bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] id should not show selinux context when user is specified

From: Jim Meyering
Subject: Re: [PATCH] id should not show selinux context when user is specified
Date: Wed, 23 Apr 2008 15:12:48 +0200 
Ondřej Vašík <address@hidden> wrote:
> Jim Meyering wrote:
>> Actually, I think this tiny change is enough:
>>
>> -  if (selinux_enabled)
>> +  if (selinux_enabled && argc == optind)
>>
>> ...assuming you update the comment above that.
>>
>> Also, for fixes like this, a new test case is required.
>> Do you feel like writing that?
>
> Ok, thanks for objections and suggestions, corrected patch
> is attached.

Thank you!

I've made minor changes:
- remove trailing blanks
- your patch modified a now-unused (on trunk) file: tests/misc/Makefile.am
  I'd forgotten to remove it in the recent test-revamp patch.
  Thanks to you, I've just spotted the problem and have removed it.
- your NEWS entry was in the 6.11 section (BTW, running the very latest
  version of "make syntax-check" would have caught that)
- id-context could misbehave if run by a user with a nameless user-ID
- id-context doesn't need lang-default, since the output
  we're checking ("context=") is not internationalized.

So here's the adjusted patch, plus the one to remove
tests/misc/Makefile.am from version-control.

>From 6ee04b0724b77db9d2c5e46ad840809f2a12479f Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <address@hidden>
Date: Wed, 23 Apr 2008 12:38:54 +0200
Subject: [PATCH] id: do not print SELinux context when invoked with a USERNAME 
argument
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

* NEWS: Mention new behaviour.
* src/id.c (main): Do not print SELinux context when user is specified.
* tests/Makefile.am: Add the new test.
* tests/misc/id-context: New file.  Test for the fix.
Problem reported by Ronny Buchmann in http://bugzilla.redhat.com/443485.

Signed-off-by: Ondřej Vašík <address@hidden>
Signed-off-by: Jim Meyering <address@hidden>
---
 NEWS                  |    3 +++
 src/id.c              |   10 +++++-----
 tests/Makefile.am     |    1 +
 tests/misc/id-context |   37 +++++++++++++++++++++++++++++++++++++
 4 files changed, 46 insertions(+), 5 deletions(-)
 create mode 100755 tests/misc/id-context

diff --git a/NEWS b/NEWS
index 47f5157..4490718 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ GNU coreutils NEWS                                    -*- 
outline -*-

 ** Bug fixes

+  id with no options now prints the SELinux context only when invoked
+  with no USERNAME argument.
+
   id and groups once again print the AFS-specific nameless group-ID (PAG).
   Printing of such large-numbered, kernel-only (not in /etc/group) group-IDs
   was suppressed in 6.11 due to ignorance that they are useful.
diff --git a/src/id.c b/src/id.c
index e4eda40..92c39fe 100644
--- a/src/id.c
+++ b/src/id.c
@@ -179,11 +179,11 @@ main (int argc, char **argv)
 cannot display context when selinux not enabled or when displaying the id\n\
 of a different user"));

-  /* If we are on a selinux-enabled kernel, get our context.
-     Otherwise, leave the context variable alone - it has
-     been initialized known invalid value; if we see this invalid
-     value later, we will know we are on a non-selinux kernel.  */
-  if (selinux_enabled)
+  /* If we are on a selinux-enabled kernel and no user is specified,
+     get our context. Otherwise, leave the context variable alone -
+     it has been initialized known invalid value and will be not
+     displayed in print_full_info() */
+  if (selinux_enabled && argc == optind)
     {
       if (getcon (&context) && just_context)
         error (EXIT_FAILURE, 0, _("can't get process context"));
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b8fdc57..7dfafac 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -163,6 +163,7 @@ TESTS =                                             \
   misc/groups-version                          \
   misc/head-c                                  \
   misc/head-pos                                        \
+  misc/id-context                              \
   misc/md5sum                                  \
   misc/md5sum-newline                          \
   misc/mknod                                   \
diff --git a/tests/misc/id-context b/tests/misc/id-context
new file mode 100755
index 0000000..ae9c004
--- /dev/null
+++ b/tests/misc/id-context
@@ -0,0 +1,37 @@
+#!/bin/sh
+# Ensure that "id" outputs SELinux context only without specified user
+# Copyright (C) 2008 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+if test "$VERBOSE" = yes; then
+  set -x
+  id --version
+fi
+
+. $top_srcdir/tests/test-lib.sh
+# Require selinux - when selinux is disabled, id never prints scontext.
+require_selinux_
+
+fail=0
+
+# Check without specified user, context string should be present.
+id | grep context= >/dev/null || fail=1
+
+# Check with specified user, no context string should be present.
+# But if the current user is nameless, skip this part.
+test id -nu > /dev/null \
+  && id $(id -nu) | grep context= >/dev/null && fail=1
+
+(exit $fail); exit $fail
--
1.5.5.1.68.gbdcd8


