char **path)
@@ -322,6 +352,9 @@ mymain(void)
 {
     int ret = 0;
 
+    if (!testUserXattrEnabled())
+        return EXIT_AM_SKIP;
+
     if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
         virErrorPtr err = virGetLastError();
         fprintf(stderr, "Unable to initialize security driver: %s\n",
-- 
1.7.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]