On Tue, Mar 14, 2023 at 5:58 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > The 'env' utility can be used just as well. This avoids the "bash: > /root/.bashrc: Permission denied" error message that appears when the > testsuite is ran with a terminal attached to the stdout/stdin and the > corresponding AVC denials. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > tests/atsecure/test | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tests/atsecure/test b/tests/atsecure/test > index 59ba3a4..4079a1b 100755 > --- a/tests/atsecure/test > +++ b/tests/atsecure/test > @@ -20,12 +20,12 @@ ok( $result, 0 ); > > # Verify that LD_PRELOAD is ignored when noatsecure permission is not allowed. > $result = system( > -"runcon -t test_atsecure_denied_t -- bash -c 'LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good'" > +"runcon -t test_atsecure_denied_t -- env LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good" > ); > ok( $result, 0 ); > > # Verify that LD_PRELOAD is honored when noatsecure permission is allowed. > $result = system( > -"runcon -t test_atsecure_allowed_t -- bash -c 'LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good'" > +"runcon -t test_atsecure_allowed_t -- env LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good" > ); > ok($result); > -- > 2.39.2 > Applied: https://github.com/SELinuxProject/selinux-testsuite/commit/17fecc443e267407f2f48e2cb17fbe83699f235d -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
