On 8/26/19 5:40 PM, Paul Moore wrote:
From: Paul Moore <paul@xxxxxxxxxxxxxx>
Commit 697efc910393 ("selinux-testsuite: fix the cgroups_label test")
fixed the cgroups_label test on new systems, but it broke old systems.
Try to use /sys/fs/cgroup/unified first and if that doesn't exist go
with the new approach introduced in the commit above.
Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
This leaves the test system in a broken state, with all of
/sys/fs/cgroup/unified getting relabeled to test_cgroup_t during the
test and then switching to unlabeled_t upon the unloading of the test
policy. I get a bajillion denials after the testsuite completes from
anything trying to access /sys/fs/cgroup/unified, and ls -Z
/sys/fs/cgroup/unified shows it as being unlabeled_t throughout.
---
tests/cgroupfs_label/test | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tests/cgroupfs_label/test b/tests/cgroupfs_label/test
index 385b953..91517b4 100755
--- a/tests/cgroupfs_label/test
+++ b/tests/cgroupfs_label/test
@@ -5,7 +5,11 @@ BEGIN { plan tests => 2 }
my $ret;
-my $dir = "/sys/fs/cgroup/selinuxtest";
+# Older systems use /sys/fs/cgroup/unified, newer use /sys/fs/cgroup.
+my $dir = "/sys/fs/cgroup/unified";
+if (! -d $dir) {
+ $dir = "/sys/fs/cgroup/selinuxtest";
+}
# Create a new cgroupfs directory and relabel it.
mkdir("$dir");
