label: stop using deprecated stuff in tests

Move 4 Linux tests that only test stuff from the selinux pkg
(TestDuplicateLabel, TestSELinuxNoLevel, TestSocketLabel, TestKeyLabel)
from label pkg to selinux, following commit 15c906f ("label: deprecate
selinux wrappers").

Remove some stub tests in label pkg (TestSocketLabel, TestKeyLabel,
TestProcessLabel, and parts of TestCheckLabelCompile) that already
have equivalents in selinux (TestSELinuxStubs).

Fix a few remaining issues in label to not use deprecated stuff
(ROMountLabel -> selinux.ROFileLabel, GenLabels -> InitLabels).

Signed-off-by: Kir Kolyshkin <[email protected]>

Author: kolyshkin

go-selinux/label/label_linux_test.go

@@ -3,7 +3,6 @@ package label
 import (
 	"errors"
 	"os"
-	"strings"
 	"testing"
 
 	"github.com/opencontainers/selinux/go-selinux"
@@ -25,9 +24,8 @@ func TestInit(t *testing.T) {
 		t.Fatalf("InitLabels failed: %v:", err)
 	}
 	testDisabled := []string{"disable"}
-	roMountLabel := ROMountLabel()
-	if roMountLabel == "" {
-		t.Fatal("ROMountLabel: empty")
+	if selinux.ROFileLabel() == "" {
+		t.Fatal("selinux.ROFileLabel: empty")
 	}
 	plabel, mlabel, err := InitLabels(testDisabled)
 	if err != nil {
@@ -55,45 +53,6 @@ func TestInit(t *testing.T) {
 	}
 }
 
-func TestDuplicateLabel(t *testing.T) {
-	secopt, err := DupSecOpt("system_u:system_r:container_t:s0:c1,c2")
-	if err != nil {
-		t.Fatalf("DupSecOpt: %v", err)
-	}
-	for _, opt := range secopt {
-		con := strings.SplitN(opt, ":", 2)
-		if con[0] == "user" {
-			if con[1] != "system_u" {
-				t.Errorf("DupSecOpt Failed user incorrect")
-			}
-			continue
-		}
-		if con[0] == "role" {
-			if con[1] != "system_r" {
-				t.Errorf("DupSecOpt Failed role incorrect")
-			}
-			continue
-		}
-		if con[0] == "type" {
-			if con[1] != "container_t" {
-				t.Errorf("DupSecOpt Failed type incorrect")
-			}
-			continue
-		}
-		if con[0] == "level" {
-			if con[1] != "s0:c1,c2" {
-				t.Errorf("DupSecOpt Failed level incorrect")
-			}
-			continue
-		}
-		t.Errorf("DupSecOpt failed: invalid field %q", con[0])
-	}
-	secopt = DisableSecOpt()
-	if secopt[0] != "disable" {
-		t.Errorf("DisableSecOpt failed: expected \"disable\", got %q", secopt[0])
-	}
-}
-
 func TestRelabel(t *testing.T) {
 	needSELinux(t)
 
@@ -157,59 +116,6 @@ func TestIsShared(t *testing.T) {
 	}
 }
 
-func TestSELinuxNoLevel(t *testing.T) {
-	needSELinux(t)
-
-	tlabel := "system_u:system_r:container_t"
-	dup, err := DupSecOpt(tlabel)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(dup) != 3 {
-		t.Errorf("DupSecOpt failed on non mls label: expected 3, got %d", len(dup))
-	}
-	con, err := selinux.NewContext(tlabel)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if con.Get() != tlabel {
-		t.Errorf("NewContaxt and con.Get() failed on non mls label: expected %q, got %q", tlabel, con.Get())
-	}
-}
-
-func TestSocketLabel(t *testing.T) {
-	needSELinux(t)
-
-	label := "system_u:object_r:container_t:s0:c1,c2"
-	if err := selinux.SetSocketLabel(label); err != nil {
-		t.Fatal(err)
-	}
-	nlabel, err := selinux.SocketLabel()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if label != nlabel {
-		t.Errorf("SocketLabel %s != %s", nlabel, label)
-	}
-}
-
-func TestKeyLabel(t *testing.T) {
-	needSELinux(t)
-
-	label := "system_u:object_r:container_t:s0:c1,c2"
-	if err := selinux.SetKeyLabel(label); err != nil {
-		t.Fatal(err)
-	}
-	nlabel, err := selinux.KeyLabel()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if label != nlabel {
-		t.Errorf("KeyLabel %s != %s", nlabel, label)
-	}
-}
-
 func TestFileLabel(t *testing.T) {
 	needSELinux(t)
 

go-selinux/label/label_stub_test.go

@@ -3,7 +3,11 @@
 
 package label
 
-import "testing"
+import (
+	"testing"
+
+	"github.com/opencontainers/selinux/go-selinux"
+)
 
 const testLabel = "system_u:object_r:container_file_t:s0:c1,c2"
 
