On 07/18/2014 02:04 PM, Pádraig Brady wrote:
* tests/cp/cp-a-selinux.sh: Copy from a different file system to most likely have a different context that will test context setting logic correctly.
diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh index db0d689..58887d2 100755 --- a/tests/cp/cp-a-selinux.sh +++ b/tests/cp/cp-a-selinux.sh @@ -41,6 +41,7 @@ ls -Z d | grep $ctx || fail=1 [...] @@ -110,12 +111,15 @@ test $skip = 1 \ cd mnt || framework_failure_ -echo > f || framework_failure_ - +# Create files with hopefully different contexts +echo > ../f || framework_failure_ echo > g || framework_failure_ +test "$(stat -c%C ../f)" = "$(stat -c%C g)" && + skip_ "files on separate file systems have the same security context" +
Not ever worked with SELinux contexts, but why should ".." have a different security context than "." (other than if it's really on a different file system)? And if that's true, then why should a "subdir" not have a different context, too - which could then be used instead? (I'd somehow feel more comfortable with a "subdir" instead of using ".."). > +cp -Z --preserve=context ../f g && fail=1 > +cp --preserve=context -Z ../f g && fail=1 > +cp --preserve=context --context="$ctx" ../f g && fail=1 > > Exit $fail (How) does "../f" get deleted? Otherwise +1. Thanks & have a nice day, Berny
