| Message ID | 20230314165858.498705-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | [testsuite] tests/atsecure: avoid running bash under test domains | expand |
On Tue, Mar 14, 2023 at 5:58 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > The 'env' utility can be used just as well. This avoids the "bash: > /root/.bashrc: Permission denied" error message that appears when the > testsuite is ran with a terminal attached to the stdout/stdin and the > corresponding AVC denials. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > tests/atsecure/test | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tests/atsecure/test b/tests/atsecure/test > index 59ba3a4..4079a1b 100755 > --- a/tests/atsecure/test > +++ b/tests/atsecure/test > @@ -20,12 +20,12 @@ ok( $result, 0 ); > > # Verify that LD_PRELOAD is ignored when noatsecure permission is not allowed. > $result = system( > -"runcon -t test_atsecure_denied_t -- bash -c 'LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good'" > +"runcon -t test_atsecure_denied_t -- env LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good" > ); > ok( $result, 0 ); > > # Verify that LD_PRELOAD is honored when noatsecure permission is allowed. > $result = system( > -"runcon -t test_atsecure_allowed_t -- bash -c 'LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good'" > +"runcon -t test_atsecure_allowed_t -- env LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good" > ); > ok($result); > -- > 2.39.2 > Applied: https://github.com/SELinuxProject/selinux-testsuite/commit/17fecc443e267407f2f48e2cb17fbe83699f235d
diff --git a/tests/atsecure/test b/tests/atsecure/test index 59ba3a4..4079a1b 100755 --- a/tests/atsecure/test +++ b/tests/atsecure/test @@ -20,12 +20,12 @@ ok( $result, 0 ); # Verify that LD_PRELOAD is ignored when noatsecure permission is not allowed. $result = system( -"runcon -t test_atsecure_denied_t -- bash -c 'LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good'" +"runcon -t test_atsecure_denied_t -- env LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good" ); ok( $result, 0 ); # Verify that LD_PRELOAD is honored when noatsecure permission is allowed. $result = system( -"runcon -t test_atsecure_allowed_t -- bash -c 'LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good'" +"runcon -t test_atsecure_allowed_t -- env LD_PRELOAD=$basedir/evil.so runcon -t test_atsecure_newdomain_t $basedir/good" ); ok($result);
The 'env' utility can be used just as well. This avoids the "bash: /root/.bashrc: Permission denied" error message that appears when the testsuite is ran with a terminal attached to the stdout/stdin and the corresponding AVC denials. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- tests/atsecure/test | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)