Add missing generated/m32/mx32 chunks for --secontext=mismatch option support
* 0168-m4-fix-st_SELINUX-check.patch: Add missing configure changes. * 0169-Implement-displaying-of-expected-context-upon-mismat.patch: Add missing tests-m32/gen_tests.in, tests-m32/linkat.c, tests-m32/options-syntax.test, tests-m32/secontext.c, tests-m32/secontext.h, tests-mx32/gen_tests.in, tests-mx32/linkat.c, tests-mx32/options-syntax.test, tests-mx32/secontext.c, tests-mx32/secontext.h, tests/Makefile.in, tests-m32/Makefile.in, tests-mx32/Makefile.in, and configure changes, as well as all tests*/_mismatch.c files. * 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch: Add missing tests-m32/linkat.c and tests-mx32/linkat.c changes. * 0171-tests-secontext-add-secontext-field-getters.patch: Add missing tests-m32/secontext.c, tests-m32/secontext.h, tests-mx32/secontext.c, and tests-mx32/secontext.h changes. * 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch: Add missing tests-m32/linkat.c and tests-mx32/linkat.c changes. * 0173-tests-secontext-eliminate-separate-secontext_format-.patch: Add missing tests-m32/secontext.c and tests-mx32/secontext.c changes. * 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch: Add missing tests-m32/linkat.c, tests-m32/secontext.c, tests-m32/secontext.h, tests-mx32/linkat.c, tests-mx32/secontext.c, and tests-mx32/secontext.h changes. * strace.spec (Release): Bump to 7. (%changelog): Mention the change. Resolves: #2046264 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
parent
e80309331c
commit
4a389010ff
@ -61,6 +61,148 @@ index da72a48..7b24eba 100644
|
|||||||
]
|
]
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
|
--- old/configure 2022-02-07 20:17:58.364068436 +0100
|
||||||
|
+++ new/configure 2022-02-07 20:19:17.092067347 +0100
|
||||||
|
@@ -18437,9 +18437,12 @@
|
||||||
|
if test "x$found_selinux_h" = xyes; then :
|
||||||
|
saved_LDFLAGS="$LDFLAGS"
|
||||||
|
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
|
||||||
|
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpidcon in -lselinux" >&5
|
||||||
|
-$as_echo_n "checking for getpidcon in -lselinux... " >&6; }
|
||||||
|
-if ${ac_cv_lib_selinux_getpidcon+:} false; then :
|
||||||
|
+ missing=
|
||||||
|
+ for func in getpidcon getfilecon; do
|
||||||
|
+ as_ac_Lib=`$as_echo "ac_cv_lib_selinux_$func" | $as_tr_sh`
|
||||||
|
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $func in -lselinux" >&5
|
||||||
|
+$as_echo_n "checking for $func in -lselinux... " >&6; }
|
||||||
|
+if eval \${$as_ac_Lib+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
ac_check_lib_save_LIBS=$LIBS
|
||||||
|
@@ -18453,101 +18456,59 @@
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C"
|
||||||
|
#endif
|
||||||
|
-char getpidcon ();
|
||||||
|
+char $func ();
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
-return getpidcon ();
|
||||||
|
+return $func ();
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
- ac_cv_lib_selinux_getpidcon=yes
|
||||||
|
+ eval "$as_ac_Lib=yes"
|
||||||
|
else
|
||||||
|
- ac_cv_lib_selinux_getpidcon=no
|
||||||
|
+ eval "$as_ac_Lib=no"
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LIBS=$ac_check_lib_save_LIBS
|
||||||
|
fi
|
||||||
|
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getpidcon" >&5
|
||||||
|
-$as_echo "$ac_cv_lib_selinux_getpidcon" >&6; }
|
||||||
|
-if test "x$ac_cv_lib_selinux_getpidcon" = xyes; then :
|
||||||
|
- libselinux_LIBS="-lselinux"
|
||||||
|
- enable_secontext=yes
|
||||||
|
-
|
||||||
|
+eval ac_res=\$$as_ac_Lib
|
||||||
|
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
|
||||||
|
+$as_echo "$ac_res" >&6; }
|
||||||
|
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
|
||||||
|
+ :
|
||||||
|
else
|
||||||
|
- if test "x$with_libselinux" != xcheck; then
|
||||||
|
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||||
|
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||||
|
-as_fn_error $? "failed to find getpidcon in libselinux
|
||||||
|
-See \`config.log' for more details" "$LINENO" 5; }
