On 12/31/2013 04:09 PM, [email protected] wrote: > From: Jarkko Sakkinen <[email protected]> > > init.cfg: require_smack_ > local.mk: added new tests > tests/id/smack.sh: SMACK tests (new file) > tests/mkdir/smack-no-root.sh: SMACK tests (new file) > tests/mkdir/smack-root.sh: SMACK tests (new file) > --- > init.cfg | 9 +++++++++ > tests/id/smack.sh | 37 +++++++++++++++++++++++++++++++++++++ > tests/local.mk | 4 ++++ > tests/mkdir/smack-no-root.sh | 39 +++++++++++++++++++++++++++++++++++++++ > tests/mkdir/smack-root.sh | 36 ++++++++++++++++++++++++++++++++++++ > 5 files changed, 125 insertions(+) > create mode 100755 tests/id/smack.sh > create mode 100755 tests/mkdir/smack-no-root.sh > create mode 100755 tests/mkdir/smack-root.sh > > diff --git a/init.cfg b/init.cfg > index c48607c..2c4ecb6 100644 > --- a/init.cfg > +++ b/init.cfg > @@ -316,6 +316,15 @@ require_selinux_() > esac > } > > +require_smack_() > +{ > + grep 'smackfs$' /proc/filesystems > /dev/null \ > + || skip_ "this system lacks SMACK support" > + > + test "$(ls -Zd .)" != '? .' \ > + || skip_ "this file system lacks SMACK support" > +} > + > very_expensive_() > { > if test "$RUN_VERY_EXPENSIVE_TESTS" != yes; then > diff --git a/tests/id/smack.sh b/tests/id/smack.sh > new file mode 100755 > index 0000000..30b19da > --- /dev/null > +++ b/tests/id/smack.sh > @@ -0,0 +1,37 @@ > +#!/bin/sh > +# SMACK test for the id-command. > +# Derived from tests/id/context.sh and tests/id/no-context.sh. > +# Copyright (C) 2008-2013 Free Software Foundation, Inc. > + > +# This program is free software: you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation, either version 3 of the License, or > +# (at your option) any later version. > + > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > + > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see <http://www.gnu.org/licenses/>. > + > +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src > +print_ver_ id > + > +require_smack_ > + > +# Check the string "context=" presence without specified user. > +id | grep context= >/dev/null || fail=1 > + > +# Check the string "context=" absence without specificied user in conforming > +# mode. > +POSIXLY_CORRECT=1 id > out || fail=1 > +grep context= out && fail=1 > + > +# Check the string "context=" absencea with specified user. > +# But if the current user is nameless, skip this part. > +id -nu > /dev/null \ > + && id $(id -nu) | grep context= >/dev/null && fail=1 > + > +Exit $fail > diff --git a/tests/local.mk b/tests/local.mk > index e18deac..7040c2c 100644 > --- a/tests/local.mk > +++ b/tests/local.mk > @@ -125,6 +125,7 @@ all_root_tests = \ > tests/misc/selinux.sh \ > tests/misc/truncate-owned-by-other.sh \ > tests/mkdir/writable-under-readonly.sh \ > + tests/mkdir/smack-root.sh \ > tests/mv/sticky-to-xpart.sh \ > tests/rm/fail-2eperm.sh \ > tests/rm/no-give-up.sh \ > @@ -510,6 +511,7 @@ all_tests = \ > tests/id/uid.sh \ > tests/id/setgid.sh \ > tests/id/zero.sh \ > + tests/id/smack.sh \ > tests/install/basic-1.sh \ > tests/install/create-leading.sh \ > tests/install/d-slashdot.sh \ > @@ -567,6 +569,8 @@ all_tests = \ > tests/mkdir/selinux.sh \ > tests/mkdir/special-1.sh \ > tests/mkdir/t-slash.sh \ > + tests/mkdir/smack-no-root.sh \ > + tests/mkdir/smack-root.sh \ > tests/mv/acl.sh \ > tests/mv/atomic.sh \ > tests/mv/atomic2.sh \ > diff --git a/tests/mkdir/smack-no-root.sh b/tests/mkdir/smack-no-root.sh > new file mode 100755 > index 0000000..2b52d18 > --- /dev/null > +++ b/tests/mkdir/smack-no-root.sh > @@ -0,0 +1,39 @@ > +#!/bin/sh > +# SMACK test for the mkdir,mknod, mkfifo commands. > +# Derived from tests/mkdir/selinux.sh. > +# Ensure that an invalid SMACK label doesn't cause a segfault. > + > +# Copyright (C) 2008-2013 Free Software Foundation, Inc. > + > +# This program is free software: you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation, either version 3 of the License, or > +# (at your option) any later version. > + > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > + > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see <http://www.gnu.org/licenses/>. > + > +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src > +print_ver_ mkdir mkfifo mknod > + > +require_smack_ > + > +c=arbitrary-smack-label > +msg="failed to set default file creation context to '$c':" > + > +for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do > + $cmd -Z $c 2> out && fail=1 > + set $cmd > + echo "$1: $msg" > exp || fail=1 > + > + sed -e 's/ Operation not permitted$//' out > k || fail=1 > + mv k out || fail=1 > + compare exp out || fail=1 > +done > + > +Exit $fail > diff --git a/tests/mkdir/smack-root.sh b/tests/mkdir/smack-root.sh > new file mode 100755 > index 0000000..ccca8cb > --- /dev/null > +++ b/tests/mkdir/smack-root.sh > @@ -0,0 +1,36 @@ > +#!