From 4b74ff66784279c604453c90a4137a2e3b47925b Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 21 Dec 2017 16:46:17 +0100 Subject: [PATCH] Add CI tests using the standard test interface The playbook includes Tier1 level test cases that have been tested in the following contexts and is passing reliably on Classic. Test logs are stored in the Artifacts directory. The following steps are used to execute the tests using the standard test interface: Classic sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml It's based on https://src.fedoraproject.org/rpms/policycoreutils/pull-request/1 from Merlin Mathesius --- .../CIL-modules-without-compilation/Makefile | 64 +++ tests/CIL-modules-without-compilation/PURPOSE | 5 + .../runtest.sh | 73 ++++ tests/load_policy/Makefile | 64 +++ tests/load_policy/PURPOSE | 5 + tests/load_policy/runtest.sh | 79 ++++ tests/restorecon/Makefile | 70 ++++ tests/restorecon/PURPOSE | 5 + tests/restorecon/runtest.sh | 367 ++++++++++++++++++ tests/restorecon/testpolicy.fc | 2 + tests/restorecon/testpolicy.te | 19 + tests/semanage-interface/Makefile | 65 ++++ tests/semanage-interface/PURPOSE | 4 + tests/semanage-interface/runtest.sh | 69 ++++ tests/semanage-login/Makefile | 65 ++++ tests/semanage-login/PURPOSE | 4 + tests/semanage-login/runtest.sh | 67 ++++ tests/semanage-permissive-d-problems/Makefile | 70 ++++ tests/semanage-permissive-d-problems/PURPOSE | 5 + .../semanage-permissive-d-problems/runtest.sh | 93 +++++ .../Makefile | 71 ++++ .../semanage-port-add-delete-problems/PURPOSE | 5 + .../runtest.sh | 137 +++++++ tests/semanage-user/Makefile | 65 ++++ tests/semanage-user/PURPOSE | 4 + tests/semanage-user/runtest.sh | 76 ++++ tests/semanage-user/testpolicy.te | 11 + tests/sepolicy-generate/Makefile | 64 +++ tests/sepolicy-generate/PURPOSE | 3 + tests/sepolicy-generate/runtest.sh | 115 ++++++ tests/sestatus/Makefile | 67 ++++ tests/sestatus/PURPOSE | 4 + tests/sestatus/runtest.sh | 114 ++++++ tests/setsebool/Makefile | 65 ++++ tests/setsebool/PURPOSE | 5 + tests/setsebool/runtest.sh | 151 +++++++ tests/tests.yml | 45 +++ 37 files changed, 2197 insertions(+) create mode 100644 tests/CIL-modules-without-compilation/Makefile create mode 100644 tests/CIL-modules-without-compilation/PURPOSE create mode 100755 tests/CIL-modules-without-compilation/runtest.sh create mode 100644 tests/load_policy/Makefile create mode 100644 tests/load_policy/PURPOSE create mode 100755 tests/load_policy/runtest.sh create mode 100644 tests/restorecon/Makefile create mode 100644 tests/restorecon/PURPOSE create mode 100755 tests/restorecon/runtest.sh create mode 100644 tests/restorecon/testpolicy.fc create mode 100644 tests/restorecon/testpolicy.te create mode 100644 tests/semanage-interface/Makefile create mode 100644 tests/semanage-interface/PURPOSE create mode 100755 tests/semanage-interface/runtest.sh create mode 100644 tests/semanage-login/Makefile create mode 100644 tests/semanage-login/PURPOSE create mode 100755 tests/semanage-login/runtest.sh create mode 100644 tests/semanage-permissive-d-problems/Makefile create mode 100644 tests/semanage-permissive-d-problems/PURPOSE create mode 100755 tests/semanage-permissive-d-problems/runtest.sh create mode 100644 tests/semanage-port-add-delete-problems/Makefile create mode 100644 tests/semanage-port-add-delete-problems/PURPOSE create mode 100755 tests/semanage-port-add-delete-problems/runtest.sh create mode 100644 tests/semanage-user/Makefile create mode 100644 tests/semanage-user/PURPOSE create mode 100755 tests/semanage-user/runtest.sh create mode 100644 tests/semanage-user/testpolicy.te create mode 100644 tests/sepolicy-generate/Makefile create mode 100644 tests/sepolicy-generate/PURPOSE create mode 100755 tests/sepolicy-generate/runtest.sh create mode 100644 tests/sestatus/Makefile create mode 100644 tests/sestatus/PURPOSE create mode 100644 tests/sestatus/runtest.sh create mode 100644 tests/setsebool/Makefile create mode 100644 tests/setsebool/PURPOSE create mode 100755 tests/setsebool/runtest.sh create mode 100644 tests/tests.yml diff --git a/tests/CIL-modules-without-compilation/Makefile b/tests/CIL-modules-without-compilation/Makefile new file mode 100644 index 0000000..2d8a660 --- /dev/null +++ b/tests/CIL-modules-without-compilation/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +# Description: What the test does +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: What the test does" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/CIL-modules-without-compilation/PURPOSE b/tests/CIL-modules-without-compilation/PURPOSE new file mode 100644 index 0000000..a9c7d54 --- /dev/null +++ b/tests/CIL-modules-without-compilation/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +Author: Milos Malik + +Is it possible to manage policy modules written in CIL without any compilation? Does semanage and semodule understand them? + diff --git a/tests/CIL-modules-without-compilation/runtest.sh b/tests/CIL-modules-without-compilation/runtest.sh new file mode 100755 index 0000000..451461a --- /dev/null +++ b/tests/CIL-modules-without-compilation/runtest.