bug#8359: [PATCH] Unit tests: Properly detect whether SELinux is enabled or not.

[Jim Meyering]

Mathieu Bridon wrote:
> On Mon, 2011-03-28 at 09:54 +0200, Jim Meyering wrote:
>> Mathieu Bridon wrote:
> [... snip ...]
>> > A better way to test if SELinux is enabled is to search for the SELinux
>> > filesystem (see the above bug report). This is what this commit does.
>>
>> Thank you for the diagnosis and patch.
>> However, I can't use that as-is, since removing the existing test would
>> mistakenly enable guaranteed-to-fail tests that are run from a file system
>> that does not support SELinux on a system for which it is enabled.
>
> Right, I didn't think about this case. :-/
>
>> Hmm... actually, I now have mixed feelings about this change.
>> Having SELinux enabled for id --context is conceptually a very
>> different thing from having an SELinux-enabled file system.
>> Now, I'm thinking that your new condition should guard only the id-context
>> test, rather than causing us to skip all FS-context-requiring tests.
>> In your environment, does any test other than id-context fail without
>> this patch?
>
> Yes, 3 tests are failing:
>  - misc/id-context
>  - id/no-context
>  - install/install-C-selinux
>
> The three are skipped (which is expected) after applying the patch I
> submitted. I didn't try with your version of the patch, but looking at
> it I think it's safe to assume they would be skipped as well.

Thanks.

I've decided not to bother separating the tests after all:
less risk of introducing false-positive failures that way.
I had to make one more change to avoid the syntax-check
failure due to the new use of "filesystems":
(we prefer to spell it "file systems";  I've exempted
the entire init.cfg file rather than obfuscating it e.g., via
/proc/file''systems)

Here's what I've pushed.
I've closed the bug, but you're welcome to reopen if problems persist.

>From 17a7e4592727b44d0a5550d1340e354786109af7 Mon Sep 17 00:00:00 2001
From: Mathieu Bridon <address@hidden>
Date: Mon, 28 Mar 2011 09:39:53 +0200
Subject: [PATCH] tests: avoid unwarranted failure in mock-simulated
 non-SELinux env.

* tests/init.cfg (require_selinux_): Skip the test also when
/proc/filesystems does not list selinuxfs.
Add comments.
* cfg.mk (exclude_file_name_regexp--sc_file_system): Exempt
tests/init.cfg, with its use of /proc/filesystems.
Based on the patch by Mathieu Bridon in http://debbugs.gnu.org/8359.
More discussion in http://bugzilla.redhat.com/573111
---
 cfg.mk         |    3 ++-
 tests/init.cfg |    7 +++++++
 2 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/cfg.mk b/cfg.mk
index fe2dd13..99a6e5e 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -345,7 +345,8 @@ exclude_file_name_regexp--sc_po_check = ^gl/
 exclude_file_name_regexp--sc_prohibit_always-defined_macros = ^src/seq\.c$$
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = ^tests/pr/
 exclude_file_name_regexp--sc_program_name = ^(gl/.*|lib/euidaccess-stat)\.c$$
-exclude_file_name_regexp--sc_file_system = NEWS|^(src/df\.c|tests/misc/df-P)$$
+exclude_file_name_regexp--sc_file_system = \
+  NEWS|^(tests/init\.cfg|src/df\.c|tests/misc/df-P)$$
 exclude_file_name_regexp--sc_prohibit_always_true_header_tests = \
   ^m4/stat-prog\.m4$$
 exclude_file_name_regexp--sc_prohibit_fail_0 = \
diff --git a/tests/init.cfg b/tests/init.cfg
index f74d50c..0711455 100644
--- a/tests/init.cfg
+++ b/tests/init.cfg
@@ -216,6 +216,13 @@ skip_if_()

 require_selinux_()
 {
+  # When in a chroot of an SELinux-enabled system, but with a mock-simulated
+  # SELinux-*disabled* system, recognize that SELinux is disabled system wide:
+  grep 'selinuxfs$' /proc/filesystems > /dev/null \
+    || skip_test_ "this system lacks SELinux support"
+
+  # Independent of whether SELinux is enabled system-wide,
+  # the current file system may lack SELinux support.
   case `ls -Zd .` in
     '? .'|'unlabeled .')
       skip_test_ "this system (or maybe just" \
--
1.7.4.1.688.g95e3e