From 4ce11062779cee3eaec0b75d862e3d7341ec3511 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Mon, 10 May 2021 10:33:02 +0200 Subject: [PATCH] securityselinuxhelper: Fix retval of setcon_raw() and security_disable() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The securityselinuxhelper is a mock that's replacing libselinux APIs with our own implementation to achieve deterministic results. Our implementation uses env vars (among other things) to hold internal state. For instance, "FAKE_SELINUX_CONTEXT" and "FAKE_SELINUX_DISABLED" variables are used. However, as we were switching from setenv() to g_setenv() we also changed the set of possible retvals from setcon_raw() and security_disable(). Previously, the retval of setenv() was used directly which returns 0 on success and -1 on error. But g_setenv() has different retval semantics: it returns 1 on success and 0 on error. This discrepancy can be observed by running viridentitytest where case #2 reports an error ("!") - because setcon_raw() returns 1. Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- tests/securityselinuxhelper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c index b308ef5095..c3d6505ef2 100644 --- a/tests/securityselinuxhelper.c +++ b/tests/securityselinuxhelper.c @@ -140,7 +140,7 @@ int setcon_raw(const char *context) errno = EINVAL; return -1; } - return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE); + return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1; } int setcon(const char *context) @@ -219,7 +219,7 @@ int security_disable(void) return -1; } - return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE); + return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1; } int security_getenforce(void) -- 2.47.2