Compare commits
13 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
9d9055ab45 | ||
|
90862d2288 | ||
|
f17067d7dd | ||
|
3a4bb1fb80 | ||
|
480e112958 | ||
|
174ae6acbb | ||
|
83644b8707 | ||
|
a7f12f35a5 | ||
|
d2208a6657 | ||
|
cd8e1cd91a | ||
|
93414c1c4f | ||
|
c83a9507f0 | ||
|
dfbde08bc9 |
@ -1,3 +1,35 @@
|
||||
diff --git policycoreutils-2.7/load_policy/load_policy.8 policycoreutils-2.7/load_policy/load_policy.8
|
||||
index 5f5550d..0810995 100644
|
||||
--- policycoreutils-2.7/load_policy/load_policy.8
|
||||
+++ policycoreutils-2.7/load_policy/load_policy.8
|
||||
@@ -39,4 +39,4 @@ Initial policy load failed and enforcing mode requested
|
||||
.SH AUTHORS
|
||||
.nf
|
||||
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||||
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
|
||||
diff --git policycoreutils-2.7/newrole/hashtab.c policycoreutils-2.7/newrole/hashtab.c
|
||||
index 77ed143..24c65c4 100644
|
||||
--- policycoreutils-2.7/newrole/hashtab.c
|
||||
+++ policycoreutils-2.7/newrole/hashtab.c
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
||||
|
||||
/* FLASK */
|
||||
|
||||
diff --git policycoreutils-2.7/newrole/hashtab.h policycoreutils-2.7/newrole/hashtab.h
|
||||
index 9f737df..3790f0a 100644
|
||||
--- policycoreutils-2.7/newrole/hashtab.h
|
||||
+++ policycoreutils-2.7/newrole/hashtab.h
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
||||
|
||||
/* FLASK */
|
||||
|
||||
diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles
|
||||
index 1aa330f..7ec0396 100755
|
||||
--- policycoreutils-2.7/scripts/fixfiles
|
||||
@ -10,3 +42,16 @@ index 1aa330f..7ec0396 100755
|
||||
FORCEFLAG=""
|
||||
RPMFILES=""
|
||||
PREFC=""
|
||||
diff --git policycoreutils-2.7/setfiles/setfiles.8 policycoreutils-2.7/setfiles/setfiles.8
|
||||
index 9501845..ccaaf4d 100644
|
||||
--- policycoreutils-2.7/setfiles/setfiles.8
|
||||
+++ policycoreutils-2.7/setfiles/setfiles.8
|
||||
@@ -255,7 +255,7 @@ being updated provided there are no errors.
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Russell Coker <russell@coker.com.au>.
|
||||
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>
|
||||
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR restorecon (8),
|
||||
|
@ -1,7 +1,7 @@
|
||||
%global libauditver 2.1.3-4
|
||||
%global libsepolver 2.7-1
|
||||
%global libsemanagever 2.7-1
|
||||
%global libselinuxver 2.7-1
|
||||
%global libsepolver 2.7-2
|
||||
%global libsemanagever 2.7-2
|
||||
%global libselinuxver 2.7-3
|
||||
%global sepolgenver 2.7
|
||||
|
||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||
@ -9,7 +9,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.7
|
||||
Release: 1%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
@ -31,8 +31,10 @@ Source18: selinux-autorelabel.target
|
||||
Source19: selinux-autorelabel-generator.sh
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh policycoreutils
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/e4948158eef0365be17274825513dc824c5592e2
|
||||
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
||||
# BRANCH=f27 VERSION=2.7 ./make-fedora-selinux-patch.sh $i
|
||||
# done
|
||||
Patch: policycoreutils-fedora.patch
|
||||
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh selinux-python
|
||||
Patch1: selinux-python-fedora.patch
|
||||
@ -40,7 +42,7 @@ Patch2: selinux-gui-fedora.patch
|
||||
Patch3: selinux-sandbox-fedora.patch
|
||||
Patch4: selinux-dbus-fedora.patch
|
||||
# Patch5: semodule-utils-fedora.patch
|
||||
# Patch6: restorecond
|
||||
Patch6: restorecond-fedora.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
||||
@ -185,6 +187,8 @@ sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' \
|
||||
%{buildroot}%{_bindir}/audit2why \
|
||||
%{buildroot}%{_bindir}/sepolicy \
|
||||
%{buildroot}%{_bindir}/sepolgen{,-ifgen} \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/polgengui.py \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
|
||||
%nil
|
||||
|
||||
@ -244,7 +248,7 @@ Requires:libsemanage-python3 >= %{libsemanagever} libselinux-python3 libcgroup
|
||||
Requires:audit-libs-python3 >= %{libauditver}
|
||||
Requires: python3-IPy
|
||||
Requires: checkpolicy
|
||||
Requires: setools-python3
|
||||
Requires: setools-python3 >= 4.1.1
|
||||
|
||||
%description python3
|
||||
The policycoreutils-python3 package contains the interfaces that can be used
|
||||
@ -254,6 +258,7 @@ by python 3 in an SELinux environment.
|
||||
%{python3_sitearch}/seobject.py*
|
||||
%{python3_sitearch}/__pycache__
|
||||
%{python3_sitearch}/sepolgen
|
||||
%dir %{python3_sitelib}/sepolicy
|
||||
%{python3_sitelib}/sepolicy/templates
|
||||
%dir %{python3_sitelib}/sepolicy/help
|
||||
%{python3_sitelib}/sepolicy/help/*
|
||||
@ -278,7 +283,7 @@ Requires:audit-libs-python >= %{libauditver}
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Requires: python-IPy
|
||||
Requires: checkpolicy
|
||||
Requires: setools-python
|
||||
Requires: setools-python >= 4.1.1
|
||||
|
||||
%description python
|
||||
The policycoreutils-python package contains the management tools use to manage
|
||||
@ -287,6 +292,7 @@ an SELinux environment.
|
||||
%files python
|
||||
%{python_sitearch}/seobject.py*
|
||||
%{python_sitearch}/sepolgen
|
||||
%dir %{python_sitelib}/sepolicy
|
||||
%{python_sitelib}/sepolicy/templates
|
||||
%{python_sitelib}/sepolicy/__init__.py*
|
||||
%{python_sitelib}/sepolicy/booleans.py*
|
||||
@ -375,11 +381,9 @@ or level of a logged in user.
|
||||
%package gui
|
||||
Summary: SELinux configuration GUI
|
||||
Group: System Environment/Base
|
||||
Requires: policycoreutils-devel = %{version}-%{release}, policycoreutils-python = %{version}-%{release}
|
||||
Requires: gnome-python2 gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
||||
Requires: usermode-gtk
|
||||
Requires: python >= 2.6
|
||||
Requires: policycoreutils-devel = %{version}-%{release}, policycoreutils-python3 = %{version}-%{release}
|
||||
Requires: policycoreutils-dbus = %{version}-%{release}
|
||||
Requires: gtk3, python3-gobject
|
||||
BuildRequires: desktop-file-utils
|
||||
|
||||
%description gui
|
||||
@ -399,7 +403,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
||||
%{_datadir}/system-config-selinux/html_util.py*
|
||||
%{_datadir}/system-config-selinux/polgengui.py*
|
||||
%{_datadir}/system-config-selinux/system-config-selinux.py*
|
||||
%{_datadir}/system-config-selinux/*.glade
|
||||
%{_datadir}/system-config-selinux/*.ui
|
||||
%{python_sitelib}/sepolicy/gui.py*
|
||||
%{python_sitelib}/sepolicy/sepolicy.glade
|
||||
%dir %{python_sitelib}/sepolicy/help
|
||||
@ -498,6 +502,49 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Fri Mar 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
|
||||
- sepolicy: Initialize policy.ports as a dict in generate.py
|
||||
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
|
||||
- Minor update for bash completion
|
||||
- semodule_package: fix semodule_unpackage man page (#1334834)
|
||||
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
|
||||
- gui/fcontextPage: Set default object class in addDialog
|
||||
- semanage/seobject.py: Fix undefined store check (#1559174)
|
||||
|
||||
* Wed Feb 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
|
||||
- Rewrite selinux-polgengui to use Gtk3
|
||||
- Drop python2 and gnome-python2 from gui Requires
|
||||
|
||||
* Wed Dec 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
|
||||
- semanage: bring semanageRecords.set_reload back to seobject.py (#1527745)
|
||||
|
||||
* Thu Dec 14 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-3
|
||||
- Own %%{pythonX_sitelib}/site-packages/sepolicy directories (#1522942)
|
||||
|
||||
* Fri Nov 24 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2
|
||||
- sepolicy: Fix sepolicy manpage.
