[PATCH] --secontext: Implement displaying of expected context upon mismatch
Renaud Métrich
rmetrich at redhat.com
Mon Jan 3 14:32:17 UTC 2022
On 1/3/22 15:03, Dmitry V. Levin wrote:
>> @@ -192,8 +192,8 @@ secontext_full_file(const char *filename, bool mismatch)
>> char *context = raw_secontext_full_file(filename);
>> if (mismatch) {
>> char *expected =
>> raw_expected_secontext_full_file(filename);
>> - if (expected && strcmp(context, expected) != 0) {
>> - char *context_mismatch = xasprintf("%s!!%s",
>> context, expected);
>> + if (expected && (!context || strcmp(context, expected))) {
>> + char *context_mismatch = xasprintf("%s!!%s",
>> context ? context : "", expected);
> context == NULL means that getfilecon() has failed to obtain the context.
> When this happens in strace, both selinux_getfdcon() and
> selinux_getfilecon() return -1, that is, no context is printed at all.
Well no, context == NULL never happens, but if it is happening anyway,
what just means the context of the file couldn't be retrieved (e.g.
issue with extended attribute), but still
raw_expected_secontext_full_file(), which reads from the database, can
contain a context, so I think it should be considered as different.
> Why the test expects strace to print a context mismatch in this case?
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20220103/0b5d8cf5/attachment.bin>
More information about the Strace-devel
mailing list