|
|
f180de |
diff -urNp coreutils-8.22-orig/tests/cp/cp-a-selinux.sh coreutils-8.22/tests/cp/cp-a-selinux.sh
|
|
|
f180de |
--- coreutils-8.22-orig/tests/cp/cp-a-selinux.sh 2013-12-04 15:48:30.000000000 +0100
|
|
|
f180de |
+++ coreutils-8.22/tests/cp/cp-a-selinux.sh 2015-08-17 13:59:27.837012142 +0200
|
|
|
f180de |
@@ -4,7 +4,7 @@
|
|
|
f180de |
# Check also locally if --preserve=context, -a and --preserve=all
|
|
|
f180de |
# does work
|
|
|
f180de |
|
|
|
f180de |
-# Copyright (C) 2007-2013 Free Software Foundation, Inc.
|
|
|
f180de |
+# Copyright (C) 2007-2015 Free Software Foundation, Inc.
|
|
|
f180de |
|
|
|
f180de |
# This program is free software: you can redistribute it and/or modify
|
|
|
f180de |
# it under the terms of the GNU General Public License as published by
|
|
|
f180de |
@@ -37,16 +37,36 @@ cp -a c d 2>err || framework_failure_
|
|
|
f180de |
cp --preserve=context c e || framework_failure_
|
|
|
f180de |
cp --preserve=all c f || framework_failure_
|
|
|
f180de |
ls -Z d | grep $ctx || fail=1
|
|
|
f180de |
-test -s err && fail=1 #there must be no stderr output for -a
|
|
|
f180de |
+# there must be no stderr output for -a
|
|
|
f180de |
+compare /dev/null err || fail=1
|
|
|
f180de |
ls -Z e | grep $ctx || fail=1
|
|
|
f180de |
ls -Z f | grep $ctx || fail=1
|
|
|
f180de |
+rm -f f
|
|
|
f180de |
+
|
|
|
f180de |
+# Check handling of existing dirs which requires specific handling
|
|
|
f180de |
+# due to recursion, and was handled incorrectly in coreutils-8.22
|
|
|
f180de |
+# Note standard permissions are updated for existing directories
|
|
|
f180de |
+# in the destination, so SELinux contexts should be updated too.
|
|
|
f180de |
+chmod o+rw restore/existing_dir
|
|
|
f180de |
+mkdir -p backup/existing_dir/ || framework_failure_
|
|
|
f180de |
+ls -Zd backup/existing_dir > ed_ctx || fail=1
|
|
|
f180de |
+grep $ctx ed_ctx && framework_failure_
|
|
|
f180de |
+touch backup/existing_dir/file || framework_failure_
|
|
|
f180de |
+chcon $ctx backup/existing_dir/file || framework_failure_
|
|
|
f180de |
+# Set the dir context to ensure it is reset
|
|
|
f180de |
+mkdir -p --context="$ctx" restore/existing_dir || framework_failure_
|
|
|
f180de |
+# Copy and ensure existing directories updated
|
|
|
f180de |
+cp -a backup/. restore/
|
|
|
f180de |
+ls -Zd restore/existing_dir > ed_ctx || fail=1
|
|
|
f180de |
+grep $ctx ed_ctx &&
|
|
|
f180de |
+ { ls -lZd restore/existing_dir; fail=1; }
|
|
|
f180de |
|
|
|
f180de |
# Check restorecon (-Z) functionality for file and directory
|
|
|
f180de |
get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; }
|
|
|
f180de |
# Also make a dir with our known context
|
|
|
f180de |
mkdir c_d || framework_failure_
|
|
|
f180de |
chcon $ctx c_d || framework_failure_
|
|
|
f180de |
-# Get the type of this known context for file and dir
|
|
|
f180de |
+# Get the type of this known context for file and dir for tracing
|
|
|
f180de |
old_type_f=$(get_selinux_type c)
|
|
|
f180de |
old_type_d=$(get_selinux_type c_d)
|
|
|
f180de |
# Setup copies for manipulation with restorecon
|
|
|
f180de |
@@ -62,7 +82,7 @@ if restorecon Z1 Z1_d 2>/dev/null; then
|
|
|
f180de |
cpZ_type_f=$(get_selinux_type Z2)
|
|
|
f180de |
test "$cpZ_type_f" = "$new_type_f" || fail=1
|
|
|
f180de |
|
|
|
f180de |
- # Ensuze -Z overrides -a and that dirs are handled too
|
|
|
f180de |
+ # Ensure -Z overrides -a and that dirs are handled too
|
|
|
f180de |
cp -aZ c Z3 || fail=1
|
|
|
f180de |
cp -aZ c_d Z3_d || fail=1
|
|
|
f180de |
cpaZ_type_f=$(get_selinux_type Z3)
|
|
|
f180de |
@@ -93,27 +113,30 @@ test $skip = 1 \
|
|
|
f180de |
|
|
|
f180de |
cd mnt || framework_failure_
|
|
|
f180de |
|
|
|
f180de |
-echo > f || framework_failure_
|
|
|
f180de |
-
|
|
|
f180de |
+# Create files with hopefully different contexts
|
|
|
f180de |
+echo > ../f || framework_failure_
|
|
|
f180de |
echo > g || framework_failure_
|
|
|
f180de |
+test "$(stat -c%C ../f)" = "$(stat -c%C g)" &&
|
|
|
f180de |
+ skip_ "files on separate file systems have the same security context"