>From 57b398b0b35031491944f8770ddec3af5572f628 Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Wed, 23 Apr 2008 14:49:20 +0200
Subject: [PATCH] tests: remove now-unused Makefile.am

* tests/misc/Makefile.am: Remove file.

Signed-off-by: Jim Meyering <address@hidden>
---
 tests/misc/Makefile.am |  118 ------------------------------------------------
 1 files changed, 0 insertions(+), 118 deletions(-)
 delete mode 100644 tests/misc/Makefile.am

diff --git a/tests/misc/Makefile.am b/tests/misc/Makefile.am
deleted file mode 100644
index 3e491be..0000000
--- a/tests/misc/Makefile.am
+++ /dev/null
@@ -1,118 +0,0 @@
-# Make miscellaneous coreutils tests.                  -*-Makefile-*-
-
-# Copyright (C) 2001-2008 Free Software Foundation, Inc.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-EXTRA_DIST = $(TESTS)
-
-# Do not choose a name that is a shell keyword like 'if', or a
-# commonly-used utility like 'cat' or 'test', as the name of a test.
-# Otherwise, VPATH builds will fail on hosts like Solaris, since they
-# will expand 'if test ...' to 'if .../test ...', and the '.../test'
-# will execute the test script rather than the standard utility.
-
-# Ordering:
-# help-version comes early because it's a basic sanity test.
-# Put seq early, since lots of other tests use it.
-# Put head-elide-tail early, because it's long-running.
-
-TESTS = \
-  help-version \
-  seq \
-  head-elide-tail \
-  ls-time \
-  ls-misc \
-  date \
-  ptx-overrun \
-  xstrtol \
-  od \
-  mktemp \
-  arch \
-  pr \
-  df-P \
-  pwd-unreadable-parent \
-  chcon \
-  chcon-fail \
-  selinux \
-  cut \
-  wc-files0-from \
-  wc-files0 \
-  cat-proc \
-  base64 \
-  basename \
-  close-stdout \
-  csplit \
-  date-sec \
-  dircolors \
-  df \
-  dirname \
-  expand \
-  expr \
-  factor \
-  false-status \
-  fmt \
-  fmt-long-line \
-  fold \
-  groups-dash \
-  groups-version \
-  head-c \
-  head-pos \
-  md5sum \
-  md5sum-newline \
-  mknod \
-  nice \
-  nl \
-  nohup \
-  od-N \
-  od-x8 \
-  paste \
-  pathchk1 \
-  printf \
-  printf-hex \
-  printf-surprise \
-  pwd-long \
-  readlink-fp-loop \
-  runcon-no-reorder \
-  sha1sum \
-  sha1sum-vec \
-  sha224sum \
-  sha256sum \
-  sha384sum \
-  sha512sum \
-  shred-exact \
-  shred-remove \
-  shuf \
-  sort-compress \
-  sort-merge \
-  sort-rand \
-  split-a \
-  split-fail \
-  split-l \
-  stat-fmt \
-  stat-printf \
-  stty \
-  stty-invalid \
-  stty-row-col \
-  sum \
-  sum-sysv \
-  tac-continue \
-  tee \
-  tee-dash \
-  test-diag \
-  tsort \
-  tty-eof \
-  unexpand
-
-include $(top_srcdir)/tests/check.mk
--
1.5.5.1.68.gbdcd8
reply via email to
[Prev in Thread] Current Thread [Next in Thread]