Bugfixes.

* configure.ac: Avoid linking against -lacl when
--without-posix-acls is given.
* tests/selacl01.at: Call restorecon
* tests/selnx01.at: Likewise.
* tests/testsuite.at (AT_SELINUX_UTILS_PREREQ): Likewise.
(AT_SELINUX_PREREQ,AT_ACLS_PREREQ): Use the right _PREREQ macros.

configure.ac

@@ -70,6 +70,29 @@ if test $diff_cv_st_fstype_string = yes; then
     [Define if struct stat has a char st_fstype[] member.])
 fi
 
+# even if we use gnulib's acl.h with integrated m4 file later on (used because
+# of very useful file_has_acl() function) we need following checks that restrict
+# tar to use POSIX.1e ACLs only.
+AC_ARG_WITH([posix-acls],
+    AS_HELP_STRING([--without-posix-acls],
+                   [do not use POSIX.1e access control lists]),
+    [with_posix_acls=no])
+if test "x$with_posix_acls" != "xno"; then
+  AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acl=no])
+  AC_SEARCH_LIBS([acl_get_file],  [acl pacl],, [with_posix_acl=no])
+  AC_SEARCH_LIBS([acl_get_fd],    [acl pacl],, [with_posix_acl=no])
+  AC_SEARCH_LIBS([acl_set_file],  [acl pacl],, [with_posix_acl=no])
+  AC_SEARCH_LIBS([acl_set_fd],    [acl pacl],, [with_posix_acl=no])
+  AC_SEARCH_LIBS([acl_to_text],   [acl pacl],, [with_posix_acl=no])
+  AC_SEARCH_LIBS([acl_from_text], [acl pacl],, [with_posix_acl=no])
+  if test "x$with_posix_acls" != xno; then
+    AC_DEFINE(HAVE_POSIX_ACLS,,[Define when we have working POSIX acls])
+  fi
+else
+  # disable acls in gnulib's checks
+  export enable_acl=no
+fi
+
 AC_TYPE_SIGNAL
 AC_TYPE_MODE_T
 AC_TYPE_PID_T
@@ -94,25 +117,6 @@ TAR_HEADERS_ATTR_XATTR_H
 
 AC_CHECK_FUNCS_ONCE([fchmod fchown fsync lstat mkfifo readlink symlink])
 
-# we use gnulib's acl.h - because of very useful file_has_acl() function.  M4
-# file from gnulib/acl does a quite good job of course.  The problem is that
-# this function works on wide list of platforms and we need to restrict tar to
-# use POSIX.1e ACLs only.
-AC_ARG_WITH([posix-acls],
-    AS_HELP_STRING([--without-posix-acls],
-                   [do not use POSIX.1e access control lists]),
-    [with_posix_acls=no])
-AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acl=no])
-AC_SEARCH_LIBS([acl_get_file],  [acl pacl],, [with_posix_acl=no])
-AC_SEARCH_LIBS([acl_get_fd],    [acl pacl],, [with_posix_acl=no])
-AC_SEARCH_LIBS([acl_set_file],  [acl pacl],, [with_posix_acl=no])
-AC_SEARCH_LIBS([acl_set_fd],    [acl pacl],, [with_posix_acl=no])
-AC_SEARCH_LIBS([acl_to_text],   [acl pacl],, [with_posix_acl=no])
-AC_SEARCH_LIBS([acl_from_text], [acl pacl],, [with_posix_acl=no])
-if test "x$with_posix_acls" != xno; then
-  AC_DEFINE(HAVE_POSIX_ACLS,,[Define when we have working POSIX acls])
-fi
-
 AC_CHECK_DECLS([getgrgid],,, [#include <grp.h>])
 AC_CHECK_DECLS([getpwuid],,, [#include <pwd.h>])
 AC_CHECK_DECLS([time],,, [#include <time.h>])

tests/selacl01.at

@@ -36,6 +36,7 @@ MINOR=$( stat /dev/urandom --printf="%T" )
 mknod dir/chartype c $MAJOR $MINOR
 
 # setup attributes
+restorecon -R dir
 chcon -h --user=system_u dir/fifo
 chcon -h --user=system_u dir/chartype
 setfacl -m u:$UID:--- dir/fifo

tests/selnx01.at

@@ -33,6 +33,7 @@ ln -s file dir/link
 
 getfattr -h -d -msecurity.selinux dir dir/file dir/link > start
 
+restorecon -R dir
 chcon -h --user=system_u     dir
 chcon -h --user=unconfined_u dir/file
 chcon -h --user=system_u     dir/link

tests/testsuite.at

@@ -132,6 +132,7 @@ m4_define([AT_XATTRS_UTILS_PREREQ],[
 ])
 m4_define([AT_SELINUX_UTILS_PREREQ],[
   file=$( mktemp -p . )
+  AT_CHECK_UTIL(restorecon $file, 0)
   AT_CHECK_UTIL(chcon -h --user=unconfined_u $file,0)
   rm -rf $file
 ])
@@ -158,7 +159,7 @@ m4_define([AT_XATTRS_PREREQ],[
   fi
 ])
 m4_define([AT_SELINUX_PREREQ],[
-  AT_XATTRS_UTILS_PREREQ
+  AT_SELINUX_UTILS_PREREQ
   file=$( mktemp -p . )
   err=$( tar --selinux -cf /dev/null $file 2>&1 >/dev/null | wc -l )
   if test "$err" != "0"; then
@@ -166,7 +167,7 @@ m4_define([AT_SELINUX_PREREQ],[
   fi
 ])
 m4_define([AT_ACLS_PREREQ],[
-  AT_XATTRS_UTILS_PREREQ
+  AT_ACLS_UTILS_PREREQ
   file=$( mktemp -p . )
   setfacl -m u:$UID:rwx $file
   err=$( tar --acls -cf /dev/null $file 2>&1 >/dev/null | wc -l )