|
|
|
f180de |
+
|
|
|
f180de |
# /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp
|
|
|
f180de |
# succeed (giving no diagnostics), yet leaving the destination file empty.
|
|
|
f180de |
-cp -a f g 2>err || fail=1
|
|
|
f180de |
+cp -a ../f g 2>err || fail=1
|
|
|
f180de |
test -s g || fail=1 # The destination file must not be empty.
|
|
|
f180de |
-test -s err && fail=1 # There must be no stderr output.
|
|
|
f180de |
+compare /dev/null err || fail=1
|
|
|
f180de |
|
|
|
f180de |
# =====================================================
|
|
|
f180de |
# Here, we expect cp to succeed and not warn with "Operation not supported"
|
|
|
f180de |
rm -f g
|
|
|
f180de |
echo > g
|
|
|
f180de |
-cp --preserve=all f g 2>err || fail=1
|
|
|
f180de |
+cp --preserve=all ../f g 2>err || fail=1
|
|
|
f180de |
test -s g || fail=1
|
|
|
f180de |
grep "Operation not supported" err && fail=1
|
|
|
f180de |
|
|
|
f180de |
# =====================================================
|
|
|
f180de |
# The same as above except destination does not exist
|
|
|
f180de |
rm -f g
|
|
|
f180de |
-cp --preserve=all f g 2>err || fail=1
|
|
|
f180de |
+cp --preserve=all ../f g 2>err || fail=1
|
|
|
f180de |
test -s g || fail=1
|
|
|
f180de |
grep "Operation not supported" err && fail=1
|
|
|
f180de |
|
|
|
f180de |
@@ -133,9 +156,9 @@ echo > g
|
|
|
f180de |
# =====================================================
|
|
|
f180de |
# Here, we expect cp to fail, because it cannot set the SELinux
|
|
|
f180de |
# security context through NFS or a mount with fixed context.
|
|
|
f180de |
-cp --preserve=context f g 2> out && fail=1
|
|
|
f180de |
+cp --preserve=context ../f g 2> out && fail=1
|
|
|
f180de |
# Here, we *do* expect the destination to be empty.
|
|
|
f180de |
-test -s g && fail=1
|
|
|
f180de |
+compare /dev/null g || fail=1
|
|
|
f180de |
sed "s/ .g'.*//" out > k
|
|
|
f180de |
mv k out
|
|
|
f180de |
compare exp out || fail=1
|
|
|
f180de |
@@ -143,9 +166,9 @@ compare exp out || fail=1
|
|
|
f180de |
rm -f g
|
|
|
f180de |
echo > g
|
|
|
f180de |
# Check if -a option doesn't silence --preserve=context option diagnostics
|
|
|
f180de |
-cp -a --preserve=context f g 2> out2 && fail=1
|
|
|
f180de |
+cp -a --preserve=context ../f g 2> out2 && fail=1
|
|
|
f180de |
# Here, we *do* expect the destination to be empty.
|
|
|
f180de |
-test -s g && fail=1
|
|
|
f180de |
+compare /dev/null g || fail=1
|
|
|
f180de |
sed "s/ .g'.*//" out2 > k
|
|
|
f180de |
mv k out2
|
|
|
f180de |
compare exp out2 || fail=1
|
|
|
f180de |
@@ -154,31 +177,33 @@ for no_g_cmd in '' 'rm -f g'; do
|
|
|
f180de |
# restorecon equivalent. Note even though the context
|
|
|
f180de |
# returned from matchpathcon() will not match $ctx
|
|
|
f180de |
# the resulting ENOTSUP warning will be suppressed.
|
|
|
f180de |
+
|
|
|
f180de |
# With absolute path
|
|
|
f180de |
$no_g_cmd
|
|
|
f180de |
- cp -Z f $(realpath g) || fail=1
|
|
|
f180de |
+ cp -Z ../f $(realpath g) || fail=1
|
|
|
f180de |
# With relative path
|
|
|
f180de |
$no_g_cmd
|
|
|
f180de |
- cp -Z f g || fail=1
|
|
|
f180de |
+ cp -Z ../f g || fail=1
|
|
|
f180de |
# -Z overrides -a
|
|
|
f180de |
$no_g_cmd
|
|
|
f180de |
- cp -Z -a f g || fail=1
|
|
|
f180de |
