4b74ff6678
The playbook includes Tier1 level test cases that have been tested in
the following contexts and is passing reliably on Classic.
Test logs are stored in the Artifacts directory.
The following steps are used to execute the tests using the standard test interface:
Classic
sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml
It's based on
https://src.fedoraproject.org/rpms/policycoreutils/pull-request/1 from Merlin Mathesius <merlinm@redhat.com>
138 lines
5.4 KiB
Bash
Executable File
138 lines
5.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
|
|
# Description: semanage accepts invalid port numbers and then cannot delete them
|
|
# Author: Milos Malik <mmalik@redhat.com>
|
|
#
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
|
#
|
|
# This copyrighted material is made available to anyone wishing
|
|
# to use, modify, copy, or redistribute it subject to the terms
|
|
# and conditions of the GNU General Public License version 2.
|
|
#
|
|
# This program is distributed in the hope that it will be
|
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
# PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public
|
|
# License along with this program; if not, write to the Free
|
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
# Boston, MA 02110-1301, USA.
|
|
#
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
. /usr/bin/rhts-environment.sh || exit 1
|
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
|
|
|
PACKAGE="policycoreutils"
|
|
PORT_NAME="ldap_port_t"
|
|
BAD_PORT_NUMBER="123456"
|
|
GOOD_PORT_NUMBER="1389"
|
|
|
|
rlJournalStart
|
|
rlPhaseStartSetup
|
|
rlAssertRpm ${PACKAGE}
|
|
rlRun "rpm -qf /usr/sbin/semanage"
|
|
rlRun "rpm -qf /usr/bin/seinfo"
|
|
OUTPUT_FILE=`mktemp`
|
|
rlRun "setenforce 1"
|
|
rlRun "sestatus"
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest
|
|
rlRun "semanage port -l | grep ${PORT_NAME}"
|
|
|
|
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
|
rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
|
|
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
|
rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
|
|
rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
|
|
#rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'"
|
|
|
|
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
|
|
rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
|
|
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}"
|
|
rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
|
|
rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest
|
|
rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
|
|
rlRun "semanage port -l | grep syslogd_port_t"
|
|
rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
|
|
rlPhaseEnd
|
|
|
|
if rlIsRHEL ; then
|
|
rlPhaseStartTest
|
|
rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\""
|
|
if rlIsRHEL 5 6; then
|
|
PORT_TYPE="syslogd_port_t"
|
|
else
|
|
PORT_TYPE="commplex_link_port_t"
|
|
fi
|
|
|
|
# adding a port number to a type
|
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
|
sleep 1
|
|
rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005"
|
|
sleep 2
|
|
|
|
# Check for user_avc
|
|
rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
|
|
LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
|
|
rlRun "cat ${OUTPUT_FILE}"
|
|
rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
|
|
|
|
# deleting a port number from a type
|
|
START_DATE_TIME=`date "+%m/%d/%Y %T"`
|
|
sleep 1
|
|
rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005"
|
|
sleep 2
|
|
|
|
# Check for user_avc
|
|
rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
|
|
LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
|
|
rlRun "cat ${OUTPUT_FILE}"
|
|
rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
|
|
rlPhaseEnd
|
|
fi
|
|
|
|
if ! rlIsRHEL 5 ; then
|
|
rlPhaseStartTest
|
|
rlRun "seinfo --portcon | grep :hi_reserved_port_t:"
|
|
rlRun "seinfo --portcon | grep :reserved_port_t:"
|
|
rlRun "semanage port -l | grep ^hi_reserved_port_t"
|
|
rlRun "semanage port -l | grep ^reserved_port_t"
|
|
if ! rlIsRHEL 6 ; then
|
|
rlRun "seinfo --portcon | grep :unreserved_port_t:"
|
|
rlRun "semanage port -l | grep ^unreserved_port_t"
|
|
fi
|
|
rlPhaseEnd
|
|
fi
|
|
|
|
rlPhaseStartTest "manipulation with hard-wired ports"
|
|
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
|
rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
|
rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
|
|
rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
|
rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
|
|
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
|
rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
|
rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
|
|
rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
|
|
rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
|
|
rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartCleanup
|
|
rm -f ${OUTPUT_FILE}
|
|
rlPhaseEnd
|
|
rlJournalPrintText
|
|
rlJournalEnd
|
|
|