[yocto] [meta-selinux][PATCH] attr: fix ptest failures when selinux enabled

Mon Sep 11 22:55:42 PDT 2017

On 2017年09月05日 16:54, kai.kang at windriver.com wrote:
> From: Kai Kang <kai.kang at windriver.com>
>
> When selinux is enabled, a file has a default attribute
> "security.selinux" and the output of getfattr shows:
>
>    # file: here
>    security.selinux="system_u:object_r:lib_t:s0"
>
> That always causes more output of command getfattr than expected.

Ping.

--Kai

>
> Filter out selinux related attribute info, and if the file has only
> selinux attribute info, remove its whole output.
>
> Signed-off-by: Kai Kang <kai.kang at windriver.com>
> ---
>   .../fix-ptest-failures-when-selinux-enabled.patch  | 41 ++++++++++++++++++++++
>   recipes-support/attr/attr_%.bbappend               |  5 +++
>   2 files changed, 46 insertions(+)
>   create mode 100644 recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
>   create mode 100644 recipes-support/attr/attr_%.bbappend
>
> diff --git a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
> new file mode 100644
> index 0000000..e1eefa7
> --- /dev/null
> +++ b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
> @@ -0,0 +1,41 @@
> +Upstream-Status: Pending
> +
> +When enable selinux, file has a default attribute:
> +
> +# file: here
> +security.selinux="system_u:object_r:lib_t:s0"
> +
> +That cause there is always more output than expected.
> +
> +Filter out selinux related attribute info to make ptest pass.
> +
> +Signed-off-by: Kai Kang <kai.kang at windriver.com>
> +---
> +diff --git a/test/run b/test/run
> +index cf15252..945741e 100755
> +--- a/test/run
> ++++ b/test/run
> +@@ -132,6 +132,23 @@ sub process_test($$$$) {
> +        print "[$prog_line] \$ ", join(' ',
> +              map { s/\s/\\$&/g; $_ } @$p), " -- ";
> +        my $result = exec_test($prog, $in);
> ++
> ++       # filter selinux related attributes info
> ++       my @strip1;
> ++       my @strip2;
> ++       foreach (@$result) {
> ++           unless (/security.selinux=.*\n/) {
> ++               push @strip1, $_;
> ++           }
> ++       }
> ++       for (my $i = 0; $i <= $#strip1; $i++) {
> ++           if ($strip1[$i] =~ /^# file:.*/ && $strip1[$i+1] =~ /^\n$/) {
> ++               $i++;
> ++           } else {
> ++               push @strip2, $strip1[$i];
> ++           }
> ++       }
> ++       $result = \@strip2;
> +        my @good = ();
> +        my $nmax = (@$out > @$result) ? @$out : @$result;
> +        for (my $n=0; $n < $nmax; $n++) {
> diff --git a/recipes-support/attr/attr_%.bbappend b/recipes-support/attr/attr_%.bbappend
> new file mode 100644
> index 0000000..6be8191
> --- /dev/null
> +++ b/recipes-support/attr/attr_%.bbappend
> @@ -0,0 +1,5 @@
> +inherit selinux
> +
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
> +
> +SRC_URI += "${@target_selinux(d, 'file://fix-ptest-failures-when-selinux-enabled.patch')}"

-- 
Regards,
Neil | Kai Kang