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +# Description: What the test does +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "echo '()' > empty.cil" + rlRun "echo '(())' > invalid.cil" + rlPhaseEnd + + rlPhaseStartTest "empty CIL module" + rlRun "semodule -lfull | grep '400.*empty.*cil'" 1 + rlRun "semodule -i empty.cil" + rlRun "semodule -lfull | grep '400.*empty.*cil'" + rlRun "semodule -r empty" + rlRun "semodule -lfull | grep '400.*empty.*cil'" 1 + rlRun "semanage module -l | grep 'empty.*400.*cil'" 1 + rlRun "semanage module -a empty.cil" + rlRun "semanage module -l | grep 'empty.*400.*cil'" + rlRun "semanage module -r empty" + rlRun "semanage module -l | grep 'empty.*400.*cil'" 1 + rlPhaseEnd + + rlPhaseStartTest "invalid CIL module" + rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1 + rlRun "semodule -i invalid.cil" 1 + rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1 + rlRun "semodule -r invalid" 1 + rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1 + rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1 + rlRun "semanage module -a invalid.cil" 1 + rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1 + rlRun "semanage module -r invalid" 1 + rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1 + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "rm -f empty.cil invalid.cil" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/load_policy/Makefile b/tests/load_policy/Makefile new file mode 100644 index 0000000..ffee588 --- /dev/null +++ b/tests/load_policy/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/load_policy +# Description: Does load_policy work as expected? Does it produce correct audit messages? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/load_policy +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does load_policy work as expected? Does it produce correct audit messages?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: audit policycoreutils selinux-policy-targeted" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/load_policy/PURPOSE b/tests/load_policy/PURPOSE new file mode 100644 index 0000000..a5984d3 --- /dev/null +++ b/tests/load_policy/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/load_policy +Author: Milos Malik + +Does load_policy work as expected? Does it produce correct audit messages? + diff --git a/tests/load_policy/runtest.sh b/tests/load_policy/runtest.sh new file mode 100755 index 0000000..2a77654 --- /dev/null +++ b/tests/load_policy/runtest.sh @@ -0,0 +1,79 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/load_policy +# Description: Does load_policy work as expected? Does it produce correct audit messages? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" +if rlIsRHEL 6 ; then + SELINUX_FS_MOUNT="/selinux" +else # RHEL-7 and above + SELINUX_FS_MOUNT="/sys/fs/selinux" +fi + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "ls -l `which load_policy`" + BINARY_POLICY=`find /etc/selinux/targeted -type f -name policy.?? | sort -n | tail -n 1` + rlRun "ls -l ${BINARY_POLICY}" + rlPhaseEnd + + rlPhaseStartTest + rlRun "load_policy --xyz 2>&1 | grep \"invalid option\"" + rlRun "dmesg | grep -i selinux" 0,1 + rlRun "grep -i selinux /proc/mounts" + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "load_policy -q" + rlRun "grep -i selinux /proc/mounts" + sleep 1 + if rlIsRHEL ; then + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy" + fi + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'" + rlRun "umount ${SELINUX_FS_MOUNT}" + rlRun "grep -i selinux /proc/mounts" 1 + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "load_policy -i ${BINARY_POLICY}" + rlRun "grep -i selinux /proc/mounts" + sleep 1 + if rlIsRHEL ; then + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy" + fi + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'" + rlRun "dmesg | grep -i selinux" + rlPhaseEnd + + rlPhaseStartCleanup + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/restorecon/Makefile b/tests/restorecon/Makefile new file mode 100644 index 0000000..991e8f9 --- /dev/null +++ b/tests/restorecon/Makefile @@ -0,0 +1,70 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/restorecon +# Description: does restorecon work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/restorecon +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te testpolicy.fc + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh;: + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: does restorecon work correctly ?