RFE: use getfattr instead of ls -Z

[WOnder93]

ls -Z requires special handling due to different output across different coreutils versions. Instead use getfattr(1), which can return the security context directly.

Resolves issue #8.

(This was the only occurrence of ls -Z in the whole testsuite.)

[pcmoore]

How did you test this @WOnder93 ?

This PR adds some noise to the mmap tests, it's not serious enough to revert, but please fix this as soon as possible.

• https://groups.google.com/forum/#!topic/kernel-secnext/QxRmONq5gX4

Compiling targeted test_policy module
Creating targeted test_policy.pp policy package
Running as user root with context unconfined_u:unconfined_r:unconfined_t

domain_trans/test ........... ok
entrypoint/test ............. ok
execshare/test .............. ok
exectrace/test .............. ok
execute_no_trans/test ....... ok
fdreceive/test .............. ok
inherit/test ................ ok
link/test ................... ok
mkdir/test .................. ok
msg/test .................... ok
open/test ................... ok
ptrace/test ................. ok
readlink/test ............... ok
relabel/test ................ ok
rename/test ................. ok
rxdir/test .................. ok
sem/test .................... ok
setattr/test ................ ok
setnice/test ................ ok
shm/test .................... ok
sigkill/test ................ ok
stat/test ................... ok
sysctl/test ................. ok
task_create/test ............ ok
task_setnice/test ........... ok
task_setscheduler/test ...... ok
task_getscheduler/test ...... ok
task_getsid/test ............ ok
task_getpgid/test ........... ok
task_setpgid/test ........... ok
test_mmap:mmap: Permission denied
test_mprotect:mprotect: Permission denied
test_lock:LOCK_EX: Permission denied
test_rw:read: Permission denied
file/test ................... ok
ioctl/test .................. ok
capable_file/test ........... ok
capable_net/test ............ ok
capable_sys/test ............ ok
dyntrans/test ............... ok
dyntrace/test ............... ok
bounds/test ................. ok
nnp_nosuid/test ............. ok
mmap/test ................... ok
unix_socket/test ............ ok
inet_socket/test ............ ok
overlay/test ................ ok
checkreqprot/test ........... ok
mqueue/test ................. ok
mac_admin/test .............. ok
atsecure/test ............... ok
cgroupfs_label/test ......... ok
cap_userns/test ............. ok
extended_socket_class/test .. ok
sctp/test ................... ok
netlink_socket/test ......... ok
prlimit/test ................ ok
binder/test ................. ok
infiniband_endport/test ..... ok
infiniband_pkey/test ........ ok
All tests successful.
Files=56, Tests=638, 128 wallclock secs ( 0.24 usr  0.20 sys +  8.05 cusr 29.39 csys = 37.88 CPU)
Result: PASS
libsemanage.semanage_direct_remove_key: Removing last test_policy module (no other test_policy module exists at another priority).

[WOnder93]

Hm, I overlooked that getattr output includes a null character at the end (this actually caused the " 2>&1" part of the command string to be discarded, leading to the noise). Adding | tr -d '\\000' after the getattr command seems to fix it for me. I don't have time to send a patch/PR now, if someone wants to do it before I get the chance, then feel free to do it :)

[pcmoore]

I'll let you have the fun @WOnder93.

However, my earlier question about how you are testing these patches still stands as asked. Please figure something out because whatever you are doing to test these patches isn't rigorous enough.

[WOnder93]

I admit I forgot to test these two patches before submitting. I'm sorry, it was a human error on my part. I have now taken some steps towards automating such workflow, so hopefully I will be less likely to forget to do it in the future.