mkdir: add the selinux support #7635

sylvestre · 2025-04-01T20:15:00Z

No description provided.

sylvestre · 2025-04-02T05:39:25Z

interesting, it passed on my system but clearly fails here:

2025-04-01T22:03:46.8875546Z 
2025-04-01T22:03:46.8875679Z FAIL: tests/mkdir/restorecon
2025-04-01T22:03:46.8876010Z ============================
2025-04-01T22:03:46.8876223Z 
2025-04-01T22:03:46.8876387Z  unconfined_u:object_r:user_tmp_t:s0 standard
2025-04-01T22:03:46.8876893Z unconfined_u:object_r:user_home_t:s0 restored
2025-04-01T22:03:46.8877356Z unconfined_u:object_r:user_tmp_t:s0 single
2025-04-01T22:03:46.8877815Z unconfined_u:object_r:user_tmp_t:s0 single_p
2025-04-01T22:03:46.8878326Z unconfined_u:object_r:user_tmp_t:s0 single_p/existing
2025-04-01T22:03:46.8878854Z unconfined_u:object_r:user_tmp_t:s0 multi
2025-04-01T22:03:46.8879322Z unconfined_u:object_r:user_tmp_t:s0 multi/ple
2025-04-01T22:03:46.8879779Z error: unexpected argument '-Z' found
2025-04-01T22:03:46.8880052Z 
2025-04-01T22:03:46.8880198Z   tip: to pass '-Z' as a value, use '-- -Z'
2025-04-01T22:03:46.8880474Z 
2025-04-01T22:03:46.8880639Z Usage: mknod [OPTION]... NAME TYPE [MAJOR MINOR]
2025-04-01T22:03:46.8880929Z 
2025-04-01T22:03:46.8881065Z For more information, try '--help'.
2025-04-01T22:03:46.8881498Z ls: warning: failed to get security context of: 'mknod_Z'
2025-04-01T22:03:46.8882049Z ls: cannot access 'mknod_Z': No such file or directory
2025-04-01T22:03:46.8882536Z mkfifo: -Z is not implemented
2025-04-01T22:03:46.8883017Z ls: warning: failed to get security context of: 'mkfifo_Z'
2025-04-01T22:03:46.8883446Z ls: cannot access 'mkfifo_Z': No such file or directory
2025-04-01T22:03:46.8883954Z FAIL tests/mkdir/restorecon.sh (exit status: 1)
2025-04-01T22:03:46.8884144Z 
2025-04-01T22:03:46.8884237Z FAIL: tests/mkdir/selinux
2025-04-01T22:03:46.8884446Z =========================
2025-04-01T22:03:46.8893529Z 
2025-04-01T22:03:46.8893886Z --- exp	2025-04-01 22:03:46.756815033 +0000
2025-04-01T22:03:46.8894328Z +++ out	2025-04-01 22:03:46.757815032 +0000
2025-04-01T22:03:46.8894951Z @@ -1 +0,0 @@
2025-04-01T22:03:46.8895468Z -mkdir: failed to set default file creation context to 'invalid-selinux-context':
2025-04-01T22:03:46.8896139Z --- exp	2025-04-01 22:03:46.767815015 +0000
2025-04-01T22:03:46.8896398Z +++ out	2025-04-01 22:03:46.769815012 +0000
2025-04-01T22:03:46.8896820Z @@ -1 +1,7 @@
2025-04-01T22:03:46.8897286Z -mknod: failed to set default file creation context to 'invalid-selinux-context':
2025-04-01T22:03:46.8897693Z +error: unexpected argument '--context' found
2025-04-01T22:03:46.8897949Z +
2025-04-01T22:03:46.8898179Z +  tip: to pass '--context' as a value, use '-- --context'
2025-04-01T22:03:46.8898464Z +
2025-04-01T22:03:46.8898658Z +Usage: mknod [OPTION]... NAME TYPE [MAJOR MINOR]
2025-04-01T22:03:46.8899093Z +
2025-04-01T22:03:46.8899281Z +For more information, try '--help'.
2025-04-01T22:03:46.8899530Z --- exp	2025-04-01 22:03:46.777814998 +0000
2025-04-01T22:03:46.8899774Z +++ out	2025-04-01 22:03:46.779814995 +0000
2025-04-01T22:03:46.8899995Z @@ -1 +1 @@
2025-04-01T22:03:46.8900465Z -mkfifo: failed to set default file creation context to 'invalid-selinux-context':
2025-04-01T22:03:46.8901182Z +mkfifo: --context is not implemented
2025-04-01T22:03:46.8901650Z FAIL tests/mkdir/selinux.sh (exit status: 1)

sylvestre · 2025-04-05T18:47:36Z

the gnu tests don't pass for now but it is expected

tests/by-util/test_mkdir.rs

src/uucore/src/lib/features/selinux.rs

src/uu/mkdir/src/mkdir.rs

cakebaker

One thing I noticed is that GNU mkdir shows a warning if a context name is provided and the kernel doesn't support selinux whereas uutils mkdir doesn't:

$ mkdir somedir --context=testtest
mkdir: warning: ignoring --context; it requires an SELinux/SMACK-enabled kernel
$ echo $?
0
$ cargo run -q --features=selinux mkdir somedir --context=testtest
$ echo $?
0

github-actions · 2025-04-08T10:39:48Z

GNU testsuite comparison:

Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

sylvestre · 2025-04-08T21:32:01Z

@cakebaker
It is feat_selinux (not sure what it is the diff with selinux)

cargo run -q --features=feat_selinux mkdir somedir --context=testtest
mkdir: failed to set SELinux security context: Failed to create security context: context_new() failed

github-actions · 2025-04-09T10:03:38Z

GNU testsuite comparison:

Skip an intermittent issue tests/misc/stdbuf (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

github-actions · 2025-04-10T11:18:09Z

GNU testsuite comparison:

Skipping an intermittent issue tests/misc/stdbuf (passes in this run but fails in the 'main' branch)

Should fix: gnu/tests/mkdir/selinux.sh tests/mkdir/restorecon.sh

sylvestre · 2025-04-11T12:00:26Z

@cakebaker i think it is now ready :)
(i have a bunch of changes on top of this ready to arrive)

tests/by-util/test_mkdir.rs

github-actions · 2025-04-12T17:19:25Z

GNU testsuite comparison:

Skipping an intermittent issue tests/misc/stdbuf (passes in this run but fails in the 'main' branch)

sylvestre force-pushed the temp-selinux-impl branch from 3a8d0d8 to 15bd763 Compare April 1, 2025 21:43

sylvestre marked this pull request as draft April 2, 2025 05:39

sylvestre requested a review from cakebaker April 5, 2025 18:47

sylvestre marked this pull request as ready for review April 5, 2025 18:47