|
||||||
|
- fi
|
||||||
|
-
|
||||||
|
-
|
||||||
|
+ missing="$missing $func"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getfilecon in -lselinux" >&5
|
||||||
|
-$as_echo_n "checking for getfilecon in -lselinux... " >&6; }
|
||||||
|
-if ${ac_cv_lib_selinux_getfilecon+:} false; then :
|
||||||
|
- $as_echo_n "(cached) " >&6
|
||||||
|
-else
|
||||||
|
- ac_check_lib_save_LIBS=$LIBS
|
||||||
|
-LIBS="-lselinux $LIBS"
|
||||||
|
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
-/* end confdefs.h. */
|
||||||
|
-
|
||||||
|
-/* Override any GCC internal prototype to avoid an error.
|
||||||
|
- Use char because int might match the return type of a GCC
|
||||||
|
- builtin and then its argument prototype would still apply. */
|
||||||
|
-#ifdef __cplusplus
|
||||||
|
-extern "C"
|
||||||
|
-#endif
|
||||||
|
-char getfilecon ();
|
||||||
|
-int
|
||||||
|
-main ()
|
||||||
|
-{
|
||||||
|
-return getfilecon ();
|
||||||
|
- ;
|
||||||
|
- return 0;
|
||||||
|
-}
|
||||||
|
-_ACEOF
|
||||||
|
-if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
- ac_cv_lib_selinux_getfilecon=yes
|
||||||
|
-else
|
||||||
|
- ac_cv_lib_selinux_getfilecon=no
|
||||||
|
-fi
|
||||||
|
-rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
- conftest$ac_exeext conftest.$ac_ext
|
||||||
|
-LIBS=$ac_check_lib_save_LIBS
|
||||||
|
-fi
|
||||||
|
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getfilecon" >&5
|
||||||
|
-$as_echo "$ac_cv_lib_selinux_getfilecon" >&6; }
|
||||||
|
-if test "x$ac_cv_lib_selinux_getfilecon" = xyes; then :
|
||||||
|
+ done
|
||||||
|
+ if test "x$missing" = x; then :
|
||||||
|
libselinux_LIBS="-lselinux"
|
||||||
|
- enable_secontext=yes
|
||||||
|
+ enable_secontext=yes
|
||||||
|
|
||||||
|
else
|
||||||
|
- if test "x$with_libselinux" != xcheck; then
|
||||||
|
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||||
|
+ if test "x$with_libselinux" != xcheck; then :
|
||||||
|
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||||
|
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||||
|
-as_fn_error $? "failed to find getfilecon in libselinux
|
||||||
|
+as_fn_error $? "failed to find in libselinux:$missing
|
||||||
|
See \`config.log' for more details" "$LINENO" 5; }
|
||||||
|
- fi
|
||||||
|
-
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
+
|
||||||
|
+fi
|
||||||
|
LDFLAGS="$saved_LDFLAGS"
|
||||||
|
|
||||||
|
else
|
||||||
|
- if test "x$with_libselinux" != xcheck; then
|
||||||
|
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||||
|
+ if test "x$with_libselinux" != xcheck; then :
|
||||||
|
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||||
|
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||||
|
as_fn_error $? "failed to find selinux.h
|
||||||
|
See \`config.log' for more details" "$LINENO" 5; }
|
||||||
|
- fi
|
||||||
|
+
|
||||||
|
+fi
|
||||||
|
|
||||||
|
|
||||||
|
fi
|
||||||
--
|
--
|
||||||
2.1.4
|
2.1.4
|
||||||
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -49,6 +49,74 @@ index 1a869e3..c3e2ee4 100644
|
|||||||
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||||
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||||
|
|
||||||
|
--- a/tests-m32/linkat.c
|
||||||
|
+++ b/tests-m32/linkat.c
|
||||||
|
@@ -10,6 +10,7 @@
|
||||||
|
#include "tests.h"
|
||||||
|
#include "scno.h"
|
||||||
|
|
||||||
|
+#include <errno.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
@@ -91,6 +92,7 @@ main(void)
|
||||||
|
free(sample_1_secontext);
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
+ errno = 0;
|
||||||
|
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
|
||||||
|
@@ -112,6 +114,7 @@ main(void)
|
||||||
|
free(sample_1_secontext);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ errno = 0;
|
||||||
|
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
sample_2_secontext = sample_1_secontext;
|
||||||
|
@@ -142,6 +145,7 @@ main(void)
|
||||||
|
int dfd_old = get_dir_fd(".");
|
||||||
|
char *cwd = get_fd_path(dfd_old);
|
