test-dbus-daemon: Say why we don't check the value of LinuxSecurityLabel

Suggested on !105 by Matthijs van Duin. Signed-off-by: Simon McVittie <smcv@collabora.com>
author: Simon McVittie <smcv@collabora.com> 2019-04-17 14:13:42 +0100
committer: Simon McVittie <smcv@collabora.com> 2019-04-17 14:13:42 +0100
commit: 812678e595592e33e444fb9c92dfbe645fd83980 (patch)
tree: 1d2499f670da18e29cdbaa8949765c585267368c
parent: df9cb47c3aa28a385bd6254b80f1e55c66321071 (diff)
download: dbus-812678e595592e33e444fb9c92dfbe645fd83980.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c
index e4e11f16..e29ae454 100644
--- a/test/dbus-daemon.c
+++ b/test/dbus-daemon.c
@@ -516,6 +516,19 @@ test_creds (Fixture *f,
           g_test_message ("%s of this process is %s", name, label);
           g_assert_cmpuint (strlen (label) + 1, ==, len);
           seen |= SEEN_LINUX_SECURITY_LABEL;
+
+          /*
+           * At this point we would like to do something like:
+           *
+           * g_assert_cmpstr (label, ==, real_security_label);
+           *
+           * but there is no LSM-agnostic way to find out our real security
+           * label in a way that matches SO_PEERSEC. The closest thing
+           * available is reading /proc/self/attr/current, but that is only
+           * equal to SO_PEERSEC after applying LSM-specific
+           * canonicalization (for example for AppArmor you have to remove
+           * a trailing newline from /proc/self/attr/current).
+           */
 #else
           g_assert_not_reached ();
 #endif
author	Simon McVittie <smcv@collabora.com>	2019-04-17 14:13:42 +0100
committer	Simon McVittie <smcv@collabora.com>	2019-04-17 14:13:42 +0100
commit	812678e595592e33e444fb9c92dfbe645fd83980 (patch)
tree	1d2499f670da18e29cdbaa8949765c585267368c
parent	df9cb47c3aa28a385bd6254b80f1e55c66321071 (diff)
download	dbus-812678e595592e33e444fb9c92dfbe645fd83980.tar.gz