bug#29287: tramp-test25-file-selinux fails

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#29287: tramp-test25-file-selinux fails

Glenn Morris-3
Package: emacs
Version: 26.0.90

tramp-test25-file-selinux fails on RHEL7.4 with SELinux enabled.
Reporting as requested in the comment in the source file. :)

Test tramp-test25-file-selinux backtrace:
  signal(ert-test-failed (((should-not (equal (file-selinux-context tm
  ert-fail(((should-not (equal (file-selinux-context tmp-name1) (file-
  (if (not (unwind-protect (setq value-4340 (apply fn-4338 args-4339))
  (let (form-description-4342) (if (not (unwind-protect (setq value-43
  (let ((value-4340 'ert-form-evaluation-aborted-4341)) (let (form-des
  (let* ((fn-4338 (function equal)) (args-4339 (condition-case err (le
  (progn (write-region "foo" nil tmp-name1) (let* ((fn-4318 (function
  (unwind-protect (progn (write-region "foo" nil tmp-name1) (let* ((fn
  (let ((tmp-name1 (tramp--test-make-temp-name nil quoted)) (tmp-name2
  (let (quoted) (let ((tmp-name1 (tramp--test-make-temp-name nil quote
  (closure (t) nil (let* ((fn-4308 (function tramp--test-enabled)) (ar
  ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
  ert-run-test(#s(ert-test :name tramp-test25-file-selinux :documentat
  ert-run-or-rerun-test(#s(ert--stats :selector (not (tag :expensive-t
  ert-run-tests((not (tag :expensive-test)) #f(compiled-function (even
  ert-run-tests-batch((not (tag :expensive-test)))
  ert-run-tests-batch-and-exit((not (tag :expensive-test)))
  eval((ert-run-tests-batch-and-exit '(not (tag :expensive-test))))
  command-line-1(("-L" ":." "-l" "ert" "-l" "lisp/net/tramp-tests.el"
  command-line()
  normal-top-level()
Test tramp-test25-file-selinux condition:
    (ert-test-failed
     ((should-not
       (equal
        (file-selinux-context tmp-name1)
        (file-selinux-context tmp-name2)))
      :form
      (equal
       ("unconfined_u" "object_r" "user_tmp_t" "s0")
       ("unconfined_u" "object_r" "user_tmp_t" "s0"))
      :value t :explanation nil))
   FAILED  29/41  tramp-test25-file-selinux



Reply | Threaded
Open this post in threaded view
|

bug#29287: tramp-test25-file-selinux fails

Glenn Morris-3

PS I think the flaw is in this bit:

  ;; Different permissions mean different SELINUX context.
  (set-file-modes tmp-name1 #o777)
  (set-file-modes tmp-name2 #o444)

No, they don't. File modes and SELinux context are separate.

Perhaps you could use something (file-selinux-context "/") for a value
that is guaranteed to exist and be different from a temp file.
Though I don't know if users can always set a random file's context to
root_t (it works here).



Reply | Threaded
Open this post in threaded view
|

bug#29287: tramp-test25-file-selinux fails

Glenn Morris-3

PPS Nitpick: it's "SELinux", not "SELINUX".



Reply | Threaded
Open this post in threaded view
|

bug#29287: tramp-test25-file-selinux fails

Michael Albinus
In reply to this post by Glenn Morris-3
Glenn Morris <[hidden email]> writes:

> Perhaps you could use something (file-selinux-context "/") for a value
> that is guaranteed to exist and be different from a temp file.
> Though I don't know if users can always set a random file's context to
> root_t (it works here).

I've used another approach, hoping it is generic enough.

Could you, pls, check whether my patch (committed to the emacs-26
branch) works for you?

Thanks, and best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#29287: tramp-test25-file-selinux fails

Glenn Morris-3

Works for me, thanks.