git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Eric Blake <eblake@redhat.com>
	Tue, 13 Aug 2013 20:19:14 +0000 (14:19 -0600)
committer	Eric Blake <eblake@redhat.com>
	Tue, 20 Aug 2013 16:46:58 +0000 (10:46 -0600)
commit	95577af442e503bb209808b04b6482c895c9f561
tree	df27754c92af66fb1ecce1b93e6ffd2728f9c783	tree \| snapshot
parent	0f082e699eda0ad14965c0bc75789c4bfac2bda7	commit \| diff

selinux: enhance test to cover nfs label failure

Daniel Berrange (correctly) pointed out that we should do a better
job of testing selinux labeling fallbacks on NFS disks that lack
labeling support.

* tests/securityselinuxhelper.c (includes): Makefile already
guaranteed xattr support. Add additional headers.
(init_syms): New function, borrowing from vircgroupmock.c.
(setfilecon_raw, getfilecon_raw): Fake NFS failure.
(statfs): Fake an NFS mount point.
(security_getenforce, security_get_boolean_active): Don't let host
environment affect test.
* tests/securityselinuxlabeldata/nfs.data: New file.
* tests/securityselinuxlabeldata/nfs.xml: New file.
* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
Fix memory leak.
(testSELinuxLabeling): Avoid infinite loop on dirty tree.
(mymain): Add new test.

tests/securityselinuxhelper.c		diff \| blob \| blame \| history
tests/securityselinuxlabeldata/nfs.txt	[new file with mode: 0644]	blob
tests/securityselinuxlabeldata/nfs.xml	[new file with mode: 0644]	blob
tests/securityselinuxlabeltest.c		diff \| blob \| blame \| history