[PATCH] xfstests: fix selinux context handling

[PATCH] xfstests: fix selinux context handling

[Josef Bacik]

With the new config stuff we lost the selinux options being set for systems with
selinux turned on.  We want the selinux context set all the time, wether we
provide a MOUNT_OPTIONS value or not, so take this logic out of _mount_opts()
and just put it in the body of common/config

Signed-off-by: Josef Bacik <jbacik@fb.com>
---
 common/config | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/common/config b/common/config
index e8bcf48..a2f55cf 100644
--- a/common/config
+++ b/common/config
@@ -217,16 +217,16 @@ case "$HOSTOS" in
         ;;
 esac
 
+# SELinux adds extra xattrs which can mess up our expected output.
+# So, mount with a context, and they won't be created
+# # nfs_t is a "liberal" context so we can use it.
+if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
+	SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
+	export SELINUX_MOUNT_OPTIONS
+fi
+
 _mount_opts()
 {
-	# SELinux adds extra xattrs which can mess up our expected output.
-	# So, mount with a context, and they won't be created
-	# # nfs_t is a "liberal" context so we can use it.
-	if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
-		SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
-		export SELINUX_MOUNT_OPTIONS
-	fi
-
 	case $FSTYP in
 	xfs)
 		export MOUNT_OPTIONS=$XFS_MOUNT_OPTIONS
-- 
1.8.3.1

Re: [PATCH] xfstests: fix selinux context handling

[Eric Sandeen]

On 5/9/14, 3:40 PM, Josef Bacik wrote:
> With the new config stuff we lost the selinux options being set for systems with
> selinux turned on.  We want the selinux context set all the time, wether we
> provide a MOUNT_OPTIONS value or not, so take this logic out of _mount_opts()
> and just put it in the body of common/config
> 
> Signed-off-by: Josef Bacik <jbacik@fb.com>

This makes sense to me... untested, TBH, but I assume you did, so:

Reviewed-by: Eric Sandeen <sandeen@redhat.com>

At some point it'd probably make sense to figure out which tests actually
need this, and put it in a _use_selinux_context() or something, so that
other tests still exercise under a normal selinux environment...

-Eric

> ---
>  common/config | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/common/config b/common/config
> index e8bcf48..a2f55cf 100644
> --- a/common/config
> +++ b/common/config
> @@ -217,16 +217,16 @@ case "$HOSTOS" in
>          ;;
>  esac
>  
> +# SELinux adds extra xattrs which can mess up our expected output.
> +# So, mount with a context, and they won't be created
> +# # nfs_t is a "liberal" context so we can use it.
> +if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
> +	SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
> +	export SELINUX_MOUNT_OPTIONS
> +fi
> +
>  _mount_opts()
>  {
> -	# SELinux adds extra xattrs which can mess up our expected output.
> -	# So, mount with a context, and they won't be created
> -	# # nfs_t is a "liberal" context so we can use it.
> -	if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
> -		SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
> -		export SELINUX_MOUNT_OPTIONS
> -	fi
> -
>  	case $FSTYP in
>  	xfs)
>  		export MOUNT_OPTIONS=$XFS_MOUNT_OPTIONS
>