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 15m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: e2fsprogs" >> $(METADATA) + @echo "Requires: libselinux" >> $(METADATA) + @echo "Requires: selinux-policy-devel" >> $(METADATA) + @echo "Requires: libselinux-utils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/restorecon/PURPOSE b/tests/restorecon/PURPOSE new file mode 100644 index 0000000..d029be8 --- /dev/null +++ b/tests/restorecon/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/restorecon +Author: Milos Malik + +Does restorecon work correctly? + diff --git a/tests/restorecon/runtest.sh b/tests/restorecon/runtest.sh new file mode 100755 index 0000000..b16d4c0 --- /dev/null +++ b/tests/restorecon/runtest.sh @@ -0,0 +1,367 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/restorecon +# Description: does restorecon work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlServiceStop mcstrans mcstransd + rlRun "rpm -qf `which restorecon` | grep ${PACKAGE}" + rlRun "setenforce 1" + rlRun "sestatus" + rlRun "setsebool allow_domain_fd_use on" + rlPhaseEnd + + rlPhaseStartTest "Functional test" + + TESTDIR="/opt/restorecon_testdir" + DIRS="correct.dir incorrect1.dir incorrect2.dir customizable.dir" + FILES="correct.file incorrect.file customizable.file" + + rlRun "make -f /usr/share/selinux/devel/Makefile" + rlRun "semodule -i testpolicy.pp" + + rlFileBackup /etc/selinux/targeted/contexts/customizable_types + rlRun "echo 'customizable_t' >> /etc/selinux/targeted/contexts/customizable_types" + + # Here is the testing dirs and files structure + # all the files have initial context corresponding to their names + + # ./ + # correct.file + # incorrect.file + # customizable.file + + # correct.dir/ + # correct.file + # incorrect.file + # customizable.file + + # incorrect1.dir/ + # correct.file + # incorrect.file + # customizable.file + + # incorrect2.dir/ + # correct.file + # incorrect.file + # customizable.file + + # customizable.dir/ + # correct.file + # incorrect.file + # customizable.file + + # Function to set initial contexts + function set_contexts { + # Set the intended contexts + rlLog "Setting initial contexts of testing dirs..." + restorecon -R $TESTDIR + for ITEM in `find . -name 'incorrect*'`; do + chcon -t incorrect_t $ITEM + done + for ITEM in `find . -name 'customizable*'`; do + chcon -t customizable_t $ITEM + done + } + + # Check that files in dir $1 have the initial contexts + function check_initial_contexts { + if echo $1 | grep -q 'incorrect.dir'; then + rlRun "ls -ladZ $1 | grep :incorrect_t" + elif echo $1 | grep -q 'correct.dir'; then + rlRun "ls -ladZ $1 | grep :correct_t" + elif echo $1 | grep -q 'customizable.dir'; then + rlRun "ls -ladZ $1 | grep :customizable_t" + fi + rlRun "ls -ladZ $1/* | grep '\ ../file_list < +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-interface +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + test -x runtest.sh || chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does semanage interface ... work correctly?" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-interface/PURPOSE b/tests/semanage-interface/PURPOSE new file mode 100644 index 0000000..86bd3ab --- /dev/null +++ b/tests/semanage-interface/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-interface +Description: Does semanage interface ... work correctly? +Author: Milos Malik + diff --git a/tests/semanage-interface/runtest.sh b/tests/semanage-interface/runtest.sh new file mode 100755 index 0000000..ba8608b --- /dev/null +++ b/tests/semanage-interface/runtest.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-interface +# Description: Does semanage interface ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage interface --help" 0,1 + for POLICY_TYPE in minimum mls targeted ; do + if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then + continue + fi + rlRun "semanage interface -l -S ${POLICY_TYPE}" + done + if ! rlIsRHEL 5; then + rlRun "semanage interface -l -S unknown 2>&1 | grep \"store cannot be accessed\"" + fi + rlRun "semanage interface -a -t xyz_t xyz 2>&1 | grep -i -e 'not defined' -e 'error' -e 'could not'" + rlRun "semanage interface -m xyz" 1,2 + rlRun "semanage interface -d xyz" 1 + rlRun "semanage interface -a -t netif_t xyz" + if rlIsRHEL 5 6; then + rlRun "semanage interface -m -r s0 xyz" + else + rlRun "semanage interface -m -t netif_t -r s0 xyz" + fi + rlRun "semanage interface -l | grep \"xyz.*:netif_t:s0\"" + rlRun "semanage interface -d xyz" + rlRun "semanage interface -l | grep xyz" 1 + rlPhaseEnd + + rlPhaseStartCleanup + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-login/Makefile b/tests/semanage-login/Makefile new file mode 100644 index 0000000..1172ca9 --- /dev/null +++ b/tests/semanage-login/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-login +# Description: Does semanage login ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-login +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + test -x runtest.sh || chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does semanage login ... work correctly?" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-python-utils grep shadow-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-login/PURPOSE b/tests/semanage-login/PURPOSE new file mode 100644 index 0000000..b8f26c6 --- /dev/null +++ b/tests/semanage-login/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-login +Description: Does semanage login ... work correctly? +Author: Milos Malik + diff --git a/tests/semanage-login/runtest.sh b/tests/semanage-login/runtest.sh new file mode 100755 index 0000000..daf074c --- /dev/null +++ b/tests/semanage-login/runtest.