+ cp -Z -a ../f g || fail=1
|
|
|
f180de |
# -Z doesn't take an arg
|
|
|
f180de |
$no_g_cmd
|
|
|
f180de |
- cp -Z "$ctx" f g && fail=1
|
|
|
f180de |
+ returns_ 1 cp -Z "$ctx" ../f g || fail=1
|
|
|
f180de |
|
|
|
f180de |
# Explicit context
|
|
|
f180de |
$no_g_cmd
|
|
|
f180de |
# Explicitly defaulting to the global $ctx should work
|
|
|
f180de |
- cp --context="$ctx" f g || fail=1
|
|
|
f180de |
+ cp --context="$ctx" ../f g || fail=1
|
|
|
f180de |
# --context overrides -a
|
|
|
f180de |
$no_g_cmd
|
|
|
f180de |
- cp -a --context="$ctx" f g || fail=1
|
|
|
f180de |
+ cp -a --context="$ctx" ../f g || fail=1
|
|
|
f180de |
done
|
|
|
f180de |
|
|
|
f180de |
-# Mutually exlusive options
|
|
|
f180de |
-cp -Z --preserve=context f g && fail=1
|
|
|
f180de |
-cp --preserve=context -Z f g && fail=1
|
|
|
f180de |
-cp --preserve=context --context="$ctx" f g && fail=1
|
|
|
f180de |
+# Mutually exclusive options
|
|
|
f180de |
+returns_ 1 cp -Z --preserve=context ../f g || fail=1
|
|
|
f180de |
+returns_ 1 cp --preserve=context -Z ../f g || fail=1
|
|
|
f180de |
+returns_ 1 cp --preserve=context --context="$ctx" ../f g || fail=1
|
|
|
f180de |
|
|
|
f180de |
Exit $fail
|
|
|
f180de |
+
|
|
|
f180de |
diff -urNp coreutils-8.22-orig/tests/du/2g.sh coreutils-8.22/tests/du/2g.sh
|
|
|
f180de |
--- coreutils-8.22-orig/tests/du/2g.sh 2013-12-04 15:48:30.000000000 +0100
|
|
|
f180de |
+++ coreutils-8.22/tests/du/2g.sh 2015-08-17 13:59:37.349088611 +0200
|
|
|
f180de |
@@ -3,7 +3,7 @@
|
|
|
f180de |
# Before coreutils-5.93, on systems with a signed, 32-bit stat.st_blocks
|
|
|
f180de |
# one of du's computations would overflow.
|
|
|
f180de |
|
|
|
f180de |
-# Copyright (C) 2005-2013 Free Software Foundation, Inc.
|
|
|
f180de |
+# Copyright (C) 2005-2015 Free Software Foundation, Inc.
|
|
|
f180de |
|
|
|
f180de |
# This program is free software: you can redistribute it and/or modify
|
|
|
f180de |
# it under the terms of the GNU General Public License as published by
|
|
|
f180de |
@@ -24,13 +24,9 @@ print_ver_ du
|
|
|
f180de |
# Creating a 2GB file counts as 'very expensive'.
|
|
|
f180de |
very_expensive_
|
|
|
f180de |
|
|
|
f180de |
-
|
|
|
f180de |
# Get number of free kilobytes on current partition, so we can
|
|
|
f180de |
# skip this test if there is insufficient free space.
|
|
|
f180de |
-
|
|
|
f180de |
-# This technique relies on the fact that the 'Available' kilobyte
|
|
|
f180de |
-# count is the number just before the one with a trailing '%'.
|
|
|
f180de |
-free_kb=$(df -kP .|tail -1|sed 's/ [0-9][0-9]*%.*//;s/ *$//;s/.* //')
|
|
|
f180de |
+free_kb=$(df -k --output=avail . | tail -n1)
|
|
|
f180de |
case "$free_kb" in
|
|
|
f180de |
[0-9]*) ;;
|
|
|
f180de |
*) skip_ "invalid size from df: $free_kb";;
|
|
|
f180de |
@@ -45,16 +41,22 @@ test $min_kb -lt $free_kb ||
|
|
|
f180de |
}
|
|
|
f180de |
|
|
|
f180de |
big=big
|
|
|
f180de |
-rm -f $big
|
|
|
f180de |
-test -t 1 || printf 'creating a 2GB file...\n'
|
|
|
f180de |
-for i in $(seq 100); do
|
|
|
f180de |
- # Note: 2147483648 == 2^31. Print floor(2^31/100) per iteration.
|
|
|
f180de |
- printf %21474836s x >> $big || fail=1
|
|
|
f180de |
- # On the final iteration, append the remaining 48 bytes.