|
||||
- semanage: Update Infiniband code to work on python3
|
||||
- semanage: Fix export of ibendport entries
|
||||
- semanage: Enforce noreload only if it's requested by -N option
|
||||
- semanage: Don't use global setup variable
|
||||
- semanage: drop *_ini functions
|
||||
- semanage: Enable listing file_contexts.homedirs
|
||||
- semanage: make seobject.py backward compatible
|
||||
- gui: remove mappingsPage
|
||||
- gui: delete overridden definition of usersPage.delete()
|
||||
- gui: fix parsing of "semodule -lfull" in tab Modules
|
||||
- gui: remove the status bar
|
||||
- sepolicy: support non-MLS policy in gui
|
||||
- sepolicy: ignore comments and empty lines in file_contexts.subs_dist
|
||||
- gui: port to Python 3 by migrating to PyGI
|
||||
- sepolicy: do not fail when file_contexts.local or .subs do not exist
|
||||
- restorecond: check write() and daemon() results
|
||||
- sepolicy: remove stray space in section "SEE ALSO"
|
||||
- sepolicy: support non-MCS policy in manpage
|
||||
- sepolicy: support non-MLS policy in manpage
|
||||
- sepolicy: fix misspelling of _ra_content_t suffix
|
||||
- sepolicy: do not fail when file_contexts.local does not exist
|
||||
|
||||
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
|
||||
- Update to upstream release 2017-08-04
|
||||
- Move DBUS API from -gui to -dbus package
|
||||
|
29
restorecond-fedora.patch
Normal file
29
restorecond-fedora.patch
Normal file
@ -0,0 +1,29 @@
|
||||
diff --git restorecond-2.7/restorecond.c restorecond-2.7/restorecond.c
|
||||
index f379db1..6fbbd35 100644
|
||||
--- restorecond-2.7/restorecond.c
|
||||
+++ restorecond-2.7/restorecond.c
|
||||
@@ -103,7 +103,10 @@ static int write_pid_file(void)
|
||||
pidfile = 0;
|
||||
return 1;
|
||||
}
|
||||
- (void)write(pidfd, val, (unsigned int)len);
|
||||
+ if (write(pidfd, val, (unsigned int)len) != len) {
|
||||
+ syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
|
||||
+ return 1;
|
||||
+ }
|
||||
close(pidfd);
|
||||
return 0;
|
||||
}
|
||||
@@ -204,8 +207,10 @@ int main(int argc, char **argv)
|
||||
watch_file = server_watch_file;
|
||||
read_config(master_fd, watch_file);
|
||||
|
||||
- if (!debug_mode)
|
||||
- daemon(0, 0);
|
||||
+ if (!debug_mode) {
|
||||
+ if (daemon(0, 0) < 0)
|
||||
+ exitApp("daemon");
|
||||
+ }
|
||||
|
||||
write_pid_file();
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
64
tests/CIL-modules-without-compilation/Makefile
Normal file
64
tests/CIL-modules-without-compilation/Makefile
Normal file
@ -0,0 +1,64 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||
# Description: What the test does
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: What the test does" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
5
tests/CIL-modules-without-compilation/PURPOSE
Normal file
5
tests/CIL-modules-without-compilation/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
Is it possible to manage policy modules written in CIL without any compilation? Does semanage and semodule understand them?
|
||||
|
73
tests/CIL-modules-without-compilation/runtest.sh
Executable file
73
tests/CIL-modules-without-compilation/runtest.sh
Executable file
@ -0,0 +1,73 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
|
||||
# Description: What the test does
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlRun "echo '()' > empty.cil"
|
||||
rlRun "echo '(())' > invalid.cil"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "empty CIL module"
|
||||
rlRun "semodule -lfull | grep '400.*empty.*cil'" 1
|
||||
rlRun "semodule -i empty.cil"
|
||||
rlRun "semodule -lfull | grep '400.*empty.*cil'"
|
||||
rlRun "semodule -r empty"
|
||||
rlRun "semodule -lfull | grep '400.*empty.*cil'" 1
|
||||
rlRun "semanage module -l | grep 'empty.*400.*cil'" 1
|
||||
rlRun "semanage module -a empty.cil"
|
||||
rlRun "semanage module -l | grep 'empty.*400.*cil'"
|
||||
rlRun "semanage module -r empty"
|
||||
rlRun "semanage module -l | grep 'empty.*400.*cil'" 1
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "invalid CIL module"
|
||||
rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
|
||||
rlRun "semodule -i invalid.cil" 1
|
||||
rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
|
||||
rlRun "semodule -r invalid" 1
|
||||
rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
|
||||
rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
|
||||
rlRun "semanage module -a invalid.cil" 1
|
||||
rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
|
||||
rlRun "semanage module -r invalid" 1
|
||||
rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm -f empty.cil invalid.cil"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
63
tests/linux-system-roles.selinux-tests/Makefile
Normal file
63
tests/linux-system-roles.selinux-tests/Makefile
Normal file
@ -0,0 +1,63 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of selinux-ansible-playbook
|
||||
# Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests
|
||||
# Author: Petr Lautrbach <plautrba@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2018 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=linux-system-roles.selinux-tests
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 10m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils ansible git" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
4
tests/linux-system-roles.selinux-tests/PURPOSE
Normal file
4
tests/linux-system-roles.selinux-tests/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
||||
PURPOSE of selinux-ansible-playbook
|
||||
Author: Petr Lautrbach <plautrba@redhat.com>
|
||||
|
||||
Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests
|
57
tests/linux-system-roles.selinux-tests/runtest.sh
Executable file
57
tests/linux-system-roles.selinux-tests/runtest.sh
Executable file
@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests
|
||||
# Author: Petr Lautrbach <plautrba@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2018 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlAssertRpm "git"
|
||||
rlAssertRpm "ansible"
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "git clone https://github.com/linux-system-roles/selinux.git"
|
||||
rlRun "cd selinux/test"
|
||||
|
||||
for ansible_test in test_*.yml; do
|
||||
rlRun "ansible-playbook -i localhost, -c local -v $ansible_test"
|
||||
done
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "cd ../../"
|
||||
rlRun "rm -rf selinux"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
64
tests/load_policy/Makefile
Normal file
64
tests/load_policy/Makefile
Normal file
@ -0,0 +1,64 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Sanity/load_policy
|
||||
# Description: Does load_policy work as expected? Does it produce correct audit messages?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Sanity/load_policy
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Does load_policy work as expected? Does it produce correct audit messages?" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: audit policycoreutils selinux-policy-targeted" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
5
tests/load_policy/PURPOSE
Normal file
5
tests/load_policy/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Sanity/load_policy
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
Does load_policy work as expected? Does it produce correct audit messages?