@@ -15,9 +19,8 @@ func TestInit(t *testing.T) {
 		t.Fatal(err)
 	}
 	testDisabled := []string{"disable"}
-	roMountLabel := ROMountLabel()
-	if roMountLabel != "" {
-		t.Errorf("ROMountLabel Failed")
+	if selinux.ROFileLabel() != "" {
+		t.Error("selinux.ROFileLabel Failed")
 	}
 	plabel, mlabel, err := InitLabels(testDisabled)
 	if err != nil {
@@ -44,45 +47,12 @@ func TestRelabel(t *testing.T) {
 	}
 }
 
-func TestSocketLabel(t *testing.T) {
-	label := testLabel
-	if err := SetSocketLabel(label); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := SocketLabel(); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestKeyLabel(t *testing.T) {
-	label := testLabel
-	if err := SetKeyLabel(label); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := KeyLabel(); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestProcessLabel(t *testing.T) {
-	label := testLabel
-	if err := SetProcessLabel(label); err != nil {
-		t.Fatal(err)
-	}
-	if _, err := ProcessLabel(); err != nil {
-		t.Fatal(err)
-	}
-}
-
 func TestCheckLabelCompile(t *testing.T) {
-	if _, _, err := GenLabels(""); err != nil {
+	if _, _, err := InitLabels(nil); err != nil {
 		t.Fatal(err)
 	}
 
 	tmpDir := t.TempDir()
-	if _, err := FileLabel(tmpDir); err != nil {
-		t.Fatal(err)
-	}
 
 	if err := SetFileLabel(tmpDir, "foobar"); err != nil {
 		t.Fatal(err)
@@ -92,21 +62,6 @@ func TestCheckLabelCompile(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if _, err := PidLabel(0); err != nil {
-		t.Fatal(err)
-	}
-
-	ClearLabels()
-
-	if err := ReserveLabel("foobar"); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := ReleaseLabel("foobar"); err != nil {
-		t.Fatal(err)
-	}
-
-	_, _ = DupSecOpt("foobar")
 	DisableSecOpt()
 
 	if err := Validate("foobar"); err != nil {

go-selinux/selinux_linux_test.go

@@ -8,6 +8,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 	"testing"
 )
 
@@ -119,6 +120,104 @@ func TestInitLabels(t *testing.T) {
 	ReleaseLabel(plabel)
 }
 
+func TestDuplicateLabel(t *testing.T) {
+	secopt, err := DupSecOpt("system_u:system_r:container_t:s0:c1,c2")
+	if err != nil {
+		t.Fatalf("DupSecOpt: %v", err)
+	}
+	for _, opt := range secopt {
+		con := strings.SplitN(opt, ":", 2)
+		if con[0] == "user" {
+			if con[1] != "system_u" {
+				t.Errorf("DupSecOpt Failed user incorrect")
+			}
+			continue
+		}
+		if con[0] == "role" {
+			if con[1] != "system_r" {
+				t.Errorf("DupSecOpt Failed role incorrect")
+			}
+			continue
+		}
+		if con[0] == "type" {
+			if con[1] != "container_t" {
+				t.Errorf("DupSecOpt Failed type incorrect")
+			}
+			continue
+		}
+		if con[0] == "level" {
+			if con[1] != "s0:c1,c2" {
+				t.Errorf("DupSecOpt Failed level incorrect")
+			}
+			continue
+		}
+		t.Errorf("DupSecOpt failed: invalid field %q", con[0])
+	}
+	secopt = DisableSecOpt()
+	if secopt[0] != "disable" {
+		t.Errorf(`DisableSecOpt failed: want "disable", got %q`, secopt[0])
+	}
+}
+
+func TestSELinuxNoLevel(t *testing.T) {
+	if !GetEnabled() {
+		t.Skip("SELinux not enabled, skipping.")
+	}
+
+	tlabel := "system_u:system_r:container_t"
+	dup, err := DupSecOpt(tlabel)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(dup) != 3 {
+		t.Errorf("DupSecOpt failed on non mls label: want 3, got %d", len(dup))
+	}
+	con, err := NewContext(tlabel)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if con.Get() != tlabel {
+		t.Errorf("NewContext and con.Get() failed on non mls label: want %q, got %q", tlabel, con.Get())
+	}
+}
+
+func TestSocketLabel(t *testing.T) {
+	if !GetEnabled() {
+		t.Skip("SELinux not enabled, skipping.")
+	}
+
+	label := "system_u:object_r:container_t:s0:c1,c2"
+	if err := SetSocketLabel(label); err != nil {
+		t.Fatal(err)
+	}
+	nlabel, err := SocketLabel()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if label != nlabel {
+		t.Errorf("SocketLabel %s != %s", nlabel, label)
+	}
+}
+
+func TestKeyLabel(t *testing.T) {
+	if !GetEnabled() {
+		t.Skip("SELinux not enabled, skipping.")
+	}
+
+	label := "system_u:object_r:container_t:s0:c1,c2"
+	if err := SetKeyLabel(label); err != nil {
+		t.Fatal(err)
+	}
+	nlabel, err := KeyLabel()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if label != nlabel {
+		t.Errorf("KeyLabel: want %q, got %q", label, nlabel)
+	}
+}
+
 func BenchmarkContextGet(b *testing.B) {
 	ctx, err := NewContext("system_u:object_r:container_file_t:s0:c1022,c1023")
 	if err != nil {