[libvirt] [PATCH v2 2/2] Add test case for SELinux label generation
Eric Blake
eblake at redhat.com
Tue Aug 14 17:31:04 UTC 2012
On 08/14/2012 08:36 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> This test case validates the correct generation of SELinux labels
> for VMs, wrt the current process label. Since we can't actually
> change the label of the test program process, we create a shared
> library libsecurityselinuxhelper.so which overrides the getcon()
> and setcon() libselinux.so functions. When started the test case
> will check to see if LD_PRELOAD is set, and if not, it will
> re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> +++ b/tests/securityselinuxhelper.c
> @@ -0,0 +1,67 @@
> +/*
> + * Copyright (C) 2011-2012 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * License along with this library; If not, see
Eep. What's with the duplicate line? Oh, bad copy-n-paste from
viratomictest.c. I'll fix that momentarily.
> +++ b/tests/securityselinuxtest.c
> @@ -0,0 +1,313 @@
> +/*
> + * Copyright (C) 2011-2012 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, write to the Free Software
> + * License along with this library; If not, see
and again.
> + if (tmp && *tmp == ',')
> + tmp++;
> + if (tmp && *tmp == 'c') {
> + tmp++;
> + if (virStrToLong_i(tmp, &tmp, 10, &gotCatTwo) < 0) {
> + fprintf(stderr, "Malformed range %s, cannot parse category two\n",
> + tmp);
> + return false;
> + }
> + if (*tmp != '\0') {
> + fprintf(stderr, "Malformed range %s, junk after second category\n",
> + tmp);
> + return false;
I'd move this hunk...
> + }
> + if (gotCatOne == gotCatTwo) {
> + fprintf(stderr, "Saw category pair %d,%d where cats were equal\n",
> + gotCatOne, gotCatTwo);
> + return false;
> + }
> + } else {
> + gotCatTwo = gotCatOne;
> + }
...down here, to make sure that parsing didn't stop because of something
like a 'c0.c255' instead of the expected 'c0,c15'.
>
> +# define VIRT_TEST_MAIN_PRELOAD(func, lib) \
> + int main(int argc, char **argv) { \
> + const char *preload = getenv("LD_PRELOAD"); \
> + if (preload == NULL || strstr(preload, lib) == NULL) { \
> + char *newenv; \
> + if (virAsprintf(&newenv, "%s%s%s", preload ? preload : "", \
> + preload ? ":" : "", lib) < 0) { \
> + perror("virAsprintf"); \
> + exit(EXIT_FAILURE); \
> + } \
> + setenv("LD_PRELOAD", newenv, 1); \
> + execv(argv[0], argv); \
execv failure is silently ignored...
> + } \
> + return virtTestMain(argc, argv, func); \
but falls through to the test, which will probably fail in that case, so
I'm not too worried.
ACK with the two copy-and-paste's cleaned up, and with the tighter check
for junk at the end of the resulting category.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120814/31344e45/attachment-0001.sig>
More information about the libvir-list
mailing list