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-login +# Description: Does semanage login ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage login --help" 0,1 + for POLICY_TYPE in minimum mls targeted ; do + if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then + continue + fi + rlRun "semanage login -l -S ${POLICY_TYPE}" + done + if ! rlIsRHEL 5; then + rlRun "semanage login -l -S unknown 2>&1 | grep \"store cannot be accessed\"" + fi + rlRun "semanage login -a -s xyz_u xyz 2>&1 | grep -i -e 'does not exist' -e 'mapping.*invalid' -e 'could not query'" + rlRun "semanage login -m xyz" 1 + rlRun "semanage login -d xyz" 1 + rlRun "useradd xyz" + rlRun "semanage login -a -s user_u xyz" + rlRun "semanage login -m -r s0 xyz" + rlRun "semanage login -l | grep \"xyz.*user_u.*s0\"" + rlRun "semanage login -d xyz" + rlRun "semanage login -l | grep xyz" 1 + rlRun "userdel -rf xyz" + rlPhaseEnd + + rlPhaseStartCleanup + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-permissive-d-problems/Makefile b/tests/semanage-permissive-d-problems/Makefile new file mode 100644 index 0000000..a5bffc2 --- /dev/null +++ b/tests/semanage-permissive-d-problems/Makefile @@ -0,0 +1,70 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh; : + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: semanage permissive -d accepts more than domain types, its behavior is not reliable" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils-python-utils" >> $(METADATA) + @echo "Requires: policycoreutils-devel" >> $(METADATA) + @echo "Requires: selinux-policy-devel" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: coreutils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELServer5 -RHELClient5" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-permissive-d-problems/PURPOSE b/tests/semanage-permissive-d-problems/PURPOSE new file mode 100644 index 0000000..f0d5e6f --- /dev/null +++ b/tests/semanage-permissive-d-problems/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +Author: Milos Malik + +Does semanage permissive work correctly? + diff --git a/tests/semanage-permissive-d-problems/runtest.sh b/tests/semanage-permissive-d-problems/runtest.sh new file mode 100755 index 0000000..61ccc4f --- /dev/null +++ b/tests/semanage-permissive-d-problems/runtest.sh @@ -0,0 +1,93 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "rpm -qf /usr/sbin/semanage" + OUTPUT_FILE=`mktemp` + rlRun "sestatus" + rlPhaseEnd + + if selinuxenabled ; then + rlPhaseStartTest + if rlIsRHEL 7 ; then + rlFileBackup /usr/share/selinux/default/Makefile + rlRun "rm -rf /usr/share/selinux/default/Makefile" + fi + rlRun "semanage permissive -l | grep fenced" 1 + rlRun "semanage permissive -a fenced_t" + rlRun "semanage permissive -l | grep fenced" + rlRun "semanage permissive -d fenced_t" + rlRun "semanage permissive -l | grep fenced" 1 + if rlIsRHEL 7 ; then + rlFileRestore + fi + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$" + rlRun "semanage permissive -a ypbind_t" + rlRun "semanage permissive -a ypserv_t" + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$" + rlRun "semanage permissive -d yp" 1-255 + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$" + rlRun "semanage permissive -d ypbind_t" + rlRun "semanage permissive -d ypserv_t" + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$" + rlPhaseEnd + + rlPhaseStartTest + rlRun -s "semanage permissive -d" 1 + rlAssertNotGrep 'traceback' $rlRun_LOG -iEq + rlAssertGrep 'error: the following argument is required: type' $rlRun_LOG -iEq + rm -f $rlRun_LOG + rlPhaseEnd + else + rlPhaseStartTest + rlRun "semanage permissive -l >& ${OUTPUT_FILE}" 0,1 + rlRun "grep -C 32 -i -e exception -e traceback -e error ${OUTPUT_FILE}" 1 + rlPhaseEnd + fi + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-port-add-delete-problems/Makefile b/tests/semanage-port-add-delete-problems/Makefile new file mode 100644 index 0000000..263da02 --- /dev/null +++ b/tests/semanage-port-add-delete-problems/Makefile @@ -0,0 +1,71 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +# Description: semanage accepts invalid port numbers and then cannot delete them +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh;: + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: semanage accepts invalid port numbers and then cannot delete them" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 15m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils-python-utils" >> $(METADATA) + @echo "Requires: setools-console" >> $(METADATA) + @echo "Requires: libselinux" >> $(METADATA) + @echo "Requires: libselinux-utils" >> $(METADATA) + @echo "Requires: coreutils" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-port-add-delete-problems/PURPOSE b/tests/semanage-port-add-delete-problems/PURPOSE new file mode 100644 index 0000000..a59e74f --- /dev/null +++ b/tests/semanage-port-add-delete-problems/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +Author: Milos Malik + +semanage accepts invalid port numbers and then cannot delete them + diff --git a/tests/semanage-port-add-delete-problems/runtest.sh b/tests/semanage-port-add-delete-problems/runtest.sh new file mode 100755 index 0000000..2bd9c9a --- /dev/null +++ b/tests/semanage-port-add-delete-problems/runtest.sh @@ -0,0 +1,137 @@ +#!