libvirt unit test used setxattr with "user.libvirt.selinux" name to emulate setfilecon of selinux. But for some old kernel filesystem (like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with user_xattr flag, the setxattr with "user.libvirt.selinux" will fail. So adding testUserXattrEnabled() in securityselinuxlabeltest.c, if user_xattr is not enabled, skip this case. The user_xattr is departed in newer kernel, therefore this commit is only for the compatablity for old kernel. Signed-off-by: Jincheng Miao <jmiao(a)redhat.com&gt; --- tests/securityselinuxlabeltest.c | 33 +++++++++++++++++++++++++++++++++ 1 files changed, 33 insertions(+), 0 deletions(-) diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c index 88ec35a..3f155e3 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -28,6 +28,7 @@ #include <selinux/selinux.h> #include <selinux/context.h> +#include <attr/xattr.h> #include "internal.h" #include "testutils.h" @@ -56,6 +57,35 @@ struct testSELinuxFile { char *context; }; +static int +testUserXattrEnabled(void) +{ + int ret = -1; + ssize_t len; + const char *con_value = "system_u:object_r:svirt_image_t:s0:c41,c264"; + char *path = NULL; + if (virAsprintf(&path, "%s/securityselinuxlabeldata/testxattr", + abs_srcdir) < 0) + goto cleanup; + + if (virFileTouch(path, 0600) < 0) + goto cleanup; + + len = setxattr(path, "user.libvirt.selinux", con_value, + strlen(con_value), 0); + if (len < 0) { + if (errno == EOPNOTSUPP) + ret = 0; + goto cleanup; + } + + ret = 1; + + cleanup: + unlink(path); + VIR_FREE(path); + return ret; +} static int testSELinuxMungePath(char **path) @@ -322,6 +352,9 @@ mymain(void) { int ret = 0; + if (!testUserXattrEnabled()) + return EXIT_AM_SKIP; + if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) { virErrorPtr err = virGetLastError(); fprintf(stderr, "Unable to initialize security driver: %s\n", -- 1.7.1