|
|
|
f180de |
- test $i = 100 && { printf %48s x >> $big || fail=1; }
|
|
|
f180de |
- test -t 1 && printf 'creating a 2GB file: %d%% complete\r' $i
|
|
|
f180de |
-done
|
|
|
f180de |
-echo
|
|
|
f180de |
+
|
|
|
f180de |
+if ! fallocate -l2G $big; then
|
|
|
f180de |
+ rm -f $big
|
|
|
f180de |
+ {
|
|
|
f180de |
+ is_local_dir_ . || skip 'Not writing 2GB data to remote'
|
|
|
f180de |
+ for i in $(seq 100); do
|
|
|
f180de |
+ # Note: 2147483648 == 2^31. Print floor(2^31/100) per iteration.
|
|
|
f180de |
+ printf %21474836s x || fail=1
|
|
|
f180de |
+ done
|
|
|
f180de |
+ # After the final iteration, append the remaining 48 bytes.
|
|
|
f180de |
+ printf %48s x || fail=1
|
|
|
f180de |
+ } > $big || fail=1
|
|
|
f180de |
+fi
|
|
|
f180de |
+
|
|
|
f180de |
+# The allocation may be done asynchronously (BTRFS for example)
|
|
|
f180de |
+sync $big || framework_failure_
|
|
|
f180de |
|
|
|
f180de |
du -k $big > out1 || fail=1
|
|
|
f180de |
rm -f $big
|
|
|
f180de |
diff -urNp coreutils-8.22-orig/tests/init.sh coreutils-8.22/tests/init.sh
|
|
|
f180de |
--- coreutils-8.22-orig/tests/init.sh 2013-12-04 15:48:30.000000000 +0100
|
|
|
f180de |
+++ coreutils-8.22/tests/init.sh 2015-08-17 13:59:19.900948318 +0200
|
|
|
f180de |
@@ -93,6 +93,27 @@ skip_ () { warn_ "$ME_: skipped test: $@
|
|
|
f180de |
fatal_ () { warn_ "$ME_: hard error: $@"; Exit 99; }
|
|
|
f180de |
framework_failure_ () { warn_ "$ME_: set-up failure: $@"; Exit 99; }
|
|
|
f180de |
|
|
|
f180de |
+# This is used to simplify checking of the return value
|
|
|
f180de |
+# which is useful when ensuring a command fails as desired.
|
|
|
f180de |
+# I.e., just doing `command ... &&fail=1` will not catch
|
|
|
f180de |
+# a segfault in command for example. With this helper you
|
|
|
f180de |
+# instead check an explicit exit code like
|
|
|
f180de |
+# returns_ 1 command ... || fail
|
|
|
f180de |
+returns_ () {
|
|
|
f180de |
+ # Disable tracing so it doesn't interfere with stderr of the wrapped command
|
|
|
f180de |
+ { set +x; } 2>/dev/null
|
|
|
f180de |
+
|
|
|
f180de |
+ local exp_exit="$1"
|
|
|
f180de |
+ shift
|
|
|
f180de |
+ "$@"
|
|
|
f180de |
+ test $? -eq $exp_exit && ret_=0 || ret_=1
|
|
|
f180de |
+
|
|
|
f180de |
+ if test "$VERBOSE" = yes && test "$gl_set_x_corrupts_stderr_" = false; then
|
|
|
f180de |
+ set -x
|
|
|
f180de |
+ fi
|
|
|
f180de |
+ { return $ret_; } 2>/dev/null
|
|
|
f180de |
+}
|
|
|
f180de |
+
|
|
|
f180de |
# Sanitize this shell to POSIX mode, if possible.
|
|
|
f180de |
DUALCASE=1; export DUALCASE
|
|
|
f180de |
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
|
|
|
f180de |
diff -urNp coreutils-8.22-orig/tests/local.mk coreutils-8.22/tests/local.mk
|
|
|
f180de |
--- coreutils-8.22-orig/tests/local.mk 2015-08-17 12:44:49.343344148 +0200
|
|
|
f180de |
+++ coreutils-8.22/tests/local.mk 2015-08-17 13:59:12.124885835 +0200
|
|
|
f180de |
@@ -121,7 +121,6 @@ all_root_tests = \
|
|
|
f180de |
tests/install/install-C-root.sh \
|
|
|
f180de |
tests/ls/capability.sh \
|
|
|
f180de |
tests/ls/nameless-uid.sh \
|
|
|
f180de |
- tests/misc/chcon.sh \
|
|
|
f180de |
tests/misc/chroot-credentials.sh \
|
|
|
f180de |
tests/misc/selinux.sh \
|
|
|
f180de |
tests/misc/truncate-owned-by-other.sh \
|