||||||
|
|
||||||
|
+ errno = 0;
|
||||||
|
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||||
|
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||||
|
|
||||||
|
--- a/tests-mx32/linkat.c
|
||||||
|
+++ b/tests-mx32/linkat.c
|
||||||
|
@@ -10,6 +10,7 @@
|
||||||
|
#include "tests.h"
|
||||||
|
#include "scno.h"
|
||||||
|
|
||||||
|
+#include <errno.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
@@ -91,6 +92,7 @@ main(void)
|
||||||
|
free(sample_1_secontext);
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
+ errno = 0;
|
||||||
|
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
|
||||||
|
@@ -112,6 +114,7 @@ main(void)
|
||||||
|
free(sample_1_secontext);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ errno = 0;
|
||||||
|
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
sample_2_secontext = sample_1_secontext;
|
||||||
|
@@ -142,6 +145,7 @@ main(void)
|
||||||
|
int dfd_old = get_dir_fd(".");
|
||||||
|
char *cwd = get_fd_path(dfd_old);
|
||||||
|
|
||||||
|
+ errno = 0;
|
||||||
|
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||||
|
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||||
|
|
||||||
--
|
--
|
||||||
2.1.4
|
2.1.4
|
||||||
|
|
||||||
|
@ -115,6 +115,228 @@ index 1d0251a..e5571d5 100644
|
|||||||
|
|
||||||
#else
|
#else
|
||||||
|
|
||||||
|
+static inline char *
|
||||||
|
+get_secontext_field(const char *ctx, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+static inline char *
|
||||||
|
+get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static inline void
|
||||||
|
update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue)
|
||||||
|
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
|
||||||
|
index 848eea9..52211ed 100644
|
||||||
|
--- a/tests-m32/secontext.c
|
||||||
|
+++ b/tests-m32/secontext.c
|
||||||
|
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
-get_type_from_context(const char *full_context)
|
||||||
|
+char *
|
||||||
|
+get_secontext_field(const char *full_context, enum secontext_field field)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
|
||||||
|
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
|
||||||
|
char *context = NULL;
|
||||||
|
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
|
||||||
|
token; token = strtok_r(NULL, ":", &saveptr), i++) {
|
||||||
|
- if (i == 2) {
|
||||||
|
+ if (i == field) {
|
||||||
|
context = xstrdup(token);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
|
||||||
|
int saved_errno = errno;
|
||||||
|
|
||||||
|
char *ctx = raw_expected_secontext_full_file(filename);
|
||||||
|
- char *type = get_type_from_context(ctx);
|
||||||
|
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
|
||||||
|
free(ctx);
|
||||||
|
|
||||||
|
errno = saved_errno;
|
||||||
|
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
|
||||||
|
return full_secontext;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
-raw_secontext_short_file(const char *filename)
|
||||||
|
+char *
|
||||||
|
+get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
- int saved_errno = errno;
|
||||||
|
-
|
||||||
|
- char *ctx = raw_secontext_full_file(filename);
|
||||||
|
- char *type = get_type_from_context(ctx);
|
||||||
|
+ char *ctx = raw_secontext_full_file(file);
|
||||||
|
+ char *type = get_secontext_field(ctx, field);
|
||||||
|
free(ctx);
|
||||||
|
|
||||||
|
- errno = saved_errno;
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
+raw_secontext_short_file(const char *filename)
|
||||||
|
+{
|
||||||
|
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static char *
|
||||||
|
raw_secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
|
||||||
|
int saved_errno = errno;
|
||||||
|
|
||||||
|
char *ctx = raw_secontext_full_pid(pid);
|
||||||
|
- char *type = get_type_from_context(ctx);
|
||||||
|
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
|
||||||
|
free(ctx);
|
||||||
|
|
||||||
|
errno = saved_errno;
|
||||||
|
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
|
||||||
|
index 1d0251a..e5571d5 100644
