2 # Ensure that cp -a and cp --preserve=context work properly.
3 # In particular, test on a writable NFS partition.
4 # Check also locally if --preserve=context, -a and --preserve=all
7 # Copyright (C) 2007-2011 Free Software Foundation, Inc.
9 # This program is free software: you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation, either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 .
"${srcdir=.}/init.sh"; path_prepend_ ..
/src
28 cleanup_
() { cd /; umount
"$cwd/mnt"; }
30 # This context is special: it works even when mcstransd isn't running.
31 ctx
=root
:object_r
:tmp_t
:s0
33 # Check basic functionality - before check on fixed context mount
34 touch c || framework_failure_
35 chcon
$ctx c || framework_failure_
36 cp -a c d
2>err || framework_failure_
37 cp --preserve=context c e || framework_failure_
38 cp --preserve=all c f || framework_failure_
39 ls -Z d |
grep $ctx || fail
=1
40 test -s err
&& fail
=1 #there must be no stderr output for -a
41 ls -Z e |
grep $ctx || fail
=1
42 ls -Z f |
grep $ctx || fail
=1
45 # Create a file system, then mount it with the context=... option.
46 dd if=/dev
/zero of
=blob bs
=8192 count
=200 || skip
=1
48 mkfs
-t ext2
-F blob ||
49 skip_
"failed to create an ext2 file system"
51 mount
-oloop,context
=$ctx blob mnt || skip
=1
53 && skip_
"insufficient mount/ext2 support"
55 cd mnt || framework_failure_
57 echo > f || framework_failure_
59 echo > g || framework_failure_
60 # /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp
61 # succeed (giving no diagnostics), yet leaving the destination file empty.
62 cp -a f g
2>err || fail
=1
63 test -s g || fail
=1 # The destination file must not be empty.
64 test -s err
&& fail
=1 # There must be no stderr output.
66 # =====================================================
67 # Here, we expect cp to succeed and not warn with "Operation not supported"
70 cp --preserve=all f g
2>err || fail
=1
72 grep "Operation not supported" err
&& fail
=1
74 # =====================================================
75 # The same as above except destination does not exist
77 cp --preserve=all f g
2>err || fail
=1
79 grep "Operation not supported" err
&& fail
=1
81 # An alternative to the following approach would be to run in a confined
82 # domain (maybe creating/loading it) that lacks the required permissions
84 # Note: this test could also be run by a regular (non-root) user in an
85 # NFS mounted directory. When doing that, I get this diagnostic:
86 # cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \
87 # Operation not supported
88 cat <<\EOF
> exp || framework_failure_
89 cp: failed to
set the security context of
94 # =====================================================
95 # Here, we expect cp to fail, because it cannot set the SELinux
96 # security context through NFS or a mount with fixed context.
97 cp --preserve=context f g
2> out
&& fail
=1
98 # Here, we *do* expect the destination to be empty.
100 sed "s/ .g' to .*//" out
> k
102 compare exp out || fail
=1
106 # Check if -a option doesn't silence --preserve=context option diagnostics
107 cp -a --preserve=context f g
2> out2
&& fail
=1
108 # Here, we *do* expect the destination to be empty.
110 sed "s/ .g' to .*//" out2
> k
112 compare exp out2 || fail
=1