[PATCH] --secontext: Implement displaying of expected context upon mismatch
Dmitry V. Levin
ldv at altlinux.org
Mon Jan 3 14:03:07 UTC 2022
On Mon, Jan 03, 2022 at 10:43:25AM +0100, Renaud Métrich wrote:
[...]
> >> char *
> >> -secontext_full_file(const char *filename)
> >> +secontext_full_file(const char *filename, bool mismatch)
> >> {
> >> - return FORMAT_SPACE_BEFORE(raw_secontext_full_file(filename));
> >> + char *context = raw_secontext_full_file(filename);
> >> + if (mismatch) {
> >> + char *expected = raw_expected_secontext_full_file(filename);
> >> + if (expected && strcmp(context, expected) != 0) {
> > What if context == NULL here?
> >
> That's wrong indeed. But I have no test case that hit this.
>
> Fixed as
>
> @@ -192,8 +192,8 @@ secontext_full_file(const char *filename, bool mismatch)
> char *context = raw_secontext_full_file(filename);
> if (mismatch) {
> char *expected =
> raw_expected_secontext_full_file(filename);
> - if (expected && strcmp(context, expected) != 0) {
> - char *context_mismatch = xasprintf("%s!!%s",
> context, expected);
> + if (expected && (!context || strcmp(context, expected))) {
> + char *context_mismatch = xasprintf("%s!!%s",
> context ? context : "", expected);
context == NULL means that getfilecon() has failed to obtain the context.
When this happens in strace, both selinux_getfdcon() and
selinux_getfilecon() return -1, that is, no context is printed at all.
Why the test expects strace to print a context mismatch in this case?
--
ldv
More information about the Strace-devel
mailing list