|
||||
|
79
tests/load_policy/runtest.sh
Executable file
79
tests/load_policy/runtest.sh
Executable file
@ -0,0 +1,79 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Sanity/load_policy
|
||||
# Description: Does load_policy work as expected? Does it produce correct audit messages?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
if rlIsRHEL 6 ; then
|
||||
SELINUX_FS_MOUNT="/selinux"
|
||||
else # RHEL-7 and above
|
||||
SELINUX_FS_MOUNT="/sys/fs/selinux"
|
||||
fi
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlRun "ls -l `which load_policy`"
|
||||
BINARY_POLICY=`find /etc/selinux/targeted -type f -name policy.?? | sort -n | tail -n 1`
|
||||
rlRun "ls -l ${BINARY_POLICY}"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "load_policy --xyz 2>&1 | grep \"invalid option\""
|
||||
rlRun "dmesg | grep -i selinux" 0,1
|
||||
rlRun "grep -i selinux /proc/mounts"
|
||||
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||
sleep 1
|
||||
rlRun "load_policy -q"
|
||||
rlRun "grep -i selinux /proc/mounts"
|
||||
sleep 1
|
||||
if rlIsRHEL ; then
|
||||
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy"
|
||||
fi
|
||||
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'"
|
||||
rlRun "umount ${SELINUX_FS_MOUNT}"
|
||||
rlRun "grep -i selinux /proc/mounts" 1
|
||||
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||
sleep 1
|
||||
rlRun "load_policy -i ${BINARY_POLICY}"
|
||||
rlRun "grep -i selinux /proc/mounts"
|
||||
sleep 1
|
||||
if rlIsRHEL ; then
|
||||
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy"
|
||||
fi
|
||||
rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'"
|
||||
rlRun "dmesg | grep -i selinux"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
70
tests/restorecon/Makefile
Normal file
70
tests/restorecon/Makefile
Normal file
@ -0,0 +1,70 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Sanity/restorecon
|
||||
# Description: does restorecon work correctly ?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Sanity/restorecon
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te testpolicy.fc
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
chcon -t bin_t runtest.sh;:
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: does restorecon work correctly ?" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 15m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: grep" >> $(METADATA)
|
||||
@echo "Requires: e2fsprogs" >> $(METADATA)
|
||||
@echo "Requires: libselinux" >> $(METADATA)
|
||||
@echo "Requires: selinux-policy-devel" >> $(METADATA)
|
||||
@echo "Requires: libselinux-utils" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
5
tests/restorecon/PURPOSE
Normal file
5
tests/restorecon/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Sanity/restorecon
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
Does restorecon work correctly?
|
||||
|
367
tests/restorecon/runtest.sh
Executable file
367
tests/restorecon/runtest.sh
Executable file
@ -0,0 +1,367 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Sanity/restorecon
|
||||
# Description: does restorecon work correctly ?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include rhts environment
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/share/beakerlib/beakerlib.sh
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlServiceStop mcstrans mcstransd
|
||||
rlRun "rpm -qf `which restorecon` | grep ${PACKAGE}"
|
||||
rlRun "setenforce 1"
|
||||
rlRun "sestatus"
|
||||
rlRun "setsebool allow_domain_fd_use on"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Functional test"
|
||||
|
||||
TESTDIR="/opt/restorecon_testdir"
|
||||
DIRS="correct.dir incorrect1.dir incorrect2.dir customizable.dir"
|
||||
FILES="correct.file incorrect.file customizable.file"
|
||||
|
||||
rlRun "make -f /usr/share/selinux/devel/Makefile"
|
||||
rlRun "semodule -i testpolicy.pp"
|
||||
|
||||
rlFileBackup /etc/selinux/targeted/contexts/customizable_types
|
||||
rlRun "echo 'customizable_t' >> /etc/selinux/targeted/contexts/customizable_types"
|
||||
|
||||
# Here is the testing dirs and files structure
|
||||
# all the files have initial context corresponding to their names
|
||||
|
||||
# ./
|
||||
# correct.file
|
||||
# incorrect.file
|
||||
# customizable.file
|
||||
|
||||
# correct.dir/
|
||||
# correct.file
|
||||
# incorrect.file
|
||||
# customizable.file
|
||||
|
||||
# incorrect1.dir/
|
||||
# correct.file
|
||||
# incorrect.file
|
||||
# customizable.file
|
||||
|
||||
# incorrect2.dir/
|
||||
# correct.file
|
||||
# incorrect.file
|
||||
# customizable.file
|
||||
|
||||
# customizable.dir/
|
||||
# correct.file
|
||||
# incorrect.file
|
||||
# customizable.file
|
||||
|
||||
# Function to set initial contexts
|
||||
function set_contexts {
|
||||
# Set the intended contexts
|
||||
rlLog "Setting initial contexts of testing dirs..."
|
||||
restorecon -R $TESTDIR
|
||||
for ITEM in `find . -name 'incorrect*'`; do
|
||||
chcon -t incorrect_t $ITEM
|
||||
done
|
||||
for ITEM in `find . -name 'customizable*'`; do
|
||||
chcon -t customizable_t $ITEM
|
||||
done
|
||||
}
|
||||
|
||||
# Check that files in dir $1 have the initial contexts
|
||||
function check_initial_contexts {
|
||||
if echo $1 | grep -q 'incorrect.dir'; then
|
||||
rlRun "ls -ladZ $1 | grep :incorrect_t"
|
||||
elif echo $1 | grep -q 'correct.dir'; then
|
||||
rlRun "ls -ladZ $1 | grep :correct_t"
|
||||
elif echo $1 | grep -q 'customizable.dir'; then
|
||||
rlRun "ls -ladZ $1 | grep :customizable_t"
|
||||
fi
|
||||
rlRun "ls -ladZ $1/* | grep '\<correct.file' | grep ':correct_t'"
|
||||
rlRun "ls -ladZ $1/* | grep '\<incorrect.file' | grep ':incorrect_t'"
|
||||
rlRun "ls -ladZ $1/* | grep '\<customizable.file' | grep ':customizable_t'"
|
||||
}
|
||||
|
||||
# Check that files matching with $2 in dir $1 have context $3
|
||||
function check_contexts {
|
||||
COMMAND="find $1 -name '$2'"
|
||||
for ITEM in `eval $COMMAND`; do
|
||||
rlRun "ls -ladZ $ITEM | grep :$3";
|
||||
done
|
||||
}
|
||||
|
||||
# Create the testing dirs and files
|
||||
rlRun "mkdir -p $TESTDIR"
|
||||
rlRun "pushd $TESTDIR"
|
||||
rlRun "mkdir $DIRS"
|
||||
rlRun "touch $FILES"
|
||||
for DIR in $DIRS; do
|
||||
rlRun "pushd $DIR"
|
||||
rlRun "touch $FILES"
|
||||
rlRun "popd"
|
||||
done
|
||||
|
||||
set_contexts
|
||||
|
||||
echo
|
||||
rlLog "Checking initial contexts of testing dirs..."
|
||||
# Check the contexts are set properly
|
||||
check_initial_contexts '.'
|
||||
check_initial_contexts 'incorrect1.dir'
|
||||
check_initial_contexts 'incorrect2.dir'
|
||||
check_initial_contexts 'correct.dir'
|
||||
check_initial_contexts 'customizable.dir'
|
||||
check_contexts '.' 'incorrect*' 'incorrect_t'
|
||||
check_contexts '.' 'correct*' 'correct_t'
|
||||
check_contexts '.' 'customizable*' 'customizable_t'
|
||||
|
||||
# -e directory
|
||||
# exclude a directory (repeat the option to exclude more than one directory).
|
||||
|
||||
echo
|
||||
rlLog "-e directory"
|
||||
set_contexts
|
||||
rlRun "restorecon -RF -e $TESTDIR/incorrect2.dir $TESTDIR"
|
||||
for ITEM in `ls *.file`; do rlRun "ls -ladZ $ITEM | grep correct_t"; done
|
||||
check_contexts 'incorrect1.dir' '*' 'correct_t'
|
||||
check_contexts 'customizable.dir' '*' 'correct_t'
|
||||
check_initial_contexts 'incorrect2.dir'
|
||||
rlRun "ls -ladZ incorrect2.dir | grep incorrect_t"
