diff options
author | Simon McVittie <smcv@collabora.com> | 2019-04-17 14:13:42 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2019-04-17 14:13:42 +0100 |
commit | 812678e595592e33e444fb9c92dfbe645fd83980 (patch) | |
tree | 1d2499f670da18e29cdbaa8949765c585267368c | |
parent | df9cb47c3aa28a385bd6254b80f1e55c66321071 (diff) | |
download | dbus-812678e595592e33e444fb9c92dfbe645fd83980.tar.gz |
test-dbus-daemon: Say why we don't check the value of LinuxSecurityLabel
Suggested on !105 by Matthijs van Duin.
Signed-off-by: Simon McVittie <smcv@collabora.com>
-rw-r--r-- | test/dbus-daemon.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c index e4e11f16..e29ae454 100644 --- a/test/dbus-daemon.c +++ b/test/dbus-daemon.c @@ -516,6 +516,19 @@ test_creds (Fixture *f, g_test_message ("%s of this process is %s", name, label); g_assert_cmpuint (strlen (label) + 1, ==, len); seen |= SEEN_LINUX_SECURITY_LABEL; + + /* + * At this point we would like to do something like: + * + * g_assert_cmpstr (label, ==, real_security_label); + * + * but there is no LSM-agnostic way to find out our real security + * label in a way that matches SO_PEERSEC. The closest thing + * available is reading /proc/self/attr/current, but that is only + * equal to SO_PEERSEC after applying LSM-specific + * canonicalization (for example for AppArmor you have to remove + * a trailing newline from /proc/self/attr/current). + */ #else g_assert_not_reached (); #endif |