12:31 p.m.
On 08/14/2012 08:36 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
+++ b/tests/securityselinuxhelper.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * License along with this library; If not, see
Eep. What's with the duplicate line? Oh, bad copy-n-paste from
viratomictest.c. I'll fix that momentarily.
+++ b/tests/securityselinuxtest.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright (C) 2011-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * License along with this library; If not, see
and again.
+ if (tmp && *tmp == ',')
+ tmp++;
+ if (tmp && *tmp == 'c') {
+ tmp++;
+ if (virStrToLong_i(tmp, &tmp, 10, &gotCatTwo) < 0) {
+ fprintf(stderr, "Malformed range %s, cannot parse category
two\n",
+ tmp);
+ return false;
+ }
+ if (*tmp != '\0') {
+ fprintf(stderr, "Malformed range %s, junk after second
category\n",
+ tmp);
+ return false;
I'd move this hunk...
+ }
+ if (gotCatOne == gotCatTwo) {
+ fprintf(stderr, "Saw category pair %d,%d where cats were
equal\n",
+ gotCatOne, gotCatTwo);
+ return false;
+ }
+ } else {
+ gotCatTwo = gotCatOne;
+ }
...down here, to make sure that parsing didn't stop because of something
like a 'c0.c255' instead of the expected 'c0,c15'.
+# define VIRT_TEST_MAIN_PRELOAD(func, lib) \
+ int main(int argc, char **argv) { \
+ const char *preload = getenv("LD_PRELOAD"); \
+ if (preload == NULL || strstr(preload, lib) == NULL) { \
+ char *newenv; \
+ if (virAsprintf(&newenv, "%s%s%s", preload ? preload :
"", \
+ preload ? ":" : "", lib) < 0) {
\
+ perror("virAsprintf"); \
+ exit(EXIT_FAILURE); \
+ } \
+ setenv("LD_PRELOAD", newenv, 1); \
+ execv(argv[0], argv); \
execv failure is silently ignored...
+ }
\
+ return virtTestMain(argc, argv, func); \
but falls through to the test, which will probably fail in that case, so
I'm not too worried.
ACK with the two copy-and-paste's cleaned up, and with the tighter check
for junk at the end of the resulting category.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org