diff options
Diffstat (limited to 'tests/misc/selinux.sh')
-rwxr-xr-x | tests/misc/selinux.sh | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/tests/misc/selinux.sh b/tests/misc/selinux.sh new file mode 100755 index 0000000..11f3b0d --- /dev/null +++ b/tests/misc/selinux.sh @@ -0,0 +1,65 @@ +#!/bin/sh +# Test SELinux-related options. + +# Copyright (C) 2007-2020 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ chcon cp ls mv stat + +require_root_ +require_selinux_ +skip_if_mcstransd_is_running_ + +# Create a regular file, dir, fifo. +touch f || framework_failure_ +mkdir d s1 s2 || framework_failure_ +mkfifo_or_skip_ p + + +# special context that works both with and without mcstransd +ctx='root:object_r:tmp_t' +mls_enabled_ && ctx="$ctx:s0" + +chcon $ctx f d p || skip_ "Failed to set context: $ctx" + +# inspect that context with both ls -Z and stat. +for i in d f p; do + c=$(ls -dogZ $i|cut -d' ' -f3); test x$c = x$ctx || fail=1 + c=$(stat --printf %C $i); test x$c = x$ctx || fail=1 +done + +# ensure that ls -l output includes the ".". +c=$(ls -l f|cut -c11); test "$c" = . || fail=1 + +# Copy with an invalid context and ensure it fails +# Note this may succeed when root and selinux is in permissive mode +if test "$(getenforce)" = Enforcing; then + returns_ 1 cp --context='invalid-selinux-context' f f.cp || fail=1 +fi + +# Copy each to a new directory and ensure that context is preserved. +cp -r --preserve=all d f p s1 || fail=1 +for i in d f p; do + c=$(stat --printf %C s1/$i); test x$c = x$ctx || fail=1 +done + +# Now, move each to a new directory and ensure that context is preserved. +mv d f p s2 || fail=1 +for i in d f p; do + c=$(stat --printf %C s2/$i); test x$c = x$ctx || fail=1 +done + +Exit $fail |