|
||||||
|
--- a/tests-m32/secontext.h
|
||||||
|
+++ b/tests-m32/secontext.h
|
||||||
|
@@ -23,6 +23,15 @@ enum secontext_field {
|
||||||
|
|
||||||
|
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * Parse a SELinux context string and return a specified field, duplicated
|
||||||
|
+ * in a separate string. The caller is responsible for freeing the memory
|
||||||
|
+ * pointed by the returned value.
|
||||||
|
+ */
|
||||||
|
+char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
+
|
||||||
|
+char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
+
|
||||||
|
void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue);
|
||||||
|
|
||||||
|
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
||||||
|
+static inline char *
|
||||||
|
+get_secontext_field(const char *ctx, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+static inline char *
|
||||||
|
+get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
+{
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static inline void
|
||||||
|
update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue)
|
||||||
|
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
|
||||||
|
index 848eea9..52211ed 100644
|
||||||
|
--- a/tests-mx32/secontext.c
|
||||||
|
+++ b/tests-mx32/secontext.c
|
||||||
|
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
-get_type_from_context(const char *full_context)
|
||||||
|
+char *
|
||||||
|
+get_secontext_field(const char *full_context, enum secontext_field field)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
|
||||||
|
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
|
||||||
|
char *context = NULL;
|
||||||
|
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
|
||||||
|
token; token = strtok_r(NULL, ":", &saveptr), i++) {
|
||||||
|
- if (i == 2) {
|
||||||
|
+ if (i == field) {
|
||||||
|
context = xstrdup(token);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
|
||||||
|
int saved_errno = errno;
|
||||||
|
|
||||||
|
char *ctx = raw_expected_secontext_full_file(filename);
|
||||||
|
- char *type = get_type_from_context(ctx);
|
||||||
|
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
|
||||||
|
free(ctx);
|
||||||
|
|
||||||
|
errno = saved_errno;
|
||||||
|
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
|
||||||
|
return full_secontext;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
-raw_secontext_short_file(const char *filename)
|
||||||
|
+char *
|
||||||
|
+get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
{
|
||||||
|
- int saved_errno = errno;
|
||||||
|
-
|
||||||
|
- char *ctx = raw_secontext_full_file(filename);
|
||||||
|
- char *type = get_type_from_context(ctx);
|
||||||
|
+ char *ctx = raw_secontext_full_file(file);
|
||||||
|
+ char *type = get_secontext_field(ctx, field);
|
||||||
|
free(ctx);
|
||||||
|
|
||||||
|
- errno = saved_errno;
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
+raw_secontext_short_file(const char *filename)
|
||||||
|
+{
|
||||||
|
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static char *
|
||||||
|
raw_secontext_full_pid(pid_t pid)
|
||||||
|
{
|
||||||
|
int saved_errno = errno;
|
||||||
|
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
|
||||||
|
int saved_errno = errno;
|
||||||
|
|
||||||
|
char *ctx = raw_secontext_full_pid(pid);
|
||||||
|
- char *type = get_type_from_context(ctx);
|
||||||
|
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
|
||||||
|
free(ctx);
|
||||||
|
|
||||||
|
errno = saved_errno;
|
||||||
|
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
|
||||||
|
index 1d0251a..e5571d5 100644
|
||||||
|
--- a/tests-mx32/secontext.h
|
||||||
|
+++ b/tests-mx32/secontext.h
|
||||||
|
@@ -23,6 +23,15 @@ enum secontext_field {
|
||||||
|
|
||||||
|
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * Parse a SELinux context string and return a specified field, duplicated
|
||||||
|
+ * in a separate string. The caller is responsible for freeing the memory
|
||||||
|
+ * pointed by the returned value.