/bin/bash +# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +# Description: semanage accepts invalid port numbers and then cannot delete them +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" +PORT_NAME="ldap_port_t" +BAD_PORT_NUMBER="123456" +GOOD_PORT_NUMBER="1389" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "rpm -qf /usr/sbin/semanage" + rlRun "rpm -qf /usr/bin/seinfo" + OUTPUT_FILE=`mktemp` + rlRun "setenforce 1" + rlRun "sestatus" + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage port -l | grep ${PORT_NAME}" + + rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}" + rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1 + rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}" + rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1 + rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}" + #rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'" + + rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1 + rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}" + rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" + rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}" + rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1 + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1 + rlRun "semanage port -l | grep syslogd_port_t" + rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1 + rlPhaseEnd + + if rlIsRHEL ; then + rlPhaseStartTest + rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\"" + if rlIsRHEL 5 6; then + PORT_TYPE="syslogd_port_t" + else + PORT_TYPE="commplex_link_port_t" + fi + + # adding a port number to a type + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005" + sleep 2 + + # Check for user_avc + rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1 + LINE_COUNT=`wc -l < ${OUTPUT_FILE}` + rlRun "cat ${OUTPUT_FILE}" + rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT} + + # deleting a port number from a type + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005" + sleep 2 + + # Check for user_avc + rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1 + LINE_COUNT=`wc -l < ${OUTPUT_FILE}` + rlRun "cat ${OUTPUT_FILE}" + rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT} + rlPhaseEnd + fi + + if ! rlIsRHEL 5 ; then + rlPhaseStartTest + rlRun "seinfo --portcon | grep :hi_reserved_port_t:" + rlRun "seinfo --portcon | grep :reserved_port_t:" + rlRun "semanage port -l | grep ^hi_reserved_port_t" + rlRun "semanage port -l | grep ^reserved_port_t" + if ! rlIsRHEL 6 ; then + rlRun "seinfo --portcon | grep :unreserved_port_t:" + rlRun "semanage port -l | grep ^unreserved_port_t" + fi + rlPhaseEnd + fi + + rlPhaseStartTest "manipulation with hard-wired ports" + rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'" + rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i + rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i + rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'" + rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i + rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i + rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'" + rlPhaseEnd + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-user/Makefile b/tests/semanage-user/Makefile new file mode 100644 index 0000000..5ab248d --- /dev/null +++ b/tests/semanage-user/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-user +# Description: Does semanage user ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-user +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + test -x runtest.sh || chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does semanage user ... work correctly?" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-devel selinux-policy-minimum selinux-policy-mls selinux-policy-targeted selinux-policy-devel" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-user/PURPOSE b/tests/semanage-user/PURPOSE new file mode 100644 index 0000000..8089db8 --- /dev/null +++ b/tests/semanage-user/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-user +Description: Does semanage user ... work correctly? +Author: Milos Malik + diff --git a/tests/semanage-user/runtest.sh b/tests/semanage-user/runtest.sh new file mode 100755 index 0000000..b2413fb --- /dev/null +++ b/tests/semanage-user/runtest.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-user +# Description: Does semanage user ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "make -f /usr/share/selinux/devel/Makefile" + rlRun "ls -l testpolicy.pp" + rlPhaseEnd + + rlPhaseStartTest + if rlIsRHEL 5 6; then + rlRun "semanage user --help" 1 + else + rlRun "semanage user --help" 0 + # semanage: list option can not be used with --level ("semanage user -l") + rlRun "semanage user --help | grep fcontext" 1 + fi + for POLICY_TYPE in minimum mls targeted ; do + if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then + continue + fi + rlRun "semanage user -l -S ${POLICY_TYPE}" + done + if ! rlIsRHEL 5; then + rlRun "semanage user -l -S unknown 2>&1 | grep \"store cannot be accessed\"" + fi + rlRun "semanage user -a -P user -R xyz_r xyz_u 2>&1 | grep -i -e 'undefined' -e 'error' -e 'could not'" + rlRun "semanage user -m xyz_u" 1 + rlRun "semanage user -d xyz_u" 1 + rlRun "semodule -i testpolicy.pp" + rlRun "semanage user -a -P user -R xyz_r xyz_u" + rlRun "semanage user -m -r s0 xyz_u" + rlRun "semanage user -l | grep \"xyz_u.*s0.*s0.*xyz_r\"" + rlRun "semanage user -d xyz_u" + rlRun "semanage user -l | grep xyz_u" 1 + rlRun "semodule -r testpolicy" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "rm -rf tmp testpolicy.{fc,if,pp}" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-user/testpolicy.te b/tests/semanage-user/testpolicy.te new file mode 100644 index 0000000..b854bef --- /dev/null +++ b/tests/semanage-user/testpolicy.te @@ -0,0 +1,11 @@ +module testpolicy 1.0; + +type xyz_t; +role xyz_r; + +require { + type xyz_t; +} + +role xyz_r types xyz_t; + diff --git a/tests/sepolicy-generate/Makefile b/tests/sepolicy-generate/Makefile new file mode 100644 index 0000000..9e1a9b7 --- /dev/null +++ b/tests/sepolicy-generate/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/sepolicy-generate +# Description: sepolicy generate sanity test +# Author: Michal Trunecka +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/sepolicy-generate +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Michal Trunecka " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: sepolicy generate sanity test" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 115m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-devel rpm-build" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL5 -RHEL6" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/sepolicy-generate/PURPOSE b/tests/sepolicy-generate/PURPOSE new file mode 100644 index 0000000..a069ff2 --- /dev/null +++ b/tests/sepolicy-generate/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/sepolicy-generate +Description: sepolicy generate sanity test +Author: Michal Trunecka diff --git a/tests/sepolicy-generate/runtest.sh b/tests/sepolicy-generate/runtest.sh new file mode 100755 index 0000000..5da10b8 --- /dev/null +++ b/tests/sepolicy-generate/runtest.sh @@ -0,0 +1,115 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate +# Description: sepolicy generate sanity test +# Author: Michal Trunecka +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlRun "rlCheckRequirements ${PACKAGES[*]}" || rlDie "cannot continue" + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest + rlRun "mkdir mypolicy" + rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home" + rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te" + rlRun "rm -rf mypolicy" + rlPhaseEnd + + rlPhaseStartTest + rlRun "mkdir mypolicy" + rlRun "touch /usr/bin/testpolicy" + for VARIANT in " -n testpolicy --admin_user -r webadm_r" \ + " --application /usr/bin/testpolicy " \ + " -n testpolicy --confined_admin -a firewalld " \ + " -n testpolicy --confined_admin " \ + " -n testpolicy --customize -d httpd_t -a firewalld " \ + " -n testpolicy --customize -d httpd_t" \ + " --dbus /usr/bin/testpolicy " \ + " -n testpolicy --desktop_user " \ + " --inetd /usr/bin/testpolicy " \ + " --init /usr/bin/testpolicy " \ + " -n testpolicy --newtype -t newtype_var_log_t " \ + " -n testpolicy --newtype -t newtype_unit_file_t " \ + " -n testpolicy --newtype -t newtype_var_run_t " \ + " -n testpolicy --newtype -t newtype_var_cache_t " \ + " -n testpolicy --newtype -t newtype_tmp_t " \ + " -n testpolicy --newtype -t newtype_port_t " \ + " -n testpolicy --newtype -t newtype_var_spool_t " \ + " -n testpolicy --newtype -t newtype_var_lib_t " \ + " -n testpolicy --sandbox " \ + " -n testpolicy --term_user " \ + " -n testpolicy --x_user " +# " --cgi /usr/bin/testpolicy " + do + rlRun "sepolicy generate -p mypolicy $VARIANT" + rlRun "cat mypolicy/testpolicy.te" + rlRun "cat mypolicy/testpolicy.if" + rlRun "cat mypolicy/testpolicy.fc" + if echo "$VARIANT" | grep -q newtype; then + rlAssertNotExists "mypolicy/testpolicy.sh" + rlAssertNotExists "mypolicy/testpolicy.spec" + else + rlRun "mypolicy/testpolicy.sh" + rlRun "semodule -l | grep testpolicy" + rlRun "semanage user -d testpolicy_u" 0-255 + rlRun "semodule -r testpolicy" + fi + + rlRun "rm -rf mypolicy/*" + rlRun "sleep 1" + + if ! echo "$VARIANT" | grep -q newtype; then + rlRun "sepolicy generate -p mypolicy -w /home $VARIANT" + rlRun "cat mypolicy/testpolicy.te" + rlRun "cat mypolicy/testpolicy.if" + rlRun "cat mypolicy/testpolicy.fc" + + rlRun "mypolicy/testpolicy.sh" + rlRun "semodule -l | grep testpolicy" + rlRun "semanage user -d testpolicy_u" 0-255 + rlRun "semodule -r testpolicy" + + rlRun "rm -rf mypolicy/*" + rlRun "sleep 1" + fi + done + rlRun "rm -rf mypolicy" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/sestatus/Makefile b/tests/sestatus/Makefile new file mode 100644 index 0000000..e45db0d --- /dev/null +++ b/tests/sestatus/Makefile @@ -0,0 +1,67 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/sestatus +# Description: tests everything about sestatus +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/sestatus +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: tests everything about sestatus" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: man" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/sestatus/PURPOSE b/tests/sestatus/PURPOSE new file mode 100644 index 0000000..cacee0f --- /dev/null +++ b/tests/sestatus/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/sestatus +Description: tests everything about sestatus +Author: Milos Malik + diff --git a/tests/sestatus/runtest.sh b/tests/sestatus/runtest.sh new file mode 100644 index 0000000..b91b948 --- /dev/null +++ b/tests/sestatus/runtest.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/sestatus +# Description: tests everything about sestatus +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" +if rlIsRHEL 5 6 ; then + SELINUX_FS_MOUNT="/selinux" +else # RHEL-7 and above + SELINUX_FS_MOUNT="/sys/fs/selinux" +fi + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlFileBackup /etc/sestatus.conf + rlRun "mount | grep -i selinux" 0,1 + OUTPUT_FILE=`mktemp` + rlPhaseEnd + + rlPhaseStartTest "basic use" + rlRun "sestatus" + rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "policy booleans" ${OUTPUT_FILE} -i + rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "process contexts" ${OUTPUT_FILE} -i + rlAssertGrep "file contexts" ${OUTPUT_FILE} -i + rlAssertGrep "current context" ${OUTPUT_FILE} -i + rlAssertGrep "init context" ${OUTPUT_FILE} -i + rlAssertGrep "controlling term" ${OUTPUT_FILE} -i + rlRun "sestatus --xyz 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "invalid option" ${OUTPUT_FILE} -i + rlPhaseEnd + + rlPhaseStartTest "extreme cases" + # pretend that the config file contains an invalid section + rlRun "sed -i 's/files/xyz/' /etc/sestatus.conf" + rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "line not in a section" ${OUTPUT_FILE} -i + rlRun "rm -f /etc/sestatus.conf" + rlRun "mkdir /etc/sestatus.conf" # intentionally replaced a file with a directory + rlRun "sestatus -v" + # pretend that the config file is missing + rlRun "rm -rf /etc/sestatus.conf" + for OPTION in "-bv" "-v" ; do + rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "unable to open /etc/sestatus.conf" ${OUTPUT_FILE} -i + done + rlFileRestore + # pretend that SELinux is disabled + rlRun "umount ${SELINUX_FS_MOUNT}" + for OPTION in "" "-b" "-v" "-bv" ; do + rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i + done + rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + # pretend that no booleans are defined + rlRun "mkdir ./booleans" + rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans" + rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}" + rlRun "umount ${SELINUX_FS_MOUNT}/booleans" + rlAssertNotGrep "booleans" ${OUTPUT_FILE} -i + rlRun "rmdir ./booleans" + rlPhaseEnd + + # This bug is not worth fixing in RHEL-5 + if ! rlIsRHEL 5 ; then + rlPhaseStartTest + rlRun "rpm -ql ${PACKAGE} | grep /usr/sbin/sestatus" + rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/man8/sestatus.8" + for OPTION in b v ; do + rlRun "sestatus --help 2>&1 | grep -- -${OPTION}" + rlRun "man sestatus | col -b | grep -- -${OPTION}" + done + if ! rlIsRHEL 6 ; then + rlRun "man -w sestatus.conf" + fi + rlPhaseEnd + fi + + rlPhaseStartCleanup + rlFileRestore + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/setsebool/Makefile b/tests/setsebool/Makefile new file mode 100644 index 0000000..0730993 --- /dev/null +++ b/tests/setsebool/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/setsebool +# Description: does setsebool work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/setsebool +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: does setsebool work correctly ?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 45m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: audit policycoreutils libselinux-utils shadow-utils grep" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/setsebool/PURPOSE b/tests/setsebool/PURPOSE new file mode 100644 index 0000000..07ce0bf --- /dev/null +++ b/tests/setsebool/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/setsebool +Author: Milos Malik + +Does setsebool work as expected? Does it produce correct audit messages? + diff --git a/tests/setsebool/runtest.sh b/tests/setsebool/runtest.sh new file mode 100755 index 0000000..04040d1 --- /dev/null +++ b/tests/setsebool/runtest.sh @@ -0,0 +1,151 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/setsebool +# Description: does setsebool