31 lines
985 B
Bash
Executable File
31 lines
985 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Test commit --selinux-policy
|
|
|
|
set -xeuo pipefail
|
|
|
|
dn=$(dirname $0)
|
|
. ${dn}/libinsttest.sh
|
|
|
|
cd /ostree/repo/tmp
|
|
rm co -rf
|
|
ostree checkout -H ${host_refspec} co
|
|
testbin=co/usr/bin/foo-a-generic-binary
|
|
assert_not_has_file "${testbin}"
|
|
# Make a test binary that we label as shell_exec_t on disk, but should be
|
|
# reset by --selinux-policy back to bin_t
|
|
echo 'test foo' > ${testbin}
|
|
chcon --reference co/usr/bin/true ${testbin}
|
|
oldcon=$(getfattr --only-values -m security.selinux ${testbin})
|
|
chcon --reference co/usr/bin/bash ${testbin}
|
|
newcon=$(getfattr --only-values -m security.selinux ${testbin})
|
|
assert_not_streq "${oldcon}" "${newcon}"
|
|
ostree --repo=/ostree/repo commit -b testbranch --link-checkout-speedup \
|
|
--selinux-policy co --tree=dir=co
|
|
ostree --repo=/ostree/repo ls -X testbranch /usr/bin/foo-a-generic-binary > ls.txt
|
|
assert_file_has_content ls.txt ${oldcon}
|
|
ostree --repo=/ostree/repo fsck
|
|
|
|
ostree --repo=/ostree/repo refs --delete testbranch
|
|
rm co -rf
|