From: Eric Biggers <ebiggers3@gmail.com>
To: Theodore Ts'o <tytso@mit.edu>
Cc: fstests@vger.kernel.org, Eric Biggers <ebiggers@google.com>
Subject: [PATCH] android-xfstests: allow detection of SELinux
Date: Fri, 10 Mar 2017 16:53:06 -0800 [thread overview]
Message-ID: <20170311005306.129624-1-ebiggers3@gmail.com> (raw)
From: Eric Biggers <ebiggers@google.com>
xfstests is supposed to disable the creation of SELinux xattrs because
this interferes with some tests (e.g. generic/062 and generic/377), but
this was not working on Android. For the android-xfstests portion of
the fix, make the following changes:
1. To stop the mount program from stripping the 'context' mount option,
mount selinuxfs and create an empty /etc/selinux/config. This makes the
is_selinux_enabled() function from libselinux return true.
2. To stop xfstests from thinking that SELinux is disabled, link
/usr/sbin/selinuxenabled to /bin/true. (Note: getting the real version
of selinuxenabled by adding selinux-utils to the chroot tarball would
also work, though no other programs from it are needed yet, and some
don't work in the chroot environment yet.)
In combination with the xfstests patch to stop hard-coding SELinux
contexts in xfstests, this fixes the failing tests.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
kvm-xfstests/android-xfstests | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/kvm-xfstests/android-xfstests b/kvm-xfstests/android-xfstests
index 7e3eab3..e798c7e 100755
--- a/kvm-xfstests/android-xfstests
+++ b/kvm-xfstests/android-xfstests
@@ -81,6 +81,14 @@ chroot_prepare()
! mountpoint $CHROOT_DIR/proc > /dev/null && mount proc -t proc $CHROOT_DIR/proc
! mountpoint $CHROOT_DIR/dev > /dev/null && mount --bind /dev $CHROOT_DIR/dev
+# Allow xfstests to detect that SELinux is in use.
+! mountpoint $CHROOT_DIR/sys/fs/selinux > /dev/null && \
+ mount selinuxfs -t selinuxfs $CHROOT_DIR/sys/fs/selinux
+touch $CHROOT_DIR/etc/selinux/config
+if [ ! -e $CHROOT_DIR/usr/sbin/selinuxenabled ]; then
+ ln $CHROOT_DIR/bin/true $CHROOT_DIR/usr/sbin/selinuxenabled
+fi
+
# 'mountpoint' doesn't work with directory bind mounts; use /proc/mounts instead
if ! cut -d' ' -f2 /proc/mounts 2>/dev/null | grep -q '^$CHROOT_DIR/results$'; then
mkdir -p $RESULTS_DIR
@@ -92,6 +100,7 @@ EOF
chroot_wipe()
{
cat <<EOF | adb shell
+umount $CHROOT_DIR/sys/fs/selinux &> /dev/null
umount $CHROOT_DIR/sys &> /dev/null
umount $CHROOT_DIR/proc &> /dev/null
umount $CHROOT_DIR/dev &> /dev/null
--
2.12.0.246.ga2ecc84866-goog
next reply other threads:[~2017-03-11 0:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-11 0:53 Eric Biggers [this message]
2017-03-11 1:57 ` [PATCH] android-xfstests: allow detection of SELinux Theodore Ts'o
2017-03-11 3:47 ` Eric Biggers
2017-04-27 18:16 ` Eric Biggers
2017-04-29 16:40 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170311005306.129624-1-ebiggers3@gmail.com \
--to=ebiggers3@gmail.com \
--cc=ebiggers@google.com \
--cc=fstests@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox