DupSecOpt needs to match InitLabels

At some point InitLabels was changed to look for SecuritOptions
separated by a ":" rather then an "=", but DupSecOpt was never
changed to match this default.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh 2016-10-12 08:39:12 -04:00
parent d186a7552b
commit 491cadac92
2 changed files with 15 additions and 11 deletions

View File

@ -33,15 +33,19 @@ func InitLabels(options []string) (string, string, error) {
pcon := selinux.NewContext(processLabel) pcon := selinux.NewContext(processLabel)
mcon := selinux.NewContext(mountLabel) mcon := selinux.NewContext(mountLabel)
for _, opt := range options { for _, opt := range options {
if opt == "disable" { val := strings.SplitN(opt, "=", 2)
if val[0] != "label" {
continue
}
if len(val) < 2 {
return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
}
if val[1] == "disable" {
return "", "", nil return "", "", nil
} }
if i := strings.Index(opt, ":"); i == -1 { con := strings.SplitN(val[1], ":", 2)
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) if len(con) < 2 || !validOptions[con[0]] {
} return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type'", con[0])
con := strings.SplitN(opt, ":", 2)
if !validOptions[con[0]] {
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0])
} }
pcon[con[0]] = con[1] pcon[con[0]] = con[1]

View File

@ -18,7 +18,7 @@ func TestInit(t *testing.T) {
t.Log("InitLabels Failed") t.Log("InitLabels Failed")
t.Fatal(err) t.Fatal(err)
} }
testDisabled := []string{"disable"} testDisabled := []string{"label=disable"}
plabel, mlabel, err = InitLabels(testDisabled) plabel, mlabel, err = InitLabels(testDisabled)
if err != nil { if err != nil {
t.Log("InitLabels Disabled Failed") t.Log("InitLabels Disabled Failed")
@ -28,7 +28,7 @@ func TestInit(t *testing.T) {
t.Log("InitLabels Disabled Failed") t.Log("InitLabels Disabled Failed")
t.FailNow() t.FailNow()
} }
testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"} testUser := []string{"label=user:user_u", "label=role:user_r", "label=type:user_t", "label=level:s0:c1,c15"}
plabel, mlabel, err = InitLabels(testUser) plabel, mlabel, err = InitLabels(testUser)
if err != nil { if err != nil {
t.Log("InitLabels User Failed") t.Log("InitLabels User Failed")
@ -40,7 +40,7 @@ func TestInit(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
testBadData := []string{"user", "role:user_r", "type:user_t", "level:s0:c1,c15"} testBadData := []string{"label=user", "label=role:user_r", "label=type:user_t", "label=level:s0:c1,c15"}
if _, _, err = InitLabels(testBadData); err == nil { if _, _, err = InitLabels(testBadData); err == nil {
t.Log("InitLabels Bad Failed") t.Log("InitLabels Bad Failed")
t.Fatal(err) t.Fatal(err)
@ -94,7 +94,7 @@ func TestRelabel(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
defer os.RemoveAll(testdir) defer os.RemoveAll(testdir)
label := "system_u:system_r:svirt_sandbox_file_t:s0:c1,c2" label := "system_u:object_r:svirt_sandbox_file_t:s0:c1,c2"
if err := Relabel(testdir, "", true); err != nil { if err := Relabel(testdir, "", true); err != nil {
t.Fatalf("Relabel with no label failed: %v", err) t.Fatalf("Relabel with no label failed: %v", err)
} }