libvirt unit test used setxattr with user.libvirt.selinux name to
emulate setfilecon of selinux. But for some old kernel filesystem
(like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with
user_xattr flag, the setxattr with user.libvirt.selinux will fail.
So adding testUserXattrEnabled() in securityselinuxlabeltest.c,
if user_xattr is not enabled, skip this case.
The user_xattr is departed in newer kernel, therefore this commit is
only for the compatablity for old kernel.
Signed-off-by: Jincheng Miao jm...@redhat.com
---
tests/securityselinuxlabeltest.c | 33 +
1 files changed, 33 insertions(+), 0 deletions(-)
diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 88ec35a..3f155e3 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -28,6 +28,7 @@
#include selinux/selinux.h
#include selinux/context.h
+#include attr/xattr.h
#include internal.h
#include testutils.h
@@ -56,6 +57,35 @@ struct testSELinuxFile {
char *context;
};
+static int
+testUserXattrEnabled(void)
+{
+int ret = -1;
+ssize_t len;
+const char *con_value = system_u:object_r:svirt_image_t:s0:c41,c264;
+char *path = NULL;
+if (virAsprintf(path, %s/securityselinuxlabeldata/testxattr,
+abs_srcdir) 0)
+goto cleanup;
+
+if (virFileTouch(path, 0600) 0)
+goto cleanup;
+
+len = setxattr(path, user.libvirt.selinux, con_value,
+ strlen(con_value), 0);
+if (len 0) {
+if (errno == EOPNOTSUPP)
+ret = 0;
+goto cleanup;
+}
+
+ret = 1;
+
+ cleanup:
+unlink(path);
+VIR_FREE(path);
+return ret;
+}
static int
testSELinuxMungePath(char **path)
@@ -322,6 +352,9 @@ mymain(void)
{
int ret = 0;
+if (!testUserXattrEnabled())
+return EXIT_AM_SKIP;
+
if (!(mgr = virSecurityManagerNew(selinux, QEMU, false, true, false)))
{
virErrorPtr err = virGetLastError();
fprintf(stderr, Unable to initialize security driver: %s\n,
--
1.7.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