|
||||||
|
+ */
|
||||||
|
+char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
+
|
||||||
|
+char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
+
|
||||||
|
void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue);
|
||||||
|
|
||||||
|
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
||||||
+static inline char *
|
+static inline char *
|
||||||
+get_secontext_field(const char *ctx, enum secontext_field field)
|
+get_secontext_field(const char *ctx, enum secontext_field field)
|
||||||
+{
|
+{
|
||||||
|
@ -56,6 +56,116 @@ index c3e2ee4..decb736 100644
|
|||||||
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
sample_2_secontext = sample_1_secontext;
|
sample_2_secontext = sample_1_secontext;
|
||||||
|
|
||||||
|
@@ -146,7 +162,8 @@ main(void)
|
||||||
|
char *cwd = get_fd_path(dfd_old);
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||||
|
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
|
||||||
|
+ "unconfined_t");
|
||||||
|
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
|
||||||
|
index c3e2ee4..decb736 100644
|
||||||
|
--- a/tests-m32/linkat.c
|
||||||
|
+++ b/tests-m32/linkat.c
|
||||||
|
@@ -21,6 +21,20 @@
|
||||||
|
#include "secontext.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+mangle_secontext_field(const char *path, enum secontext_field field,
|
||||||
|
+ const char *new_val, const char *fallback_val)
|
||||||
|
+{
|
||||||
|
+ char *orig = get_secontext_field_file(path, field);
|
||||||
|
+ if (!orig)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ update_secontext_field(path, field,
|
||||||
|
+ strcmp(new_val, orig) ? new_val : fallback_val);
|
||||||
|
+
|
||||||
|
+ free(orig);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
@@ -93,7 +107,8 @@ main(void)
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
errno = 0;
|
||||||
|
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
|
||||||
|
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
|
||||||
|
+ "unconfined_u");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
|
||||||
|
# ifdef PRINT_SECONTEXT_FULL
|
||||||
|
@@ -115,7 +130,8 @@ main(void)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
|
||||||
|
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
|
||||||
|
+ "unconfined_t");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
sample_2_secontext = sample_1_secontext;
|
||||||
|
|
||||||
|
@@ -146,7 +162,8 @@ main(void)
|
||||||
|
char *cwd = get_fd_path(dfd_old);
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
|
||||||
|
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
|
||||||
|
+ "unconfined_t");
|
||||||
|
char *dfd_old_secontext = SECONTEXT_FILE(".");
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
|
||||||
|
index c3e2ee4..decb736 100644
|
||||||
|
--- a/tests-mx32/linkat.c
|
||||||
|
+++ b/tests-mx32/linkat.c
|
||||||
|
@@ -21,6 +21,20 @@
|
||||||
|
#include "secontext.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+mangle_secontext_field(const char *path, enum secontext_field field,
|
||||||
|
+ const char *new_val, const char *fallback_val)
|
||||||
|
+{
|
||||||
|
+ char *orig = get_secontext_field_file(path, field);
|
||||||
|
+ if (!orig)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ update_secontext_field(path, field,
|
||||||
|
+ strcmp(new_val, orig) ? new_val : fallback_val);
|
||||||
|
+
|
||||||
|
+ free(orig);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
@@ -93,7 +107,8 @@ main(void)
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
errno = 0;
|
||||||
|
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
|
||||||
|
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
|
||||||
|
+ "unconfined_u");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
|
||||||
|
# ifdef PRINT_SECONTEXT_FULL
|
||||||
|
