| Message ID | 20250217130839.2392666-1-pvorel@suse.cz (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [1/2] tst_security.sh: Fix SELinux detection | expand |
Hi! Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com> On 2/17/25 14:08, Petr Vorel wrote: > Some SLES15 versions create /selinux directory which fails the detection > if SELinux is actually not enabled. Therefore detect if directory > actually contains the 'enforce' file. > > Also drop /selinux directory detection and detect only /sys/fs/selinux, > /sys/fs/selinux mount point was added in kernel 3.0 in commit > 7a627e3b9a2b ("SELINUX: add /sys/fs/selinux mount point to put selinuxfs") > 14 years is enough, kernel 3.0 is not even supported in current LTP and > we don't even support /selinux in C API (tst_security.c). > > Fixes: e7b804df65 ("shell: Add tst_security.sh helper") > Signed-off-by: Petr Vorel <pvorel@suse.cz> > --- > testcases/lib/tst_security.sh | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh > index 05640234ea..356c28fc73 100644 > --- a/testcases/lib/tst_security.sh > +++ b/testcases/lib/tst_security.sh > @@ -127,8 +127,7 @@ tst_get_selinux_dir() > { > local dir="/sys/fs/selinux" > > - [ -d "$dir" ] || dir="/selinux" > - [ -d "$dir" ] && echo "$dir" > + [ -f "$dir/enforce" ] && echo "$dir" > } > > # Get SELinux enforce file path
Hi Andrea, > Hi! Thanks for your review, merged as a needed fix. Kind regards, Petr > Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com> > On 2/17/25 14:08, Petr Vorel wrote: > > Some SLES15 versions create /selinux directory which fails the detection > > if SELinux is actually not enabled. Therefore detect if directory > > actually contains the 'enforce' file. > > Also drop /selinux directory detection and detect only /sys/fs/selinux, > > /sys/fs/selinux mount point was added in kernel 3.0 in commit > > 7a627e3b9a2b ("SELINUX: add /sys/fs/selinux mount point to put selinuxfs") > > 14 years is enough, kernel 3.0 is not even supported in current LTP and > > we don't even support /selinux in C API (tst_security.c). > > Fixes: e7b804df65 ("shell: Add tst_security.sh helper") > > Signed-off-by: Petr Vorel <pvorel@suse.cz> > > --- > > testcases/lib/tst_security.sh | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh > > index 05640234ea..356c28fc73 100644 > > --- a/testcases/lib/tst_security.sh > > +++ b/testcases/lib/tst_security.sh > > @@ -127,8 +127,7 @@ tst_get_selinux_dir() > > { > > local dir="/sys/fs/selinux" > > - [ -d "$dir" ] || dir="/selinux" > > - [ -d "$dir" ] && echo "$dir" > > + [ -f "$dir/enforce" ] && echo "$dir" > > } > > # Get SELinux enforce file path
diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh index 05640234ea..356c28fc73 100644 --- a/testcases/lib/tst_security.sh +++ b/testcases/lib/tst_security.sh @@ -127,8 +127,7 @@ tst_get_selinux_dir() { local dir="/sys/fs/selinux" - [ -d "$dir" ] || dir="/selinux" - [ -d "$dir" ] && echo "$dir" + [ -f "$dir/enforce" ] && echo "$dir" } # Get SELinux enforce file path
Some SLES15 versions create /selinux directory which fails the detection if SELinux is actually not enabled. Therefore detect if directory actually contains the 'enforce' file. Also drop /selinux directory detection and detect only /sys/fs/selinux, /sys/fs/selinux mount point was added in kernel 3.0 in commit 7a627e3b9a2b ("SELINUX: add /sys/fs/selinux mount point to put selinuxfs") 14 years is enough, kernel 3.0 is not even supported in current LTP and we don't even support /selinux in C API (tst_security.c). Fixes: e7b804df65 ("shell: Add tst_security.sh helper") Signed-off-by: Petr Vorel <pvorel@suse.cz> --- testcases/lib/tst_security.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)