|
||||
|
||||
# -f infilename
|
||||
# infilename contains a list of files to be processed. Use - for stdin.
|
||||
|
||||
echo
|
||||
rlLog "-f filename"
|
||||
set_contexts
|
||||
rlRun "cat > ../file_list <<EOF
|
||||
./customizable.file
|
||||
./customizable.dir
|
||||
./correct.dir/customizable.file
|
||||
./incorrect1.dir/customizable.file
|
||||
./incorrect2.dir/customizable.file
|
||||
./customizable.dir/customizable.file
|
||||
EOF"
|
||||
if rlIsRHEL 5; then chcon -t file_t ../file_list ;fi
|
||||
rlRun "restorecon -F -f ../file_list"
|
||||
check_contexts '.' 'incorrect*' 'incorrect_t'
|
||||
check_contexts '.' 'correct*' 'correct_t'
|
||||
check_contexts '.' 'customizable*' 'correct_t'
|
||||
rlRun "rm -f ../file_list"
|
||||
|
||||
|
||||
echo
|
||||
rlLog "-f - Input from stdin"
|
||||
set_contexts
|
||||
rlRun "echo -e 'incorrect2.dir\ncustomizable.file\nincorrect.file' | restorecon -f -"
|
||||
check_initial_contexts 'incorrect1.dir'
|
||||
check_initial_contexts 'correct.dir'
|
||||
check_initial_contexts 'customizable.dir'
|
||||
check_contexts 'incorrect2' '*' 'correct_t'
|
||||
rlRun "ls -ladZ customizable.file | grep customizable_t"
|
||||
rlRun "ls -ladZ incorrect.file | grep :correct_t"
|
||||
|
||||
# -F Force reset of context to match file_context for customizable files, and
|
||||
# the default file context, changing the user, role, range portion as well
|
||||
# as the type.
|
||||
|
||||
echo
|
||||
rlLog "-F Force reset of customizable types"
|
||||
set_contexts
|
||||
rlRun "restorecon -RF $TESTDIR"
|
||||
check_contexts '.' '*' 'correct_t'
|
||||
|
||||
# This feature is from RHEL6 further
|
||||
if ! rlIsRHEL; then
|
||||
echo
|
||||
rlLog "-F Force reset of the whole context"
|
||||
set_contexts
|
||||
chcon -u staff_u *.file
|
||||
rlRun "ls -laZ correct.file | grep staff_u"
|
||||
rlRun "ls -laZ incorrect.file | grep staff_u"
|
||||
rlRun "ls -laZ customizable.file | grep staff_u"
|
||||
rlRun "restorecon -R $TESTDIR"
|
||||
rlRun "ls -laZ correct.file | grep staff_u"
|
||||
rlRun "ls -laZ incorrect.file | grep staff_u"
|
||||
rlRun "ls -laZ customizable.file | grep staff_u"
|
||||
rlRun "restorecon -RF $TESTDIR"
|
||||
rlRun "ls -laZ correct.file | grep system_u"
|
||||
rlRun "ls -laZ incorrect.file | grep system_u"
|
||||
rlRun "ls -laZ customizable.file | grep system_u"
|
||||
fi
|
||||
|
||||
# -i ignore files that do not exist.
|
||||
|
||||
rlRun "restorecon non-existent-file" 1-255
|
||||
rlRun "restorecon -i non-existent-file"
|
||||
|
||||
# -n don't change any file labels (passive check).
|
||||
|
||||
echo
|
||||
rlLog "-n dry-run"
|
||||
set_contexts
|
||||
rlRun "restorecon -RF -n $TESTDIR"
|
||||
check_contexts '.' 'incorrect*' 'incorrect_t'
|
||||
check_contexts '.' 'correct*' 'correct_t'
|
||||
check_contexts '.' 'customizable*' 'customizable_t'
|
||||
|
||||
# -o outfilename
|
||||
# Deprecated, SELinux policy will probably block this access. Use shell
|
||||
# redirection to save list of files with incorrect context in filename.
|
||||
|
||||
# ----not tested yet
|
||||
|
||||
# -R, -r change files and directories file labels recursively (descend directo‐
|
||||
# ries).
|
||||
# Note: restorecon reports warnings on paths without default labels only
|
||||
# if called non-recursively or in verbose mode.
|
||||
|
||||
set_contexts
|
||||
rlRun "restorecon -R $TESTDIR"
|
||||
check_contexts '.' '*corr*' 'correct_t'
|
||||
check_contexts '.' 'customizable*' 'customizable_t'
|
||||
|
||||
# ...by default it does not operate recursively on directories
|
||||
|
||||
set_contexts
|
||||
rlRun "restorecon $TESTDIR"
|
||||
check_initial_contexts 'incorrect1.dir'
|
||||
check_initial_contexts 'incorrect2.dir'
|
||||
check_initial_contexts 'correct.dir'
|
||||
check_initial_contexts 'customizable.dir'
|
||||
rlRun "ls -ladZ customizable.file | grep customizable_t"
|
||||
rlRun "ls -ladZ incorrect.file | grep :incorrect_t"
|
||||
rlRun "ls -ladZ correct.file | grep :correct_t"
|
||||
|
||||
# -v show changes in file labels, if type or role are going to be changed.
|
||||
|
||||
# ----not tested yet
|
||||
|
||||
# -0 option is not present in RHEL5
|
||||
if ! rlIsRHEL 5; then
|
||||
# -0 the separator for the input items is assumed to be the null character
|
||||
# (instead of the white space). The quotes and the backslash characters
|
||||
# are also treated as normal characters that can form valid input. This
|
||||
# option finally also disables the end of file string, which is treated
|
||||
# like any other argument. Useful when input items might contain white
|
||||
# space, quote marks or backslashes. The -print0 option of GNU find pro‐
|
||||
# duces input suitable for this mode.
|
||||
|
||||
echo
|
||||
rlLog "-0"
|
||||
set_contexts
|
||||
rlRun "find . -print0 | restorecon -f - -0"
|
||||
check_contexts '.' '*corr*' 'correct_t'
|
||||
check_contexts '.' 'customizable*' 'customizable_t'
|
||||
|
||||
echo
|
||||
rlLog "-0 with -F"
|
||||
set_contexts
|
||||
rlRun "find . -print0 | restorecon -F -f - -0"
|
||||
check_contexts '.' '*' 'correct_t'