@@ -115,7 +130,8 @@ main(void)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
|
||||||
|
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
|
||||||
|
+ "unconfined_t");
|
||||||
|
sample_1_secontext = SECONTEXT_FILE(sample_1);
|
||||||
|
sample_2_secontext = sample_1_secontext;
|
||||||
|
|
||||||
@@ -146,7 +162,8 @@ main(void)
|
@@ -146,7 +162,8 @@ main(void)
|
||||||
char *cwd = get_fd_path(dfd_old);
|
char *cwd = get_fd_path(dfd_old);
|
||||||
|
|
||||||
|
@ -18,6 +18,38 @@ index 52211ed..ba271c8 100644
|
|||||||
# define TEST_SECONTEXT
|
# define TEST_SECONTEXT
|
||||||
# include "secontext.h"
|
# include "secontext.h"
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
-secontext_format(char *context, const char *fmt)
|
||||||
|
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
|
||||||
|
-
|
||||||
|
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
|
||||||
|
static char *
|
||||||
|
secontext_format(char *context, const char *fmt)
|
||||||
|
{
|
||||||
|
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
|
||||||
|
index 52211ed..ba271c8 100644
|
||||||
|
--- a/tests-m32/secontext.c
|
||||||
|
+++ b/tests-m32/secontext.c
|
||||||
|
@@ -23,10 +23,7 @@
|
||||||
|
# define TEST_SECONTEXT
|
||||||
|
# include "secontext.h"
|
||||||
|
|
||||||
|
-static char *
|
||||||
|
-secontext_format(char *context, const char *fmt)
|
||||||
|
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
|
||||||
|
-
|
||||||
|
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
|
||||||
|
static char *
|
||||||
|
secontext_format(char *context, const char *fmt)
|
||||||
|
{
|
||||||
|
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
|
||||||
|
index 52211ed..ba271c8 100644
|
||||||
|
--- a/tests-mx32/secontext.c
|
||||||
|
+++ b/tests-mx32/secontext.c
|
||||||
|
@@ -23,10 +23,7 @@
|
||||||
|
# define TEST_SECONTEXT
|
||||||
|
# include "secontext.h"
|
||||||
|
|
||||||
-static char *
|
-static char *
|
||||||
-secontext_format(char *context, const char *fmt)
|
-secontext_format(char *context, const char *fmt)
|
||||||
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
|
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
|
||||||
|
@ -59,6 +59,120 @@ index e5571d5..387263e 100644
|
|||||||
void update_secontext_field(const char *file, enum secontext_field field,
|
void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
const char *newvalue);
|
const char *newvalue);
|
||||||
|
|
||||||
|
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline void
|
||||||
|
+reset_secontext_file(const char *file)
|
||||||
|
+{
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void
|
||||||
|
update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue)
|
||||||
|
{
|
||||||
|
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
|
||||||
|
index decb736..781b85a 100644
|
||||||
|
--- a/tests-m32/linkat.c
|
||||||
|
+++ b/tests-m32/linkat.c
|
||||||
|
@@ -103,6 +103,9 @@ main(void)
|
||||||
|
if (close(fd_sample_2))
|
||||||
|
perror_msg_and_fail("close");
|
||||||
|
|
||||||
|
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
|
||||||
|
+ reset_secontext_file(sample_1);
|
||||||
|
+
|
||||||
|
free(sample_1_secontext);
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
|
||||||
|
index ba271c8..94fadd4 100644
|
||||||
|
--- a/tests-m32/secontext.c
|
||||||
|
+++ b/tests-m32/secontext.c
|
||||||
|
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
|
||||||
|
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
|
||||||
|
}
|
||||||
|
|
||||||
|
+void reset_secontext_file(const char *file)
|
||||||
|
+{
|
||||||
|
+ char *proper_ctx = raw_expected_secontext_full_file(file);
|
||||||
|
+ (void) setfilecon(file, proper_ctx);
|
||||||
|
+ free(proper_ctx);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void
|
||||||
|
update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue)
