From: Eric Biggers <ebiggers@xxxxxxxxxx> If SELinux is enabled, xfstests mounts its filesystems with "-o context=system_u:object_r:nfs_t:s0" so that no SELinux xattrs get created and interfere with tests. However, this particular context is not guaranteed to be available because the context names are a detail of the SELinux policy. The SELinux policy on Android systems, for example, does not have a context with this name. To fix this, just grab the SELinux context of the root directory. This is arbitrary, but it should always provide a valid context. And any valid context *should* be okay (i.e. we don't necessarily need a "liberal" one), since one would likely encounter many other problems if they were to run xfstests in a confined context with SELinux in enforcing mode. Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> --- common/config | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/common/config b/common/config index fb60216c..ab635767 100644 --- a/common/config +++ b/common/config @@ -259,11 +259,16 @@ case "$HOSTOS" in esac # SELinux adds extra xattrs which can mess up our expected output. -# So, mount with a context, and they won't be created -# # nfs_t is a "liberal" context so we can use it. +# So, mount with a context, and they won't be created. +# +# Since the context= option only accepts contexts defined in the +# SELinux policy, and different systems may have different policies +# with different context names, use the context of an existing +# directory. (Assume that any valid context is fine, since xfstests +# should really only be run from an "unconfined" process, or with +# SELinux in permissive mode.) if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then - SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0" - export SELINUX_MOUNT_OPTIONS + export SELINUX_MOUNT_OPTIONS="-o context=$(stat -c %C /)" fi # check if mkfs.xfs supports v5 xfs -- 2.12.0.246.ga2ecc84866-goog -- To unsubscribe from this list: send the line "unsubscribe fstests" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