|
||||
|
||||
fi
|
||||
|
||||
# If a file object does not have a context, restorecon will write the default
|
||||
# context to the file object's extended attributes.
|
||||
|
||||
# ----not tested yet
|
||||
|
||||
|
||||
# Cleanup
|
||||
|
||||
rlRun "popd"
|
||||
rlRun "rm -rf /opt/restorecon_testdir"
|
||||
rlFileRestore
|
||||
rlRun "semodule -r testpolicy"
|
||||
rlPhaseEnd
|
||||
|
||||
# This is RFE from RHEL6 and further versions
|
||||
if ! rlIsRHEL 5;then
|
||||
rlPhaseStartTest
|
||||
# META-Fixed-In: policycoreutils-2.0.83-19.14.el6
|
||||
rlRun "pushd /root"
|
||||
rlRun "touch test-file"
|
||||
rlRun "mkdir test-dir"
|
||||
for ITEM in "test-file" "test-dir" ; do
|
||||
rlRun "chcon -u staff_u -t shadow_t -l s0:c1 ${ITEM}"
|
||||
rlRun "ls -dZ ${ITEM} | grep staff_u:object_r:shadow_t:s0:c1"
|
||||
rlRun "restorecon -v ${ITEM}" 0,1
|
||||
rlRun "ls -dZ ${ITEM} | grep staff_u:object_r:admin_home_t:s0:c1"
|
||||
rlRun "restorecon -F -v ${ITEM}" 0,1
|
||||
rlRun "ls -dZ ${ITEM} | grep system_u:object_r:admin_home_t:s0"
|
||||
done
|
||||
rlRun "rm -rf test-dir"
|
||||
rlRun "rm -f test-file"
|
||||
rlRun "popd"
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartTest
|
||||
# META-Fixed-In: policycoreutils-2.0.83-19.16.el6
|
||||
rlRun "pushd /root"
|
||||
rlRun "touch test-file"
|
||||
rlRun "mkdir test-dir"
|
||||
for ITEM in "test-file" "test-dir" ; do
|
||||
rlRun "chcon -t tmp_t ${ITEM}"
|
||||
rlRun "ls -dZ ${ITEM}"
|
||||
rlRun "chattr +i ${ITEM}"
|
||||
rlRun "restorecon -v ${ITEM}" 1-255
|
||||
rlRun "chattr -i ${ITEM}"
|
||||
rlRun "ls -dZ ${ITEM}"
|
||||
rlRun "restorecon -v ${ITEM}"
|
||||
rlRun "ls -dZ ${ITEM}"
|
||||
done
|
||||
rlRun "rm -rf test-dir"
|
||||
rlRun "rm -f test-file"
|
||||
rlRun "popd"
|
||||
rlPhaseEnd
|
||||
|
||||
# The bug was closed as NEXTRELEASE for RHEL5
|
||||
if ! rlIsRHEL 5; then
|
||||
rlPhaseStartTest
|
||||
rlRun "touch ~/test-file"
|
||||
rlRun "restorecon -vF ~/test-file"
|
||||
rlRun "restorecon -vF ~/test-file | grep \"reset.*context\"" 1
|
||||
rlRun "rm -f ~/test-file"
|
||||
|
||||
rlRun "mkdir ~/test-dir"
|
||||
rlRun "restorecon -vF ~/test-dir"
|
||||
rlRun "restorecon -vF ~/test-dir | grep \"reset.*context\"" 1
|
||||
rlRun "rm -rf ~/test-dir"
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlServiceRestore mcstrans mcstransd
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
2
tests/restorecon/testpolicy.fc
Normal file
2
tests/restorecon/testpolicy.fc
Normal file
@ -0,0 +1,2 @@
|
||||
/opt/restorecon_testdir(/.*)? system_u:object_r:correct_t:s0
|
||||
|
19
tests/restorecon/testpolicy.te
Normal file
19
tests/restorecon/testpolicy.te
Normal file
@ -0,0 +1,19 @@
|
||||
policy_module(testpolicy, 1.0)
|
||||
|
||||
require {
|
||||
attribute domain;
|
||||
type fs_t;
|
||||
}
|
||||
|
||||
type correct_t;
|
||||
files_type(correct_t)
|
||||
type incorrect_t;
|
||||
files_type(incorrect_t)
|
||||
type customizable_t;
|
||||
files_type(customizable_t)
|
||||
|
||||
|
||||
#allow domain correct_t:dir relabelto;
|
||||
#allow correct_t fs_t:filesystem associate;
|
||||
|
||||
|
65
tests/semanage-interface/Makefile
Normal file
65
tests/semanage-interface/Makefile
Normal file
@ -0,0 +1,65 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Regression/semanage-interface
|
||||
# Description: Does semanage interface ... work correctly?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Regression/semanage-interface
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
test -x runtest.sh || chcon -t bin_t runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Does semanage interface ... work correctly?" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 20m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
4
tests/semanage-interface/PURPOSE
Normal file
4
tests/semanage-interface/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-interface
|
||||
Description: Does semanage interface ... work correctly?
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
69
tests/semanage-interface/runtest.sh
Executable file
69
tests/semanage-interface/runtest.sh
Executable file
@ -0,0 +1,69 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-interface
|
||||
# Description: Does semanage interface ... work correctly?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "semanage interface --help" 0,1
|
||||
for POLICY_TYPE in minimum mls targeted ; do
|
||||
if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
|
||||
continue
|
||||
fi
|
||||
rlRun "semanage interface -l -S ${POLICY_TYPE}"
|
||||
done
|
||||
if ! rlIsRHEL 5; then
|
||||
rlRun "semanage interface -l -S unknown 2>&1 | grep \"store cannot be accessed\""
|
||||
fi
|
||||
rlRun "semanage interface -a -t xyz_t xyz 2>&1 | grep -i -e 'not defined' -e 'error' -e 'could not'"
|
||||
rlRun "semanage interface -m xyz" 1,2
|
||||
rlRun "semanage interface -d xyz" 1
|
||||
rlRun "semanage interface -a -t netif_t xyz"
|
||||
if rlIsRHEL 5 6; then
|
||||
rlRun "semanage interface -m -r s0 xyz"
|
||||
else
|
||||
rlRun "semanage interface -m -t netif_t -r s0 xyz"
|
||||
fi
|
||||
rlRun "semanage interface -l | grep \"xyz.*:netif_t:s0\""
|
||||
rlRun "semanage interface -d xyz"
|
||||
rlRun "semanage interface -l | grep xyz" 1
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
65
tests/semanage-login/Makefile
Normal file
65
tests/semanage-login/Makefile
Normal file
@ -0,0 +1,65 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Regression/semanage-login
|
||||
# Description: Does semanage login ... work correctly?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Regression/semanage-login
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
test -x runtest.sh || chcon -t bin_t runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Does semanage login ... work correctly?" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 10m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils policycoreutils-python-utils grep shadow-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
4
tests/semanage-login/PURPOSE
Normal file
4
tests/semanage-login/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-login
|
||||
Description: Does semanage login ... work correctly?
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
67
tests/semanage-login/runtest.sh
Executable file
67
tests/semanage-login/runtest.sh
Executable file
@ -0,0 +1,67 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-login
|
||||
# Description: Does semanage login ... work correctly?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "semanage login --help" 0,1
|
||||
for POLICY_TYPE in minimum mls targeted ; do
|
||||
if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
|
||||
continue
|
||||
fi
|
||||
rlRun "semanage login -l -S ${POLICY_TYPE}"
|
||||
done
|
||||
if ! rlIsRHEL 5; then
|
||||
rlRun "semanage login -l -S unknown 2>&1 | grep \"store cannot be accessed\""
|
||||
fi
|
||||
rlRun "semanage login -a -s xyz_u xyz 2>&1 | grep -i -e 'does not exist' -e 'mapping.*invalid' -e 'could not query'"
|
||||
rlRun "semanage login -m xyz" 1
|
||||
rlRun "semanage login -d xyz" 1
|
||||
rlRun "useradd xyz"
|
||||
rlRun "semanage login -a -s user_u xyz"
|
||||
rlRun "semanage login -m -r s0 xyz"
|
||||
rlRun "semanage login -l | grep \"xyz.*user_u.*s0\""
|
||||
rlRun "semanage login -d xyz"
|
||||
rlRun "semanage login -l | grep xyz" 1
|
||||
rlRun "userdel -rf xyz"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
70
tests/semanage-permissive-d-problems/Makefile
Normal file
70
tests/semanage-permissive-d-problems/Makefile
Normal file
@ -0,0 +1,70 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||
# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
chcon -t bin_t runtest.sh; :
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: semanage permissive -d accepts more than domain types, its behavior is not reliable" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 20m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils-python-utils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils-devel" >> $(METADATA)
|
||||
@echo "Requires: selinux-policy-devel" >> $(METADATA)
|
||||
@echo "Requires: grep" >> $(METADATA)
|
||||
@echo "Requires: coreutils" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELServer5 -RHELClient5" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
5
tests/semanage-permissive-d-problems/PURPOSE
Normal file
5
tests/semanage-permissive-d-problems/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
Does semanage permissive work correctly?