work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" +USER_NAME="user${RANDOM}" +USER_SECRET="s3kr3t${RANDOM}" +BOOLEAN="ftpd_connect_db" +if rlIsRHEL 5 6 ; then + SELINUX_FS_MOUNT="/selinux" +else # RHEL-7 and above + SELINUX_FS_MOUNT="/sys/fs/selinux" +fi + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + OUTPUT_FILE=`mktemp` + chcon -t tmp_t ${OUTPUT_FILE} + + rlRun "useradd ${USER_NAME}" + rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}" + rlPhaseEnd + + rlPhaseStartTest + for OPTION in "" "-P" ; do + for OPERATOR in " " "=" ; do + for VALUE in 0 1 false true off on ; do + rlRun "setsebool ${OPTION} ${BOOLEAN}${OPERATOR}${VALUE} | grep -i -e illegal -e usage -e invalid" 1 + if [ ${VALUE} == "0" -o ${VALUE} == "false" ] ; then + SHOWN_VALUE="off" + elif [ ${VALUE} == "1" -o ${VALUE} == "true" ] ; then + SHOWN_VALUE="on" + else + SHOWN_VALUE=${VALUE} + fi + rlRun "getsebool -a | grep \"^${BOOLEAN}.*${SHOWN_VALUE}\"" + done + done + done + rlPhaseEnd + + rlPhaseStartTest + rlRun "setsebool" 1 + rlRun "setsebool xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\"" + rlRun "setsebool xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + rlRun "setsebool xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + if ! rlIsRHEL 5 6 ; then + rlRun "setsebool -N 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\"" + rlRun "setsebool -P 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\"" + fi + rlRun "setsebool -P xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\"" + rlRun "setsebool -P xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + rlRun "setsebool -P xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + rlPhaseEnd + + if ! rlIsRHEL 5 6 ; then + rlPhaseStartTest + rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlPhaseEnd + + rlPhaseStartTest + for OPTION in "" "-P" ; do + rlRun "getsebool allow_ypbind | grep nis_enabled" + rlRun "setsebool ${OPTION} allow_ypbind on" + rlRun "getsebool allow_ypbind | grep \"nis_enabled.*on\"" + rlRun "setsebool ${OPTION} allow_ypbind off" + rlRun "getsebool allow_ypbind | grep \"nis_enabled.*off\"" + done + rlPhaseEnd + + rlPhaseStartTest + # https://fedoraproject.org/wiki/Features/SELinuxBooleansRename + for LINE in `cat /etc/selinux/*/booleans.subs_dist | sort | uniq | tr -s ' ' | tr ' ' ':'` ; do + OLD_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 1` + NEW_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 2` + rlRun "getsebool ${OLD_BOOLEAN_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlRun "getsebool ${NEW_BOOLEAN_NAME} 2>&1 | tee -a ${OUTPUT_FILE}" + rlRun "uniq -c ${OUTPUT_FILE} | grep '2 '" + done + rlPhaseEnd + fi + + rlPhaseStartTest "audit messages" + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "setsebool ${BOOLEAN} on" + rlRun "setsebool ${BOOLEAN} off" + rlRun "setsebool ${BOOLEAN} on" + sleep 1 + rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=1 old_val=0\"" + rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=0 old_val=1\"" + if rlIsRHEL ; then + rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=SYSCALL.*comm=setsebool\"" + fi + rlPhaseEnd + + rlPhaseStartTest "extreme cases" + # pretend that no booleans are defined + rlRun "mkdir ./booleans" + rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans" + rlRun "setsebool ${BOOLEAN} on 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i + rlRun "setsebool ${BOOLEAN} off 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i + rlRun "umount ${SELINUX_FS_MOUNT}/booleans" + rlRun "rmdir ./booleans" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "userdel -rf ${USER_NAME}" + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..4f475f9 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,45 @@ +--- +# Tests to run in a classic environment +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - CIL-modules-without-compilation + - semanage-interface + - semanage-login + - semanage-permissive-d-problems + - semanage-port-add-delete-problems + - semanage-user + - sestatus + required_packages: + - policycoreutils # Required by all tests + - policycoreutils-devel # Required by sepolicy-generate + - rpm-build # Required by sepolicy-generate + - policycoreutils-python-utils # Required by semanage tests + - grep # Required by semanage tests + - selinux-policy-minimum # Required by semanage tests + - selinux-policy-mls # Required by semanage tests + - selinux-policy-targeted # Required by semanage tests + - shadow-utils # Required by semanage tests + - selinux-policy-devel # Required by semanage tests + - coreutils # Required by semanage tests + - man # Required by semanage tests + - setools-console # Required by semanage tests + - libselinux # Required by semanage tests + - libselinux-utils # Required by semanage tests + - audit # Required by audit test + - e2fsprogs # Required by restorecon test + +# Tests for atomic host +- hosts: localhost + tags: + - atomic + # no compatible tests + +# Tests for docker container +- hosts: localhost + tags: + - container + # no compatible tests