Merge pull request #7831 from sylvestre/selinux-mkfifo

mkfifo: implement selinux support

tests/by-util/test_cp.rs

@@ -3,7 +3,7 @@
 // For the full copyright and license information, please view the LICENSE
 // file that was distributed with this source code.
 // spell-checker:ignore (flags) reflink (fs) tmpfs (linux) rlimit Rlim NOFILE clob btrfs neve ROOTDIR USERDIR procfs outfile uufs xattrs
-// spell-checker:ignore bdfl hlsl IRWXO IRWXG getfattr
+// spell-checker:ignore bdfl hlsl IRWXO IRWXG
 use uutests::at_and_ucmd;
 use uutests::new_ucmd;
 use uutests::path_concat;

tests/by-util/test_mkdir.rs

@@ -3,7 +3,7 @@
 // For the full copyright and license information, please view the LICENSE
 // file that was distributed with this source code.
 
-// spell-checker:ignore bindgen getfattr testtest
+// spell-checker:ignore bindgen testtest
 
 #![allow(clippy::cast_sign_loss, clippy::cast_possible_truncation)]
 

tests/by-util/test_mkfifo.rs

@@ -2,6 +2,9 @@
 //
 // For the full copyright and license information, please view the LICENSE
 // file that was distributed with this source code.
+
+// spell-checker:ignore nconfined
+
 use uutests::new_ucmd;
 use uutests::util::TestScenario;
 use uutests::util_name;
@@ -101,3 +104,65 @@ fn test_create_fifo_with_umask() {
     test_fifo_creation(0o022, "prw-r--r--"); // spell-checker:disable-line
     test_fifo_creation(0o777, "p---------"); // spell-checker:disable-line
 }
+
+#[test]
+#[cfg(feature = "feat_selinux")]
+fn test_mkfifo_selinux() {
+    use std::process::Command;
+    let ts = TestScenario::new(util_name!());
+    let at = &ts.fixtures;
+    let dest = "test_file";
+    let args = [
+        "-Z",
+        "--context",
+        "--context=unconfined_u:object_r:user_tmp_t:s0",
+    ];
+    for arg in args {
+        ts.ucmd().arg(arg).arg(dest).succeeds();
+        assert!(at.is_fifo("test_file"));
+
+        let getfattr_output = Command::new("getfattr")
+            .arg(at.plus_as_string(dest))
+            .arg("-n")
+            .arg("security.selinux")
+            .output()
+            .expect("Failed to run `getfattr` on the destination file");
+        println!("{:?}", getfattr_output);
+        assert!(
+            getfattr_output.status.success(),
+            "getfattr did not run successfully: {}",
+            String::from_utf8_lossy(&getfattr_output.stderr)
+        );
+
+        let stdout = String::from_utf8_lossy(&getfattr_output.stdout);
+        assert!(
+            stdout.contains("unconfined_u"),
+            "Expected 'foo' not found in getfattr output:\n{stdout}"
+        );
+        at.remove(&at.plus_as_string(dest));
+    }
+}
+
+#[test]
+#[cfg(feature = "feat_selinux")]
+fn test_mkfifo_selinux_invalid() {
+    let scene = TestScenario::new(util_name!());
+    let at = &scene.fixtures;
+    let dest = "orig";
+
+    let args = [
+        "--context=a",
+        "--context=unconfined_u:object_r:user_tmp_t:s0:a",
+        "--context=nconfined_u:object_r:user_tmp_t:s0",
+    ];
+    for arg in args {
+        new_ucmd!()
+            .arg(arg)
+            .arg(dest)
+            .fails()
+            .stderr_contains("Failed to");
+        if at.file_exists(dest) {
+            at.remove(dest);
+        }
+    }
+}

tests/by-util/test_mknod.rs

@@ -3,7 +3,7 @@
 // For the full copyright and license information, please view the LICENSE
 // file that was distributed with this source code.
 
-// spell-checker:ignore getfattr nconfined
+// spell-checker:ignore nconfined
 
 use uutests::new_ucmd;
 use uutests::util::TestScenario;