|
||||
|
93
tests/semanage-permissive-d-problems/runtest.sh
Executable file
93
tests/semanage-permissive-d-problems/runtest.sh
Executable file
@ -0,0 +1,93 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
|
||||
# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include rhts environment
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/share/beakerlib/beakerlib.sh
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlRun "rpm -qf /usr/sbin/semanage"
|
||||
OUTPUT_FILE=`mktemp`
|
||||
rlRun "sestatus"
|
||||
rlPhaseEnd
|
||||
|
||||
if selinuxenabled ; then
|
||||
rlPhaseStartTest
|
||||
if rlIsRHEL 7 ; then
|
||||
rlFileBackup /usr/share/selinux/default/Makefile
|
||||
rlRun "rm -rf /usr/share/selinux/default/Makefile"
|
||||
fi
|
||||
rlRun "semanage permissive -l | grep fenced" 1
|
||||
rlRun "semanage permissive -a fenced_t"
|
||||
rlRun "semanage permissive -l | grep fenced"
|
||||
rlRun "semanage permissive -d fenced_t"
|
||||
rlRun "semanage permissive -l | grep fenced" 1
|
||||
if rlIsRHEL 7 ; then
|
||||
rlFileRestore
|
||||
fi
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||
rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$"
|
||||
rlRun "semanage permissive -a ypbind_t"
|
||||
rlRun "semanage permissive -a ypserv_t"
|
||||
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||
rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$"
|
||||
rlRun "semanage permissive -d yp" 1-255
|
||||
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||
rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$"
|
||||
rlRun "semanage permissive -d ypbind_t"
|
||||
rlRun "semanage permissive -d ypserv_t"
|
||||
rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
|
||||
rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun -s "semanage permissive -d" 1
|
||||
rlAssertNotGrep 'traceback' $rlRun_LOG -iEq
|
||||
rlAssertGrep 'error: the following argument is required: type' $rlRun_LOG -iEq
|
||||
rm -f $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
else
|
||||
rlPhaseStartTest
|
||||
rlRun "semanage permissive -l >& ${OUTPUT_FILE}" 0,1
|
||||
rlRun "grep -C 32 -i -e exception -e traceback -e error ${OUTPUT_FILE}" 1
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rm -f ${OUTPUT_FILE}
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
71
tests/semanage-port-add-delete-problems/Makefile
Normal file
71
tests/semanage-port-add-delete-problems/Makefile
Normal file
@ -0,0 +1,71 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||
# Description: semanage accepts invalid port numbers and then cannot delete them
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
chcon -t bin_t runtest.sh;:
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: semanage accepts invalid port numbers and then cannot delete them" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 15m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils-python-utils" >> $(METADATA)
|
||||
@echo "Requires: setools-console" >> $(METADATA)
|
||||
@echo "Requires: libselinux" >> $(METADATA)
|
||||
@echo "Requires: libselinux-utils" >> $(METADATA)
|
||||
@echo "Requires: coreutils" >> $(METADATA)
|
||||
@echo "Requires: grep" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
5
tests/semanage-port-add-delete-problems/PURPOSE
Normal file
5
tests/semanage-port-add-delete-problems/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
semanage accepts invalid port numbers and then cannot delete them
|
||||
|
137
tests/semanage-port-add-delete-problems/runtest.sh
Executable file
137
tests/semanage-port-add-delete-problems/runtest.sh
Executable file
@ -0,0 +1,137 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
||||
# Description: semanage accepts invalid port numbers and then cannot delete them
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
PORT_NAME="ldap_port_t"
|
||||
BAD_PORT_NUMBER="123456"
|
||||
GOOD_PORT_NUMBER="1389"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlRun "rpm -qf /usr/sbin/semanage"
|
||||
rlRun "rpm -qf /usr/bin/seinfo"
|
||||
OUTPUT_FILE=`mktemp`
|
||||
rlRun "setenforce 1"
|
||||
rlRun "sestatus"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "semanage port -l | grep ${PORT_NAME}"
|
||||
|
||||
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
||||
rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
|
||||
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
||||
rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
|
||||
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
||||
#rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'"
|
||||
|
||||
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
|
||||
rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
|
||||
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}"
|
||||
rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
|
||||
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
|
||||
rlRun "semanage port -l | grep syslogd_port_t"
|
||||
rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
|
||||
rlPhaseEnd
|
||||
|
||||
if rlIsRHEL ; then
|
||||
rlPhaseStartTest
|
||||
rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\""
|
||||
if rlIsRHEL 5 6; then
|
||||
PORT_TYPE="syslogd_port_t"
|
||||
else
|
||||
PORT_TYPE="commplex_link_port_t"
|
||||
fi
|
||||
|
||||
# adding a port number to a type
|
||||
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||
sleep 1
|
||||
rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005"
|
||||
sleep 2
|
||||
|
||||
# Check for user_avc
|
||||
rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
|
||||
LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
|
||||
rlRun "cat ${OUTPUT_FILE}"
|
||||
rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
|
||||
|
||||
# deleting a port number from a type
|
||||
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||
sleep 1
|
||||
rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005"
|
||||
sleep 2
|
||||
|
||||
# Check for user_avc
|
||||
rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
|
||||
LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
|
||||
rlRun "cat ${OUTPUT_FILE}"
|
||||
rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
if ! rlIsRHEL 5 ; then
|
||||
rlPhaseStartTest
|
||||
rlRun "seinfo --portcon | grep :hi_reserved_port_t:"
|
||||
rlRun "seinfo --portcon | grep :reserved_port_t:"
|
||||
rlRun "semanage port -l | grep ^hi_reserved_port_t"
|
||||
rlRun "semanage port -l | grep ^reserved_port_t"
|
||||
if ! rlIsRHEL 6 ; then
|
||||
rlRun "seinfo --portcon | grep :unreserved_port_t:"
|
||||
rlRun "semanage port -l | grep ^unreserved_port_t"
|
||||
fi
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartTest "manipulation with hard-wired ports"
|
||||
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
||||
rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
|
||||
rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
|
||||
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
||||
rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
|
||||
rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
|
||||
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rm -f ${OUTPUT_FILE}
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
65
tests/semanage-user/Makefile
Normal file
65
tests/semanage-user/Makefile
Normal file
@ -0,0 +1,65 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Regression/semanage-user
|
||||
# Description: Does semanage user ... work correctly?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Regression/semanage-user
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
test -x runtest.sh || chcon -t bin_t runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Does semanage user ... work correctly?" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 20m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-devel selinux-policy-minimum selinux-policy-mls selinux-policy-targeted selinux-policy-devel" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
4
tests/semanage-user/PURPOSE
Normal file
4
tests/semanage-user/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Regression/semanage-user
|
||||
Description: Does semanage user ... work correctly?
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
76
tests/semanage-user/runtest.sh
Executable file
76
tests/semanage-user/runtest.sh
Executable file
@ -0,0 +1,76 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-user
|
||||
# Description: Does semanage user ... work correctly?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlRun "make -f /usr/share/selinux/devel/Makefile"
|
||||
rlRun "ls -l testpolicy.pp"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
if rlIsRHEL 5 6; then
|
||||
rlRun "semanage user --help" 1
|
||||
else
|
||||
rlRun "semanage user --help" 0
|
||||
# semanage: list option can not be used with --level ("semanage user -l")
|
||||
rlRun "semanage user --help | grep fcontext" 1
|
||||
fi
|
||||
for POLICY_TYPE in minimum mls targeted ; do
|
||||
if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
|
||||
continue
|
||||
fi
|
||||
rlRun "semanage user -l -S ${POLICY_TYPE}"
|
||||
done
|
||||
if ! rlIsRHEL 5; then
|
||||
rlRun "semanage user -l -S unknown 2>&1 | grep \"store cannot be accessed\""
|
||||
fi
|
||||
rlRun "semanage user -a -P user -R xyz_r xyz_u 2>&1 | grep -i -e 'undefined' -e 'error' -e 'could not'"
|
||||
rlRun "semanage user -m xyz_u" 1
|
||||
rlRun "semanage user -d xyz_u" 1
|
||||
rlRun "semodule -i testpolicy.pp"
|
||||
rlRun "semanage user -a -P user -R xyz_r xyz_u"
|
||||
rlRun "semanage user -m -r s0 xyz_u"
|
||||
rlRun "semanage user -l | grep \"xyz_u.*s0.*s0.*xyz_r\""
|
||||
rlRun "semanage user -d xyz_u"
