policycoreutils/tests/sepolicy-generate/runtest.sh

#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate
#   Description: sepolicy generate sanity test
#   Author: Michal Trunecka <mtruneck@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
#
#   This copyrighted material is made available to anyone wishing
#   to use, modify, copy, or redistribute it subject to the terms
#   and conditions of the GNU General Public License version 2.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE. See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public
#   License along with this program; if not, write to the Free
#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
#   Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGE="policycoreutils"

rlJournalStart
    rlPhaseStartSetup
        rlRun "rlCheckRequirements ${PACKAGES[*]}" || rlDie "cannot continue"
        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
        rlRun "pushd $TmpDir"
    rlPhaseEnd

    rlPhaseStartTest
        rlRun "mkdir mypolicy"
        rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home"
        rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te"
        rlRun "rm -rf mypolicy"
    rlPhaseEnd

    rlPhaseStartTest
        rlRun "mkdir mypolicy"
        rlRun "touch /usr/bin/testpolicy"
      for VARIANT in " -n testpolicy --admin_user -r webadm_r" \
                     " --application /usr/bin/testpolicy " \
                     " -n testpolicy --confined_admin -a firewalld " \
                     " -n testpolicy --confined_admin " \
                     " -n testpolicy --customize -d httpd_t -a firewalld " \
                     " -n testpolicy --customize -d httpd_t" \
                     " --dbus /usr/bin/testpolicy " \
                     " -n testpolicy --desktop_user " \
                     " --inetd /usr/bin/testpolicy " \
                     " --init /usr/bin/testpolicy " \
                     " -n testpolicy --newtype -t newtype_var_log_t " \
                     " -n testpolicy --newtype -t newtype_unit_file_t " \
                     " -n testpolicy --newtype -t newtype_var_run_t " \
                     " -n testpolicy --newtype -t newtype_var_cache_t " \
                     " -n testpolicy --newtype -t newtype_tmp_t " \
                     " -n testpolicy --newtype -t newtype_port_t " \
                     " -n testpolicy --newtype -t newtype_var_spool_t " \
                     " -n testpolicy --newtype -t newtype_var_lib_t " \
                     " -n testpolicy --sandbox " \
                     " -n testpolicy --term_user " \
                     " -n testpolicy --x_user "
#                     " --cgi /usr/bin/testpolicy "
        do
            rlRun "sepolicy generate -p mypolicy $VARIANT"
            rlRun "cat mypolicy/testpolicy.te"
            rlRun "cat mypolicy/testpolicy.if"
            rlRun "cat mypolicy/testpolicy.fc"
          if echo "$VARIANT" | grep -q newtype; then
            rlAssertNotExists "mypolicy/testpolicy.sh"
            rlAssertNotExists "mypolicy/testpolicy.spec"
          else
            rlRun "mypolicy/testpolicy.sh"
            rlRun "semodule -l | grep  testpolicy"
            rlRun "semanage user -d testpolicy_u" 0-255
            rlRun "semodule -r testpolicy"
          fi

            rlRun "rm -rf mypolicy/*"
            rlRun "sleep 1"

          if ! echo "$VARIANT" | grep -q newtype; then
            rlRun "sepolicy generate -p mypolicy -w /home  $VARIANT"
            rlRun "cat mypolicy/testpolicy.te"
            rlRun "cat mypolicy/testpolicy.if"
            rlRun "cat mypolicy/testpolicy.fc"

            rlRun "mypolicy/testpolicy.sh"
            rlRun "semodule -l | grep  testpolicy"
            rlRun "semanage user -d testpolicy_u" 0-255
            rlRun "semodule -r testpolicy"

            rlRun "rm -rf mypolicy/*"
            rlRun "sleep 1"
          fi
        done
        rlRun "rm -rf mypolicy"
    rlPhaseEnd

    rlPhaseStartCleanup
        rlRun "popd"
        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd
Add CI tests using the standard test interface The playbook includes Tier1 level test cases that have been tested in the following contexts and is passing reliably on Classic. Test logs are stored in the Artifacts directory. The following steps are used to execute the tests using the standard test interface: Classic sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory \|\| echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml It's based on https://src.fedoraproject.org/rpms/policycoreutils/pull-request/1 from Merlin Mathesius <merlinm@redhat.com> 2017-12-21 15:46:17 +00:00			`#!/bin/bash`
			`# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
			`# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
			`#`
			`# runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate`
			`# Description: sepolicy generate sanity test`
			`# Author: Michal Trunecka <mtruneck@redhat.com>`
			`#`
			`# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
			`#`
			`# Copyright (c) 2013 Red Hat, Inc. All rights reserved.`
			`#`
			`# This copyrighted material is made available to anyone wishing`
			`# to use, modify, copy, or redistribute it subject to the terms`
			`# and conditions of the GNU General Public License version 2.`
			`#`
			`# This program is distributed in the hope that it will be`
			`# useful, but WITHOUT ANY WARRANTY; without even the implied`
			`# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
			`# PURPOSE. See the GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public`
			`# License along with this program; if not, write to the Free`
			`# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
			`# Boston, MA 02110-1301, USA.`
			`#`
			`# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

