mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
tests: stop stubbing libselinux APIs for purpose of data overrides
We currently create stub 'setcon', 'setcon_raw' and 'security_disable' APIs in the securityselinuxhelper.c mock, which set env variables to control how other mock'd libselinux APIs respond. These stubs merely set some env variables, and we have no need to call these stubs from the library code, only test code. The 'security_disable' API is now deprecated in libselinux, so we stubbing it generates compiler warnings. Rather than workaround that, just stop stubbing these APIs and set the required env variables directly. With this change, we now only mock API calls we actually use from the library code. Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
0fd36e9656
commit
c891f17c2b
@ -131,21 +131,6 @@ int getpidcon(pid_t pid, char **context)
|
|||||||
return getpidcon_raw(pid, context);
|
return getpidcon_raw(pid, context);
|
||||||
}
|
}
|
||||||
|
|
||||||
int setcon_raw(const char *context)
|
|
||||||
{
|
|
||||||
if (!is_selinux_enabled()) {
|
|
||||||
errno = EINVAL;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
int setcon(const char *context)
|
|
||||||
{
|
|
||||||
return setcon_raw(context);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int setfilecon_raw(const char *path, const char *con)
|
int setfilecon_raw(const char *path, const char *con)
|
||||||
{
|
{
|
||||||
const char *constr = con;
|
const char *constr = con;
|
||||||
@ -209,16 +194,6 @@ int is_selinux_enabled(void)
|
|||||||
return getenv("FAKE_SELINUX_DISABLED") == NULL;
|
return getenv("FAKE_SELINUX_DISABLED") == NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_disable(void)
|
|
||||||
{
|
|
||||||
if (!is_selinux_enabled()) {
|
|
||||||
errno = ENOENT;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
int security_getenforce(void)
|
int security_getenforce(void)
|
||||||
{
|
{
|
||||||
if (!is_selinux_enabled()) {
|
if (!is_selinux_enabled()) {
|
||||||
|
@ -333,7 +333,10 @@ mymain(void)
|
|||||||
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
|
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|
||||||
setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
|
if (!g_setenv("FAKE_SELINUX_CONTEXT", "system_r:system_u:libvirtd_t:s0:c0.c1023", TRUE)) {
|
||||||
|
perror("Cannot set process security context");
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
DO_TEST_LABELING("disks");
|
DO_TEST_LABELING("disks");
|
||||||
DO_TEST_LABELING("kernel");
|
DO_TEST_LABELING("kernel");
|
||||||
|
@ -211,7 +211,7 @@ testSELinuxGenLabel(const void *opaque)
|
|||||||
context_t con = NULL;
|
context_t con = NULL;
|
||||||
context_t imgcon = NULL;
|
context_t imgcon = NULL;
|
||||||
|
|
||||||
if (setcon_raw(data->pidcon) < 0) {
|
if (!g_setenv("FAKE_SELINUX_CONTEXT", data->pidcon, TRUE)) {
|
||||||
perror("Cannot set process security context");
|
perror("Cannot set process security context");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -124,7 +124,7 @@ static int testIdentityGetSystem(const void *data)
|
|||||||
static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
|
static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
|
||||||
{
|
{
|
||||||
#if WITH_SELINUX
|
#if WITH_SELINUX
|
||||||
return setcon_raw(data);
|
return g_setenv("FAKE_SELINUX_CONTEXT", data, TRUE) == TRUE ? 0 : -1;
|
||||||
#else
|
#else
|
||||||
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
|
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
|
||||||
return EXIT_AM_SKIP;
|
return EXIT_AM_SKIP;
|
||||||
@ -134,7 +134,7 @@ static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
|
|||||||
static int testDisableFakeSELinux(const void *data G_GNUC_UNUSED)
|
static int testDisableFakeSELinux(const void *data G_GNUC_UNUSED)
|
||||||
{
|
{
|
||||||
#if WITH_SELINUX
|
#if WITH_SELINUX
|
||||||
return security_disable();
|
return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
|
||||||
#else
|
#else
|
||||||
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
|
VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
|
||||||
return EXIT_AM_SKIP;
|
return EXIT_AM_SKIP;
|
||||||
|
Loading…
Reference in New Issue
Block a user