|
||||
rlRun "semanage user -l | grep xyz_u" 1
|
||||
rlRun "semodule -r testpolicy"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm -rf tmp testpolicy.{fc,if,pp}"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
11
tests/semanage-user/testpolicy.te
Normal file
11
tests/semanage-user/testpolicy.te
Normal file
@ -0,0 +1,11 @@
|
||||
module testpolicy 1.0;
|
||||
|
||||
type xyz_t;
|
||||
role xyz_r;
|
||||
|
||||
require {
|
||||
type xyz_t;
|
||||
}
|
||||
|
||||
role xyz_r types xyz_t;
|
||||
|
64
tests/sepolicy-generate/Makefile
Normal file
64
tests/sepolicy-generate/Makefile
Normal file
@ -0,0 +1,64 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||
# Description: sepolicy generate sanity test
|
||||
# Author: Michal Trunecka <mtruneck@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Michal Trunecka <mtruneck@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: sepolicy generate sanity test" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 115m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils policycoreutils-devel rpm-build" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHEL5 -RHEL6" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
3
tests/sepolicy-generate/PURPOSE
Normal file
3
tests/sepolicy-generate/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||
Description: sepolicy generate sanity test
|
||||
Author: Michal Trunecka <mtruneck@redhat.com>
|
115
tests/sepolicy-generate/runtest.sh
Executable file
115
tests/sepolicy-generate/runtest.sh
Executable file
@ -0,0 +1,115 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate
|
||||
# Description: sepolicy generate sanity test
|
||||
# Author: Michal Trunecka <mtruneck@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlRun "rlCheckRequirements ${PACKAGES[*]}" || rlDie "cannot continue"
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "mkdir mypolicy"
|
||||
rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home"
|
||||
rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te"
|
||||
rlRun "rm -rf mypolicy"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "mkdir mypolicy"
|
||||
rlRun "touch /usr/bin/testpolicy"
|
||||
for VARIANT in " -n testpolicy --admin_user -r webadm_r" \
|
||||
" --application /usr/bin/testpolicy " \
|
||||
" -n testpolicy --confined_admin -a firewalld " \
|
||||
" -n testpolicy --confined_admin " \
|
||||
" -n testpolicy --customize -d httpd_t -a firewalld " \
|
||||
" -n testpolicy --customize -d httpd_t" \
|
||||
" --dbus /usr/bin/testpolicy " \
|
||||
" -n testpolicy --desktop_user " \
|
||||
" --inetd /usr/bin/testpolicy " \
|
||||
" --init /usr/bin/testpolicy " \
|
||||
" -n testpolicy --newtype -t newtype_var_log_t " \
|
||||
" -n testpolicy --newtype -t newtype_unit_file_t " \
|
||||
" -n testpolicy --newtype -t newtype_var_run_t " \
|
||||
" -n testpolicy --newtype -t newtype_var_cache_t " \
|
||||
" -n testpolicy --newtype -t newtype_tmp_t " \
|
||||
" -n testpolicy --newtype -t newtype_port_t " \
|
||||
" -n testpolicy --newtype -t newtype_var_spool_t " \
|
||||
" -n testpolicy --newtype -t newtype_var_lib_t " \
|
||||
" -n testpolicy --sandbox " \
|
||||
" -n testpolicy --term_user " \
|
||||
" -n testpolicy --x_user "
|
||||
# " --cgi /usr/bin/testpolicy "
|
||||
do
|
||||
rlRun "sepolicy generate -p mypolicy $VARIANT"
|
||||
rlRun "cat mypolicy/testpolicy.te"
|
||||
rlRun "cat mypolicy/testpolicy.if"
|
||||
rlRun "cat mypolicy/testpolicy.fc"
|
||||
if echo "$VARIANT" | grep -q newtype; then
|
||||
rlAssertNotExists "mypolicy/testpolicy.sh"
|
||||
rlAssertNotExists "mypolicy/testpolicy.spec"
|
||||
else
|
||||
rlRun "mypolicy/testpolicy.sh"
|
||||
rlRun "semodule -l | grep testpolicy"
|
||||
rlRun "semanage user -d testpolicy_u" 0-255
|
||||
rlRun "semodule -r testpolicy"
|
||||
fi
|
||||
|
||||
rlRun "rm -rf mypolicy/*"
|
||||
rlRun "sleep 1"
|
||||
|
||||
if ! echo "$VARIANT" | grep -q newtype; then
|
||||
rlRun "sepolicy generate -p mypolicy -w /home $VARIANT"
|
||||
rlRun "cat mypolicy/testpolicy.te"
|
||||
rlRun "cat mypolicy/testpolicy.if"
|
||||
rlRun "cat mypolicy/testpolicy.fc"
|
||||
|
||||
rlRun "mypolicy/testpolicy.sh"
|
||||
rlRun "semodule -l | grep testpolicy"
|
||||
rlRun "semanage user -d testpolicy_u" 0-255
|
||||
rlRun "semodule -r testpolicy"
|
||||
|
||||
rlRun "rm -rf mypolicy/*"
|
||||
rlRun "sleep 1"
|
||||
fi
|
||||
done
|
||||
rlRun "rm -rf mypolicy"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
67
tests/sestatus/Makefile
Normal file
67
tests/sestatus/Makefile
Normal file
@ -0,0 +1,67 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Sanity/sestatus
|
||||
# Description: tests everything about sestatus
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Sanity/sestatus
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
chcon -t bin_t runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: tests everything about sestatus" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: grep" >> $(METADATA)
|
||||
@echo "Requires: man" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
4
tests/sestatus/PURPOSE
Normal file
4
tests/sestatus/PURPOSE
Normal file
@ -0,0 +1,4 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Sanity/sestatus
|
||||
Description: tests everything about sestatus
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
114
tests/sestatus/runtest.sh
Normal file
114
tests/sestatus/runtest.sh
Normal file
@ -0,0 +1,114 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Sanity/sestatus
|
||||
# Description: tests everything about sestatus
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include rhts environment
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/share/beakerlib/beakerlib.sh
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
if rlIsRHEL 5 6 ; then
|
||||
SELINUX_FS_MOUNT="/selinux"
|
||||
else # RHEL-7 and above
|
||||
SELINUX_FS_MOUNT="/sys/fs/selinux"
|
||||
fi
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlFileBackup /etc/sestatus.conf
|
||||
rlRun "mount | grep -i selinux" 0,1
|
||||
OUTPUT_FILE=`mktemp`
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "basic use"
|
||||
rlRun "sestatus"
|
||||
rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "policy booleans" ${OUTPUT_FILE} -i
|
||||
rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "process contexts" ${OUTPUT_FILE} -i
|
||||
rlAssertGrep "file contexts" ${OUTPUT_FILE} -i
|
||||
rlAssertGrep "current context" ${OUTPUT_FILE} -i
|
||||
rlAssertGrep "init context" ${OUTPUT_FILE} -i
|
||||
rlAssertGrep "controlling term" ${OUTPUT_FILE} -i
|
||||
rlRun "sestatus --xyz 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "invalid option" ${OUTPUT_FILE} -i
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "extreme cases"
|
||||
# pretend that the config file contains an invalid section
|
||||
rlRun "sed -i 's/files/xyz/' /etc/sestatus.conf"
|
||||
rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "line not in a section" ${OUTPUT_FILE} -i
|
||||
rlRun "rm -f /etc/sestatus.conf"
|
||||
rlRun "mkdir /etc/sestatus.conf" # intentionally replaced a file with a directory
|
||||
rlRun "sestatus -v"
|
||||
# pretend that the config file is missing
|
||||
rlRun "rm -rf /etc/sestatus.conf"
|
||||
for OPTION in "-bv" "-v" ; do
|
||||
rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "unable to open /etc/sestatus.conf" ${OUTPUT_FILE} -i
|
||||
done
|
||||
rlFileRestore
|
||||
# pretend that SELinux is disabled
|
||||
rlRun "umount ${SELINUX_FS_MOUNT}"
|
||||
for OPTION in "" "-b" "-v" "-bv" ; do
|
||||
rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i
|
||||
done
|
||||
rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}"
|
||||
# pretend that no booleans are defined
|
||||
rlRun "mkdir ./booleans"
|
||||
rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"
|
||||
rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlRun "umount ${SELINUX_FS_MOUNT}/booleans"
|
||||
rlAssertNotGrep "booleans" ${OUTPUT_FILE} -i
|
||||
rlRun "rmdir ./booleans"
|
||||
rlPhaseEnd
|
||||
|
||||
# This bug is not worth fixing in RHEL-5
|
||||
if ! rlIsRHEL 5 ; then
|
||||
rlPhaseStartTest
|
||||
rlRun "rpm -ql ${PACKAGE} | grep /usr/sbin/sestatus"
|
||||
rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/man8/sestatus.8"
|
||||
for OPTION in b v ; do
|
||||
rlRun "sestatus --help 2>&1 | grep -- -${OPTION}"
|
||||
rlRun "man sestatus | col -b | grep -- -${OPTION}"
|
||||
done
|
||||
if ! rlIsRHEL 6 ; then
|
||||
rlRun "man -w sestatus.conf"
|
||||
fi
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlFileRestore
|
||||
rm -f ${OUTPUT_FILE}
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
65
tests/setsebool/Makefile
Normal file
65
tests/setsebool/Makefile
Normal file
@ -0,0 +1,65 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/policycoreutils/Sanity/setsebool
|
||||
# Description: does setsebool work correctly ?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/policycoreutils/Sanity/setsebool
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
chcon -t bin_t runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: does setsebool work correctly ?" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 45m" >> $(METADATA)
|
||||
@echo "RunFor: policycoreutils" >> $(METADATA)
|
||||
@echo "Requires: audit policycoreutils libselinux-utils shadow-utils grep" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
5
tests/setsebool/PURPOSE
Normal file
5
tests/setsebool/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/policycoreutils/Sanity/setsebool
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
Does setsebool work as expected? Does it produce correct audit messages?
