[PATCH] --secontext: Implement displaying of expected context upon mismatch

[Renaud Métrich]

OK fixing this then to just avoid checking anything.

@@ -190,10 +190,10 @@ char *
  secontext_full_file(const char *filename, bool mismatch)
  {
         char *context = raw_secontext_full_file(filename);
-       if (mismatch) {
+       if (context && mismatch) {
                 char *expected = 
raw_expected_secontext_full_file(filename);
-               if (expected && (!context || strcmp(context, expected))) {
-                       char *context_mismatch = xasprintf("%s!!%s", 
context ? context : "", expected);
+               if (expected && strcmp(context, expected)) {
+                       char *context_mismatch = xasprintf("%s!!%s", 
context, expected);

On 1/3/22 16:19, Dmitry V. Levin wrote:
> I've seen context == NULL in a system where selinux is not enabled.
>
>> what just means the context of the file couldn't be retrieved (e.g.
>> issue with extended attribute), but still
>> raw_expected_secontext_full_file(), which reads from the database, can
>> contain a context, so I think it should be considered as different.
> When context == NULL, raw_expected_secontext_full_file() is likely to exit
> with perror_msg_and_skip("selabel_open"), I've seen this behaviour in a
> system where selinux is not enabled.  However, when context == NULL but
> raw_expected_secontext_full_file() != NULL, the test will fail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20220103/734a1e3e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20220103/734a1e3e/attachment.bin>