|
||||||
|
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
|
||||||
|
index e5571d5..387263e 100644
|
||||||
|
--- a/tests-m32/secontext.h
|
||||||
|
+++ b/tests-m32/secontext.h
|
||||||
|
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
|
||||||
|
char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
|
||||||
|
+void reset_secontext_file(const char *file);
|
||||||
|
+
|
||||||
|
void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue);
|
||||||
|
|
||||||
|
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline void
|
||||||
|
+reset_secontext_file(const char *file)
|
||||||
|
+{
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void
|
||||||
|
update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue)
|
||||||
|
{
|
||||||
|
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
|
||||||
|
index decb736..781b85a 100644
|
||||||
|
--- a/tests-mx32/linkat.c
|
||||||
|
+++ b/tests-mx32/linkat.c
|
||||||
|
@@ -103,6 +103,9 @@ main(void)
|
||||||
|
if (close(fd_sample_2))
|
||||||
|
perror_msg_and_fail("close");
|
||||||
|
|
||||||
|
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
|
||||||
|
+ reset_secontext_file(sample_1);
|
||||||
|
+
|
||||||
|
free(sample_1_secontext);
|
||||||
|
|
||||||
|
#ifdef PRINT_SECONTEXT_MISMATCH
|
||||||
|
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
|
||||||
|
index ba271c8..94fadd4 100644
|
||||||
|
--- a/tests-mx32/secontext.c
|
||||||
|
+++ b/tests-mx32/secontext.c
|
||||||
|
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
|
||||||
|
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
|
||||||
|
}
|
||||||
|
|
||||||
|
+void reset_secontext_file(const char *file)
|
||||||
|
+{
|
||||||
|
+ char *proper_ctx = raw_expected_secontext_full_file(file);
|
||||||
|
+ (void) setfilecon(file, proper_ctx);
|
||||||
|
+ free(proper_ctx);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void
|
||||||
|
update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue)
|
||||||
|
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
|
||||||
|
index e5571d5..387263e 100644
|
||||||
|
--- a/tests-mx32/secontext.h
|
||||||
|
+++ b/tests-mx32/secontext.h
|
||||||
|
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
|
||||||
|
|
||||||
|
char *get_secontext_field_file(const char *file, enum secontext_field field);
|
||||||
|
|
||||||
|
+void reset_secontext_file(const char *file);
|
||||||
|
+
|
||||||
|
void update_secontext_field(const char *file, enum secontext_field field,
|
||||||
|
const char *newvalue);
|
||||||
|
|
||||||
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
|
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Tracks and displays system calls associated with a running process
|
Summary: Tracks and displays system calls associated with a running process
|
||||||
Name: strace
|
Name: strace
|
||||||
Version: 5.13
|
Version: 5.13
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
# The test suite is GPLv2+, all the rest is LGPLv2.1+.
|
# The test suite is GPLv2+, all the rest is LGPLv2.1+.
|
||||||
License: LGPL-2.1+ and GPL-2.0+
|
License: LGPL-2.1+ and GPL-2.0+
|
||||||
# Some distros require Group tag to be present,
|
# Some distros require Group tag to be present,
|
||||||
@ -159,6 +159,10 @@ echo 'END OF TEST SUITE INFORMATION'
|
|||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-7
|
||||||
|
- Update tests-m32 and tests-mx32 with --secontext=mismatch option support
|
||||||
|
changes (#2046264).
|
||||||
|
|
||||||
* Wed Jan 19 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-6
|
* Wed Jan 19 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-6
|
||||||
- Add --secontext=mismatch option support (#2038965).
|
- Add --secontext=mismatch option support (#2038965).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user