Re: [PATCH] tests: fix false failure in cp --preserve=context test

[Pádraig Brady]

On 07/18/2014 03:07 PM, Bernhard Voelker wrote:
> On 07/18/2014 02:04 PM, Pádraig Brady wrote:
>> * tests/cp/cp-a-selinux.sh: Copy from a different file system to
>> most likely have a different context that will test context
>> setting logic correctly.
> 
>> diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh
>> index db0d689..58887d2 100755
>> --- a/tests/cp/cp-a-selinux.sh
>> +++ b/tests/cp/cp-a-selinux.sh
>> @@ -41,6 +41,7 @@ ls -Z d | grep $ctx || fail=1
>> [...]
>> @@ -110,12 +111,15 @@ test $skip = 1 \
>>
>>   cd mnt                                       || framework_failure_
>>
>> -echo > f                                     || framework_failure_
>> -
>> +# Create files with hopefully different contexts
>> +echo > ../f                                  || framework_failure_
>>   echo > g                                     || framework_failure_
>> +test "$(stat -c%C ../f)" = "$(stat -c%C g)" &&
>> +  skip_ "files on separate file systems have the same security context"
>> +
> 
> Not ever worked with SELinux contexts, but why should ".."
> have a different security context than "." (other than if it's
> really on a different file system)?
> And if that's true, then why should a "subdir" not have a different
> context, too - which could then be used instead?  (I'd somehow feel
> more comfortable with a "subdir" instead of using "..").
> 
>> +cp -Z --preserve=context ../f g && fail=1
>> +cp --preserve=context -Z ../f g && fail=1
>> +cp --preserve=context --context="$ctx" ../f g && fail=1
>>
>>   Exit $fail
> 
> (How) does "../f" get deleted?
> 
> Otherwise +1.
> 
> Thanks & have a nice day,
> Berny

creates a new file system in file
mounts it loop back with a specific context
cd mount point
touch file_with_mount_context
touch ../file_with_standard_context

All files are removed on test completion

thanks,
Pádraig