			`# Include Beaker environment`
			`. /usr/bin/rhts-environment.sh \|\| exit 1`
			`. /usr/share/beakerlib/beakerlib.sh \|\| exit 1`

			`PACKAGE="policycoreutils"`

			`rlJournalStart`
			`rlPhaseStartSetup`
			`rlRun "rlCheckRequirements ${PACKAGES[*]}" \|\| rlDie "cannot continue"`
			`rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
			`rlRun "pushd $TmpDir"`
			`rlPhaseEnd`

			`rlPhaseStartTest`
			`rlRun "mkdir mypolicy"`
			`rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home"`
			`rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te"`
			`rlRun "rm -rf mypolicy"`
			`rlPhaseEnd`

			`rlPhaseStartTest`
			`rlRun "mkdir mypolicy"`
			`rlRun "touch /usr/bin/testpolicy"`
			`for VARIANT in " -n testpolicy --admin_user -r webadm_r" \`
			`" --application /usr/bin/testpolicy " \`
			`" -n testpolicy --confined_admin -a firewalld " \`
			`" -n testpolicy --confined_admin " \`
			`" -n testpolicy --customize -d httpd_t -a firewalld " \`
			`" -n testpolicy --customize -d httpd_t" \`
			`" --dbus /usr/bin/testpolicy " \`
			`" -n testpolicy --desktop_user " \`
			`" --inetd /usr/bin/testpolicy " \`
			`" --init /usr/bin/testpolicy " \`
			`" -n testpolicy --newtype -t newtype_var_log_t " \`
			`" -n testpolicy --newtype -t newtype_unit_file_t " \`
			`" -n testpolicy --newtype -t newtype_var_run_t " \`
			`" -n testpolicy --newtype -t newtype_var_cache_t " \`
			`" -n testpolicy --newtype -t newtype_tmp_t " \`
			`" -n testpolicy --newtype -t newtype_port_t " \`
			`" -n testpolicy --newtype -t newtype_var_spool_t " \`
			`" -n testpolicy --newtype -t newtype_var_lib_t " \`
			`" -n testpolicy --sandbox " \`
			`" -n testpolicy --term_user " \`
			`" -n testpolicy --x_user "`
			`# " --cgi /usr/bin/testpolicy "`
			`do`
			`rlRun "sepolicy generate -p mypolicy $VARIANT"`
			`rlRun "cat mypolicy/testpolicy.te"`
			`rlRun "cat mypolicy/testpolicy.if"`
			`rlRun "cat mypolicy/testpolicy.fc"`
			`if echo "$VARIANT" \| grep -q newtype; then`
			`rlAssertNotExists "mypolicy/testpolicy.sh"`
			`rlAssertNotExists "mypolicy/testpolicy.spec"`
			`else`
			`rlRun "mypolicy/testpolicy.sh"`
			`rlRun "semodule -l \| grep testpolicy"`
			`rlRun "semanage user -d testpolicy_u" 0-255`
			`rlRun "semodule -r testpolicy"`
			`fi`

			`rlRun "rm -rf mypolicy/*"`
			`rlRun "sleep 1"`

			`if ! echo "$VARIANT" \| grep -q newtype; then`
			`rlRun "sepolicy generate -p mypolicy -w /home $VARIANT"`
			`rlRun "cat mypolicy/testpolicy.te"`
			`rlRun "cat mypolicy/testpolicy.if"`
			`rlRun "cat mypolicy/testpolicy.fc"`

			`rlRun "mypolicy/testpolicy.sh"`
			`rlRun "semodule -l \| grep testpolicy"`
			`rlRun "semanage user -d testpolicy_u" 0-255`
			`rlRun "semodule -r testpolicy"`

			`rlRun "rm -rf mypolicy/*"`
			`rlRun "sleep 1"`
			`fi`
			`done`
			`rlRun "rm -rf mypolicy"`
			`rlPhaseEnd`

			`rlPhaseStartCleanup`
			`rlRun "popd"`
			`rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
			`rlPhaseEnd`
			`rlJournalPrintText`
			`rlJournalEnd`