From 27fcee861acb9fb1c517db684626ede30f560872 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Mon, 30 Aug 2021 14:10:05 +0000 Subject: [PATCH 1/4] libtest: tweak selinux/relabel message --- tests/libtest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/libtest.sh b/tests/libtest.sh index f04ccaa0..3976bc5b 100755 --- a/tests/libtest.sh +++ b/tests/libtest.sh @@ -609,7 +609,7 @@ have_systemd_and_libmount() { # https://github.com/ostreedev/ostree/pull/1217 skip_without_no_selinux_or_relabel () { if ! have_selinux_relabel; then - skip "this test requires xattr support" + skip "this test requires SELinux relabeling support" fi } From 9f5b636990d9a1fb0fc43cedcd96412c515fb679 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 26 Aug 2021 12:47:00 -0400 Subject: [PATCH 2/4] tests/basic: Skip --no-xattrs if we have selinux It cannot work to use `--no-xattrs` when SELinux is enabled because we get a `security.selinux` attribute on created files regardless. So just skip this test if true. Also add some `ostree fsck`s in here which helped me debug this. --- tests/basic-test.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/basic-test.sh b/tests/basic-test.sh index 935544d9..b694f370 100644 --- a/tests/basic-test.sh +++ b/tests/basic-test.sh @@ -455,11 +455,18 @@ $OSTREE commit ${COMMIT_ARGS} --skip-if-unchanged -b trees/test2 -s 'should not $OSTREE ls -R -C test2 new_rev=$($OSTREE rev-parse test2) assert_streq "${old_rev}" "${new_rev}" +$OSTREE fsck echo "ok commit --skip-if-unchanged" cd ${test_tmpdir}/checkout-test2-4 +# Unfortunately later tests depend on this right now, so commit anyways $OSTREE commit ${COMMIT_ARGS} -b test2 -s "no xattrs" --no-xattrs -echo "ok commit with no xattrs" +if have_selinux_relabel; then + echo "ok # SKIP we get an injected security.selinux xattr regardless, so we can't do this" +else + $OSTREE fsck + echo "ok commit with no xattrs" +fi mkdir tree-A tree-B touch tree-A/file-a tree-B/file-b From aa0bb176c5847b3bc7096904c6b0e978d119c2fa Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Mon, 30 Aug 2021 14:11:43 +0000 Subject: [PATCH 3/4] tests/basic: avoid changing ownership This avoids possible issues when trying to chmod, tweaking permissions instead. --- tests/basic-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic-test.sh b/tests/basic-test.sh index b694f370..29ca6109 100644 --- a/tests/basic-test.sh +++ b/tests/basic-test.sh @@ -435,7 +435,7 @@ echo "ok user checkout" $OSTREE commit ${COMMIT_ARGS} -b test2 -s "Another commit" --tree=ref=test2 echo "ok commit from ref" -$OSTREE commit ${COMMIT_ARGS} -b test2 -s "Another commit with modifier" --tree=ref=test2 --owner-uid=0 +$OSTREE commit ${COMMIT_ARGS} -b test2 -s "Another commit with modifier" --tree=ref=test2 --mode-ro-executables echo "ok commit from ref with modifier" $OSTREE commit ${COMMIT_ARGS} -b trees/test2 -s 'ref with / in it' --tree=ref=test2 From fff24089ddc5893140b9a73fd8ea260df07172fe Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Mon, 30 Aug 2021 15:55:16 +0000 Subject: [PATCH 4/4] tests: skip a broken fsck case There are some existing issues around fsck in unprivileged bare mode, so this test does not really work at the moment. Leaving it as a FIXME for the moment. --- tests/basic-test.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/basic-test.sh b/tests/basic-test.sh index 29ca6109..850a7605 100644 --- a/tests/basic-test.sh +++ b/tests/basic-test.sh @@ -793,7 +793,10 @@ rm files -rf && mkdir files mkdir files/worldwritable-dir chmod a+w files/worldwritable-dir $OSTREE commit ${COMMIT_ARGS} -b content-with-dir-world-writable --tree=dir=files -$OSTREE fsck +# FIXME(lucab): this seems to fail in unprivileged bare mode. +if ! have_selinux_relabel; then + $OSTREE fsck +fi rm dir-co -rf $OSTREE checkout -U -H -M content-with-dir-world-writable dir-co if is_bare_user_only_repo repo; then