External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

securityselinuxhelper: Fix retval of setcon_raw() and security_disable()

Browse Source 
The securityselinuxhelper is a mock that's replacing libselinux
APIs with our own implementation to achieve deterministic
results. Our implementation uses env vars (among other things) to
hold internal state. For instance, "FAKE_SELINUX_CONTEXT" and
"FAKE_SELINUX_DISABLED" variables are used. However, as we were
switching from setenv() to g_setenv() we also changed the set of
possible retvals from setcon_raw() and security_disable().
Previously, the retval of setenv() was used directly which
returns 0 on success and -1 on error. But g_setenv() has
different retval semantics: it returns 1 on success and 0 on
error.

This discrepancy can be observed by running viridentitytest where
case #2 reports an error ("!") - because setcon_raw() returns 1.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Michal Privoznik 2021-05-10 10:33:02 +02:00
parent d1873e03b4
commit 4ce1106277
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/securityselinuxhelper.c
View File

@ -140,7 +140,7 @@ int setcon_raw(const char *context)
errno = EINVAL;
return -1;
}
return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE);
return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1;
}
int setcon(const char *context)
@ -219,7 +219,7 @@ int security_disable(void)
return -1;
}
return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE);
return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
}
int security_getenforce(void)