diff options
Diffstat (limited to 'tests/selnx01.at')
-rw-r--r-- | tests/selnx01.at | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/tests/selnx01.at b/tests/selnx01.at new file mode 100644 index 0000000..7485cc8 --- /dev/null +++ b/tests/selnx01.at @@ -0,0 +1,98 @@ +# Process this file with autom4te to create testsuite. -*- Autotest -*- +# +# Test suite for GNU tar. +# Copyright 2012-2014, 2016 Free Software Foundation, Inc. + +# This file is part of GNU tar. + +# GNU tar is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# GNU tar is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Test description: +# +# This is basic test for selinux support (store & restore). + +AT_SETUP([selinux: basic store/restore]) +AT_KEYWORDS([xattrs selinux selnx01]) + +AT_TAR_CHECK([ +AT_XATTRS_UTILS_PREREQ +AT_SELINUX_PREREQ + +mkdir dir +genfile --file dir/file +ln -s file dir/link + +getfattr -h -d -msecurity.selinux dir dir/file dir/link > start + +restorecon -R dir +chcon -h --user=system_u dir +chcon -h --user=unconfined_u dir/file +chcon -h --user=system_u dir/link + +# archive whole directory including selinux contexts +tar --selinux -cf archive.tar dir + +# clear the directory +rm -rf dir + +# ================================================ +# check if selinux contexts are correctly restored + +tar --selinux -xf archive.tar + +# archive for later debugging +cp archive.tar archive_origin.tar + +# check if selinux contexts were restored +getfattr -h -d dir dir/file dir/link -msecurity.selinux | \ + grep -v -e '^#' -e ^$ | cut -d: -f1 + +# =========================================================================== +# check if selinux contexts are not restored when --selinux option is missing + +getfattr -h -d -msecurity.selinux dir dir/file dir/link > with_selinux +rm -rf dir +tar -xf archive.tar +getfattr -h -d -msecurity.selinux dir dir/file dir/link > without_selinux + +diff with_selinux without_selinux > diff_with_without +if test "$?" -eq "0"; then + echo "selinux contexts probably restored while --selinux is off" +fi + +# ================================================================= +# check if selinux is not archived when --selinux option is missing + +tar -cf archive.tar dir + +# clear the directory +rm -rf dir + +# restore (with --selinux) +tar --selinux -xf archive.tar dir + +getfattr -h -d -msecurity.selinux dir dir/file dir/link > final +diff start final > final_diff +if test "$?" -ne "0"; then + echo "bad result" +fi + +], +[0], +[security.selinux="system_u +security.selinux="unconfined_u +security.selinux="system_u +]) + +AT_CLEANUP |