[yocto] [meta-selinux][PATCH] attr: fix ptest failures when selinux enabled
Kang Kai
Kai.Kang at windriver.com
Mon Sep 11 22:55:42 PDT 2017
On 2017年09月05日 16:54, kai.kang at windriver.com wrote:
> From: Kai Kang <kai.kang at windriver.com>
>
> When selinux is enabled, a file has a default attribute
> "security.selinux" and the output of getfattr shows:
>
> # file: here
> security.selinux="system_u:object_r:lib_t:s0"
>
> That always causes more output of command getfattr than expected.
Ping.
--Kai
>
> Filter out selinux related attribute info, and if the file has only
> selinux attribute info, remove its whole output.
>
> Signed-off-by: Kai Kang <kai.kang at windriver.com>
> ---
> .../fix-ptest-failures-when-selinux-enabled.patch | 41 ++++++++++++++++++++++
> recipes-support/attr/attr_%.bbappend | 5 +++
> 2 files changed, 46 insertions(+)
> create mode 100644 recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
> create mode 100644 recipes-support/attr/attr_%.bbappend
>
> diff --git a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
> new file mode 100644
> index 0000000..e1eefa7
> --- /dev/null
> +++ b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
> @@ -0,0 +1,41 @@
> +Upstream-Status: Pending
> +
> +When enable selinux, file has a default attribute:
> +
> +# file: here
> +security.selinux="system_u:object_r:lib_t:s0"
> +
> +That cause there is always more output than expected.
> +
> +Filter out selinux related attribute info to make ptest pass.
> +
> +Signed-off-by: Kai Kang <kai.kang at windriver.com>
> +---
> +diff --git a/test/run b/test/run
> +index cf15252..945741e 100755
> +--- a/test/run
> ++++ b/test/run
> +@@ -132,6 +132,23 @@ sub process_test($$$$) {
> + print "[$prog_line] \$ ", join(' ',
> + map { s/\s/\\$&/g; $_ } @$p), " -- ";
> + my $result = exec_test($prog, $in);
> ++
> ++ # filter selinux related attributes info
> ++ my @strip1;
> ++ my @strip2;
> ++ foreach (@$result) {
> ++ unless (/security.selinux=.*\n/) {
> ++ push @strip1, $_;
> ++ }
> ++ }
> ++ for (my $i = 0; $i <= $#strip1; $i++) {
> ++ if ($strip1[$i] =~ /^# file:.*/ && $strip1[$i+1] =~ /^\n$/) {
> ++ $i++;
> ++ } else {
> ++ push @strip2, $strip1[$i];
> ++ }
> ++ }
> ++ $result = \@strip2;
> + my @good = ();
> + my $nmax = (@$out > @$result) ? @$out : @$result;
> + for (my $n=0; $n < $nmax; $n++) {
> diff --git a/recipes-support/attr/attr_%.bbappend b/recipes-support/attr/attr_%.bbappend
> new file mode 100644
> index 0000000..6be8191
> --- /dev/null
> +++ b/recipes-support/attr/attr_%.bbappend
> @@ -0,0 +1,5 @@
> +inherit selinux
> +
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
> +
> +SRC_URI += "${@target_selinux(d, 'file://fix-ptest-failures-when-selinux-enabled.patch')}"
--
Regards,
Neil | Kai Kang
More information about the yocto
mailing list