policycoreutils/tests/semanage-port-add-delete-problems/runtest.sh

#!/bin/bash
# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
#   Description: semanage accepts invalid port numbers and then cannot delete them
#   Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
#
#   This copyrighted material is made available to anyone wishing
#   to use, modify, copy, or redistribute it subject to the terms
#   and conditions of the GNU General Public License version 2.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE. See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public
#   License along with this program; if not, write to the Free
#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
#   Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGE="policycoreutils"
PORT_NAME="ldap_port_t"
BAD_PORT_NUMBER="123456"
GOOD_PORT_NUMBER="1389"

rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm ${PACKAGE}
        rlRun "rpm -qf /usr/sbin/semanage"
        rlRun "rpm -qf /usr/bin/seinfo"
        OUTPUT_FILE=`mktemp`
        rlRun "setenforce 1"
        rlRun "sestatus"
    rlPhaseEnd

    rlPhaseStartTest
        rlRun "semanage port -l | grep ${PORT_NAME}"

        rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
        rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
        rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
        rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
        rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
        #rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'"

        rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
        rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
        rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}"
        rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
        rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
    rlPhaseEnd

    rlPhaseStartTest
        rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
        rlRun "semanage port -l | grep syslogd_port_t"
        rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
    rlPhaseEnd

    if rlIsRHEL ; then
    rlPhaseStartTest
        rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\""
        if rlIsRHEL 5 6; then
            PORT_TYPE="syslogd_port_t"
        else
            PORT_TYPE="commplex_link_port_t"
        fi

        # adding a port number to a type
        START_DATE_TIME=`date "+%m/%d/%Y %T"`
        sleep 1
        rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005"
        sleep 2

        # Check for user_avc
        rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
        LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
        rlRun "cat ${OUTPUT_FILE}"
        rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}

        # deleting a port number from a type
        START_DATE_TIME=`date "+%m/%d/%Y %T"`
        sleep 1
        rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005"
        sleep 2

        # Check for user_avc
        rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
        LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
        rlRun "cat ${OUTPUT_FILE}"
        rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
    rlPhaseEnd
    fi

    if ! rlIsRHEL 5 ; then
    rlPhaseStartTest
        rlRun "seinfo --portcon | grep :hi_reserved_port_t:"
        rlRun "seinfo --portcon | grep :reserved_port_t:"
        rlRun "semanage port -l | grep ^hi_reserved_port_t"
        rlRun "semanage port -l | grep ^reserved_port_t"
        if ! rlIsRHEL 6 ; then
            rlRun "seinfo --portcon | grep :unreserved_port_t:"
            rlRun "semanage port -l | grep ^unreserved_port_t"
        fi
    rlPhaseEnd
    fi

    rlPhaseStartTest "manipulation with hard-wired ports"
        rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
        rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
        rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
        rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
        rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
        rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
        rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
        rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
        rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
        rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
        rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
    rlPhaseEnd

    rlPhaseStartCleanup
        rm -f ${OUTPUT_FILE}
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd
Add CI tests using the standard test interface The playbook includes Tier1 level test cases that have been tested in the following contexts and is passing reliably on Classic. Test logs are stored in the Artifacts directory. The following steps are used to execute the tests using the standard test interface: Classic sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory \|\| echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml It's based on https://src.fedoraproject.org/rpms/policycoreutils/pull-request/1 from Merlin Mathesius <merlinm@redhat.com> 2017-12-21 15:46:17 +00:00			`#!/bin/bash`
			`# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k`
			`# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
			`#`
			`# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems`
			`# Description: semanage accepts invalid port numbers and then cannot delete them`
			`# Author: Milos Malik <mmalik@redhat.com>`
			`#`
			`# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
			`#`
			`# Copyright (c) 2009 Red Hat, Inc. All rights reserved.`
			`#`
			`# This copyrighted material is made available to anyone wishing`
			`# to use, modify, copy, or redistribute it subject to the terms`
			`# and conditions of the GNU General Public License version 2.`
			`#`
			`# This program is distributed in the hope that it will be`
			`# useful, but WITHOUT ANY WARRANTY; without even the implied`
			`# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
			`# PURPOSE. See the GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public`
			`# License along with this program; if not, write to the Free`
			`# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
			`# Boston, MA 02110-1301, USA.`
			`#`
			`# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

			`. /usr/bin/rhts-environment.sh \|\| exit 1`
			`. /usr/share/beakerlib/beakerlib.sh \|\| exit 1`

