mknod: implement selinux support

+ improve the option management a bit
2025-07-28 11:37:44 +00:00 · 2025-04-21 23:43:29 +02:00 · 2025-04-21 23:43:29 +02:00 · aebada4cd4
commit aebada4cd4
parent a4230410c8
4 changed files with 167 additions and 20 deletions
--- a/tests/by-util/test_mknod.rs
+++ b/tests/by-util/test_mknod.rs
@ -2,6 +2,9 @@
 //
 // For the full copyright and license information, please view the LICENSE
 // file that was distributed with this source code.
+
+// spell-checker:ignore getfattr nconfined
+
 use uutests::new_ucmd;
 use uutests::util::TestScenario;
 use uutests::util_name;
@ -121,3 +124,77 @@ fn test_mknod_invalid_mode() {
        .code_is(1)
        .stderr_contains("invalid mode");
 }
+
+#[test]
+#[cfg(feature = "feat_selinux")]
+fn test_mknod_selinux() {
+    use std::process::Command;
+    let ts = TestScenario::new(util_name!());
+    let at = &ts.fixtures;
+    let dest = "test_file";
+    let args = [
+        "-Z",
+        "--context",
+        "--context=unconfined_u:object_r:user_tmp_t:s0",
+    ];
+    for arg in args {
+        ts.ucmd()
+            .arg(arg)
+            .arg("-m")
+            .arg("a=r")
+            .arg(dest)
+            .arg("p")
+            .succeeds();
+        assert!(ts.fixtures.is_fifo("test_file"));
+        assert!(ts.fixtures.metadata("test_file").permissions().readonly());
+
+        let getfattr_output = Command::new("getfattr")
+            .arg(at.plus_as_string(dest))
+            .arg("-n")
+            .arg("security.selinux")
+            .output()
+            .expect("Failed to run `getfattr` on the destination file");
+        println!("{:?}", getfattr_output);
+        assert!(
+            getfattr_output.status.success(),
+            "getfattr did not run successfully: {}",
+            String::from_utf8_lossy(&getfattr_output.stderr)
+        );
+
+        let stdout = String::from_utf8_lossy(&getfattr_output.stdout);
+        assert!(
+            stdout.contains("unconfined_u"),
+            "Expected '{}' not found in getfattr output:\n{}",
+            "foo",
+            stdout
+        );
+        at.remove(&at.plus_as_string(dest));
+    }
+}
+
+#[test]
+#[cfg(feature = "feat_selinux")]
+fn test_mknod_selinux_invalid() {
+    let scene = TestScenario::new(util_name!());
+    let at = &scene.fixtures;
+    let dest = "orig";
+
+    let args = [
+        "--context=a",
+        "--context=unconfined_u:object_r:user_tmp_t:s0:a",
+        "--context=nconfined_u:object_r:user_tmp_t:s0",
+    ];
+    for arg in args {
+        new_ucmd!()
+            .arg(arg)
+            .arg("-m")
+            .arg("a=r")
+            .arg(dest)
+            .arg("p")
+            .fails()
+            .stderr_contains("Failed to");
+        if at.file_exists(dest) {
+            at.remove(dest);
+        }
+    }
+}