|
||||
|
151
tests/setsebool/runtest.sh
Executable file
151
tests/setsebool/runtest.sh
Executable file
@ -0,0 +1,151 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/policycoreutils/Sanity/setsebool
|
||||
# Description: does setsebool work correctly ?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include rhts environment
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/share/beakerlib/beakerlib.sh
|
||||
|
||||
PACKAGE="policycoreutils"
|
||||
USER_NAME="user${RANDOM}"
|
||||
USER_SECRET="s3kr3t${RANDOM}"
|
||||
BOOLEAN="ftpd_connect_db"
|
||||
if rlIsRHEL 5 6 ; then
|
||||
SELINUX_FS_MOUNT="/selinux"
|
||||
else # RHEL-7 and above
|
||||
SELINUX_FS_MOUNT="/sys/fs/selinux"
|
||||
fi
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
OUTPUT_FILE=`mktemp`
|
||||
chcon -t tmp_t ${OUTPUT_FILE}
|
||||
|
||||
rlRun "useradd ${USER_NAME}"
|
||||
rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
for OPTION in "" "-P" ; do
|
||||
for OPERATOR in " " "=" ; do
|
||||
for VALUE in 0 1 false true off on ; do
|
||||
rlRun "setsebool ${OPTION} ${BOOLEAN}${OPERATOR}${VALUE} | grep -i -e illegal -e usage -e invalid" 1
|
||||
if [ ${VALUE} == "0" -o ${VALUE} == "false" ] ; then
|
||||
SHOWN_VALUE="off"
|
||||
elif [ ${VALUE} == "1" -o ${VALUE} == "true" ] ; then
|
||||
SHOWN_VALUE="on"
|
||||
else
|
||||
SHOWN_VALUE=${VALUE}
|
||||
fi
|
||||
rlRun "getsebool -a | grep \"^${BOOLEAN}.*${SHOWN_VALUE}\""
|
||||
done
|
||||
done
|
||||
done
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "setsebool" 1
|
||||
rlRun "setsebool xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\""
|
||||
rlRun "setsebool xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||
rlRun "setsebool xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||
if ! rlIsRHEL 5 6 ; then
|
||||
rlRun "setsebool -N 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\""
|
||||
rlRun "setsebool -P 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\""
|
||||
fi
|
||||
rlRun "setsebool -P xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\""
|
||||
rlRun "setsebool -P xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||
rlRun "setsebool -P xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
|
||||
rlPhaseEnd
|
||||
|
||||
if ! rlIsRHEL 5 6 ; then
|
||||
rlPhaseStartTest
|
||||
rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||
rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||
rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||
rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "try as root" ${OUTPUT_FILE} -i
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
for OPTION in "" "-P" ; do
|
||||
rlRun "getsebool allow_ypbind | grep nis_enabled"
|
||||
rlRun "setsebool ${OPTION} allow_ypbind on"
|
||||
rlRun "getsebool allow_ypbind | grep \"nis_enabled.*on\""
|
||||
rlRun "setsebool ${OPTION} allow_ypbind off"
|
||||
rlRun "getsebool allow_ypbind | grep \"nis_enabled.*off\""
|
||||
done
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
# https://fedoraproject.org/wiki/Features/SELinuxBooleansRename
|
||||
for LINE in `cat /etc/selinux/*/booleans.subs_dist | sort | uniq | tr -s ' ' | tr ' ' ':'` ; do
|
||||
OLD_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 1`
|
||||
NEW_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 2`
|
||||
rlRun "getsebool ${OLD_BOOLEAN_NAME} 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlRun "getsebool ${NEW_BOOLEAN_NAME} 2>&1 | tee -a ${OUTPUT_FILE}"
|
||||
rlRun "uniq -c ${OUTPUT_FILE} | grep '2 '"
|
||||
done
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartTest "audit messages"
|
||||
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
||||
sleep 1
|
||||
rlRun "setsebool ${BOOLEAN} on"
|
||||
rlRun "setsebool ${BOOLEAN} off"
|
||||
rlRun "setsebool ${BOOLEAN} on"
|
||||
sleep 1
|
||||
rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=1 old_val=0\""
|
||||
rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=0 old_val=1\""
|
||||
if rlIsRHEL ; then
|
||||
rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=SYSCALL.*comm=setsebool\""
|
||||
fi
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "extreme cases"
|
||||
# pretend that no booleans are defined
|
||||
rlRun "mkdir ./booleans"
|
||||
rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"
|
||||
rlRun "setsebool ${BOOLEAN} on 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i
|
||||
rlRun "setsebool ${BOOLEAN} off 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i
|
||||
rlRun "umount ${SELINUX_FS_MOUNT}/booleans"
|
||||
rlRun "rmdir ./booleans"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "userdel -rf ${USER_NAME}"
|
||||
rm -f ${OUTPUT_FILE}
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
51
tests/tests.yml
Normal file
51
tests/tests.yml
Normal file
@ -0,0 +1,51 @@
|
||||
---
|
||||
# Tests to run in a classic environment
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
repositories:
|
||||
- repo: "https://src.fedoraproject.org/tests/selinux.git"
|
||||
dest: "selinux"
|
||||
tests:
|
||||
- selinux/policycoreutils/CIL-modules-without-compilation
|
||||
- selinux/policycoreutils/semanage-interface
|
||||
- selinux/policycoreutils/semanage-login
|
||||
- selinux/policycoreutils/semanage-permissive-d-problems
|
||||
- selinux/policycoreutils/semanage-port-add-delete-problems
|
||||
- selinux/policycoreutils/semanage-user
|
||||
- selinux/policycoreutils/sestatus
|
||||
- selinux/policycoreutils/linux-system-roles.selinux-tests
|
||||
required_packages:
|
||||
- policycoreutils # Required by all tests
|
||||
- policycoreutils-devel # Required by sepolicy-generate
|
||||
- rpm-build # Required by sepolicy-generate
|
||||
- policycoreutils-python-utils # Required by semanage tests
|
||||
- grep # Required by semanage tests
|
||||
- selinux-policy-minimum # Required by semanage tests
|
||||
- selinux-policy-mls # Required by semanage tests
|
||||
- selinux-policy-targeted # Required by semanage tests
|
||||
- shadow-utils # Required by semanage tests
|
||||
- selinux-policy-devel # Required by semanage tests
|
||||
- coreutils # Required by semanage tests
|
||||
- man # Required by semanage tests
|
||||
- setools-console # Required by semanage tests
|
||||
- libselinux # Required by semanage tests
|
||||
- libselinux-utils # Required by semanage tests
|
||||
- audit # Required by audit test
|
||||
- e2fsprogs # Required by restorecon test
|
||||
- ansible
|
||||
- git
|
||||
|
||||
# Tests for atomic host
|
||||
- hosts: localhost
|
||||
tags:
|
||||
- atomic
|
||||
# no compatible tests
|
||||
|
||||
# Tests for docker container
|
||||
- hosts: localhost
|
||||
tags:
|
||||
- container
|
||||
# no compatible tests
|
Loading…
Reference in New Issue
Block a user