/bin/sh > +# SMACK test for the mkdir,mknod, mkfifo commands. > +# Derived from tests/mkdir/selinux.sh. > +# Ensure that SMACK label gets set. > + > +# Copyright (C) 2008-2013 Free Software Foundation, Inc. > + > +# This program is free software: you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation, either version 3 of the License, or > +# (at your option) any later version. > + > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > + > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see <http://www.gnu.org/licenses/>. > + > +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src > +print_ver_ mkdir mkfifo mknod > + > +require_smack_ > +require_root_ > + > +c=arbitrary-smack-label > +msg="failed to set default file creation context to '$c':" > + > +for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do > + $cmd -Z $c || fail=1 > + set $cmd > + test "$(ls -dZ $2 | cut -f1 -d' ')" = "$c" || fail=1 > +done > + > +Exit $fail >
Going to apply with these changes. I have a query about an apparent inconsistency between tests/mkdir/smack-root.sh and tests/mkdir/smack-no-root.sh The latter mentions that 'arbitrary-smack-label' is an "invalid SMACK label", while the former expects that to work as root? thanks, Pádraig. diff --git a/tests/id/smack.sh b/tests/id/smack.sh index 30b19da..5b60e7e 100755 --- a/tests/id/smack.sh +++ b/tests/id/smack.sh @@ -1,7 +1,7 @@ #!/bin/sh # SMACK test for the id-command. # Derived from tests/id/context.sh and tests/id/no-context.sh. -# Copyright (C) 2008-2013 Free Software Foundation, Inc. +# Copyright (C) 2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -24,12 +24,11 @@ require_smack_ # Check the string "context=" presence without specified user. id | grep context= >/dev/null || fail=1 -# Check the string "context=" absence without specificied user in conforming -# mode. +# Check context=" is absent without specified user in conforming mode. POSIXLY_CORRECT=1 id > out || fail=1 grep context= out && fail=1 -# Check the string "context=" absencea with specified user. +# Check the string "context=" absence with specified user. # But if the current user is nameless, skip this part. id -nu > /dev/null \ && id $(id -nu) | grep context= >/dev/null && fail=1 diff --git a/tests/mkdir/smack-no-root.sh b/tests/mkdir/smack-no-root.sh index 2b52d18..09157a8 100755 --- a/tests/mkdir/smack-no-root.sh +++ b/tests/mkdir/smack-no-root.sh @@ -3,7 +3,7 @@ # Derived from tests/mkdir/selinux.sh. # Ensure that an invalid SMACK label doesn't cause a segfault. -# Copyright (C) 2008-2013 Free Software Foundation, Inc. +# Copyright (C) 2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ c=arbitrary-smack-label msg="failed to set default file creation context to '$c':" for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do - $cmd -Z $c 2> out && fail=1 + $cmd --context="$c" 2> out && fail=1 set $cmd echo "$1: $msg" > exp || fail=1 diff --git a/tests/mkdir/smack-root.sh b/tests/mkdir/smack-root.sh index ccca8cb..96b75ea 100755 --- a/tests/mkdir/smack-root.sh +++ b/tests/mkdir/smack-root.sh @@ -3,7 +3,7 @@ # Derived from tests/mkdir/selinux.sh. # Ensure that SMACK label gets set. -# Copyright (C) 2008-2013 Free Software Foundation, Inc. +# Copyright (C) 2014 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -25,10 +25,9 @@ require_smack_ require_root_ c=arbitrary-smack-label -msg="failed to set default file creation context to '$c':" for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do - $cmd -Z $c || fail=1 + $cmd --context="$c" || fail=1 set $cmd test "$(ls -dZ $2 | cut -f1 -d' ')" = "$c" || fail=1 done
