From caf164f1e476f254cb67498e8fc615ec1e0dd444 Mon Sep 17 00:00:00 2001 From: Jincheng Miao Date: Mon, 9 Jun 2014 19:36:07 +0800 Subject: [PATCH] test: add user_xattr check for securityselinuxlabeltest libvirt unit test used setxattr with "user.libvirt.selinux" name to emulate setfilecon of selinux. But for some old kernel filesystem (like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with user_xattr flag, the setxattr with "user.libvirt.selinux" will fail. So adding testUserXattrEnabled() in securityselinuxlabeltest.c, if user_xattr is not enabled, skip this case. The user_xattr is departed in newer kernel, therefore this commit is only for the compatablity for old kernel. Signed-off-by: Jincheng Miao Signed-off-by: Eric Blake Tested-by: Scott Sullivan --- tests/securityselinuxlabeltest.c | 36 ++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c index 88ec35af47..3699d89e90 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -28,6 +28,7 @@ #include #include +#include #include "internal.h" #include "testutils.h" @@ -56,6 +57,35 @@ struct testSELinuxFile { char *context; }; +static int +testUserXattrEnabled(void) +{ + int ret = -1; + ssize_t len; + const char *con_value = "system_u:object_r:svirt_image_t:s0:c41,c264"; + char *path = NULL; + if (virAsprintf(&path, "%s/securityselinuxlabeldata/testxattr", + abs_srcdir) < 0) + goto cleanup; + + if (virFileTouch(path, 0600) < 0) + goto cleanup; + + len = setxattr(path, "user.libvirt.selinux", con_value, + strlen(con_value), 0); + if (len < 0) { + if (errno == EOPNOTSUPP) + ret = 0; + goto cleanup; + } + + ret = 1; + + cleanup: + unlink(path); + VIR_FREE(path); + return ret; +} static int testSELinuxMungePath(char **path) @@ -321,6 +351,12 @@ static int mymain(void) { int ret = 0; + int rc = testUserXattrEnabled(); + + if (rc < 0) + return EXIT_FAILURE; + if (!rc) + return EXIT_AM_SKIP; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) { virErrorPtr err = virGetLastError();