			`PACKAGE="policycoreutils"`
			`PORT_NAME="ldap_port_t"`
			`BAD_PORT_NUMBER="123456"`
			`GOOD_PORT_NUMBER="1389"`

			`rlJournalStart`
			`rlPhaseStartSetup`
			`rlAssertRpm ${PACKAGE}`
			`rlRun "rpm -qf /usr/sbin/semanage"`
			`rlRun "rpm -qf /usr/bin/seinfo"`
			OUTPUT_FILE=`mktemp`
			`rlRun "setenforce 1"`
			`rlRun "sestatus"`
			`rlPhaseEnd`

			`rlPhaseStartTest`
			`rlRun "semanage port -l \| grep ${PORT_NAME}"`

			`rlRun "semanage port -l \| grep ${PORT_NAME} \| tee -a ${OUTPUT_FILE}"`
			`rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1`
			`rlRun "semanage port -l \| grep ${PORT_NAME} \| tee -a ${OUTPUT_FILE}"`
			`rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1`
			`rlRun "semanage port -l \| grep ${PORT_NAME} \| tee -a ${OUTPUT_FILE}"`
			`#rlRun "sort ${OUTPUT_FILE} \| uniq \| wc -l \| grep '^2$'"`

			`rlRun "semanage port -l \| grep ${PORT_NAME} \| grep ${GOOD_PORT_NUMBER}" 1`
			`rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"`
			`rlRun "semanage port -l \| grep ${PORT_NAME} \| grep ${GOOD_PORT_NUMBER}"`
			`rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"`
			`rlRun "semanage port -l \| grep ${PORT_NAME} \| grep ${GOOD_PORT_NUMBER}" 1`
			`rlPhaseEnd`

			`rlPhaseStartTest`
			`rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 \| grep -i traceback" 1`
			`rlRun "semanage port -l \| grep syslogd_port_t"`
			`rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 \| grep -i traceback" 1`
			`rlPhaseEnd`

			`if rlIsRHEL ; then`
			`rlPhaseStartTest`
			`rlRun "ps -efZ \| grep -v grep \| grep \"auditd_t.*auditd\""`
			`if rlIsRHEL 5 6; then`
			`PORT_TYPE="syslogd_port_t"`
			`else`
			`PORT_TYPE="commplex_link_port_t"`
			`fi`

			`# adding a port number to a type`
			START_DATE_TIME=`date "+%m/%d/%Y %T"`
			`sleep 1`
			`rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005"`
			`sleep 2`

			`# Check for user_avc`
			`rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1`
			LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
			`rlRun "cat ${OUTPUT_FILE}"`
			`rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}`

			`# deleting a port number from a type`
			START_DATE_TIME=`date "+%m/%d/%Y %T"`
			`sleep 1`
			`rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005"`
			`sleep 2`

			`# Check for user_avc`
			`rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1`
			LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
			`rlRun "cat ${OUTPUT_FILE}"`
			`rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}`
			`rlPhaseEnd`
			`fi`

			`if ! rlIsRHEL 5 ; then`
			`rlPhaseStartTest`
			`rlRun "seinfo --portcon \| grep :hi_reserved_port_t:"`
			`rlRun "seinfo --portcon \| grep :reserved_port_t:"`
			`rlRun "semanage port -l \| grep ^hi_reserved_port_t"`
			`rlRun "semanage port -l \| grep ^reserved_port_t"`
			`if ! rlIsRHEL 6 ; then`
			`rlRun "seinfo --portcon \| grep :unreserved_port_t:"`
			`rlRun "semanage port -l \| grep ^unreserved_port_t"`
			`fi`
			`rlPhaseEnd`
			`fi`

			`rlPhaseStartTest "manipulation with hard-wired ports"`
			`rlRun "semanage port -l \| grep 'smtp_port_t.tcp.25'"`
			`rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 \| tee ${OUTPUT_FILE}"`
			`rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i`
			`rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 \| tee ${OUTPUT_FILE}"`
			`rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i`
			`rlRun "semanage port -l \| grep 'smtp_port_t.tcp.25'"`
			`rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 \| tee ${OUTPUT_FILE}"`
			`rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i`
			`rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 \| tee ${OUTPUT_FILE}"`
			`rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i`
			`rlRun "semanage port -l \| grep 'smtp_port_t.tcp.25'"`
			`rlPhaseEnd`

			`rlPhaseStartCleanup`
			`rm -f ${OUTPUT_FILE}`
			`rlPhaseEnd`
			`rlJournalPrintText`
			`rlJournalEnd`