From 6ba1a092489ff7dbef0919417789e4ec4a6798a4 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 10 May 2021 10:33:02 +0200
Subject: [PATCH 053/108] securityselinuxhelper: Fix retval of setcon_raw() and
security_disable()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The securityselinuxhelper is a mock that's replacing libselinux
APIs with our own implementation to achieve deterministic
results. Our implementation uses env vars (among other things) to
hold internal state. For instance, "FAKE_SELINUX_CONTEXT" and
"FAKE_SELINUX_DISABLED" variables are used. However, as we were
switching from setenv() to g_setenv() we also changed the set of
possible retvals from setcon_raw() and security_disable().
Previously, the retval of setenv() was used directly which
returns 0 on success and -1 on error. But g_setenv() has
different retval semantics: it returns 1 on success and 0 on
error.
This discrepancy can be observed by running viridentitytest where
case #2 reports an error ("!") - because setcon_raw() returns 1.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 4ce11062779cee3eaec0b75d862e3d7341ec3511)
---
tests/securityselinuxhelper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index 63b57261da..e2c1dc9e0a 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -145,7 +145,7 @@ int setcon_raw(const char *context)
errno = EINVAL;
return -1;
}
- return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE);
+ return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1;
}
int setcon(const char *context)
@@ -224,7 +224,7 @@ int security_disable(void)
return -1;
}
- return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE);
+ return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
}
int security_getenforce(void)
--
2.33.0