From 6ba1a092489ff7dbef0919417789e4ec4a6798a4 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Mon, 10 May 2021 10:33:02 +0200 Subject: [PATCH 053/108] securityselinuxhelper: Fix retval of setcon_raw() and security_disable() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The securityselinuxhelper is a mock that's replacing libselinux APIs with our own implementation to achieve deterministic results. Our implementation uses env vars (among other things) to hold internal state. For instance, "FAKE_SELINUX_CONTEXT" and "FAKE_SELINUX_DISABLED" variables are used. However, as we were switching from setenv() to g_setenv() we also changed the set of possible retvals from setcon_raw() and security_disable(). Previously, the retval of setenv() was used directly which returns 0 on success and -1 on error. But g_setenv() has different retval semantics: it returns 1 on success and 0 on error. This discrepancy can be observed by running viridentitytest where case #2 reports an error ("!") - because setcon_raw() returns 1. Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko (cherry picked from commit 4ce11062779cee3eaec0b75d862e3d7341ec3511) --- tests/securityselinuxhelper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c index 63b57261da..e2c1dc9e0a 100644 --- a/tests/securityselinuxhelper.c +++ b/tests/securityselinuxhelper.c @@ -145,7 +145,7 @@ int setcon_raw(const char *context) errno = EINVAL; return -1; } - return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE); + return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1; } int setcon(const char *context) @@ -224,7 +224,7 @@ int security_disable(void) return -1; } - return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE); + return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1; } int security_getenforce(void) -- 2.33.0