From 59be98a24f50e1f16fda1531d3949fccb148419f Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 10 Nov 2022 17:25:13 +0100 Subject: [PATCH] run tests via TMT/FMF Related: rhbz#2145230 --- .fmf/version | 1 + plans/selinux.fmf | 7 + tests/checkmodule/Makefile | 67 ---------- tests/checkmodule/PURPOSE | 5 - tests/checkmodule/mypolicy.te | 9 -- tests/checkmodule/runtest.sh | 101 -------------- tests/checkpolicy-docs/Makefile | 64 --------- tests/checkpolicy-docs/PURPOSE | 7 - tests/checkpolicy-docs/runtest.sh | 53 -------- tests/checkpolicy/Makefile | 64 --------- tests/checkpolicy/PURPOSE | 7 - tests/checkpolicy/policy.conf.from.secilc | 143 -------------------- tests/checkpolicy/runtest.sh | 153 ---------------------- tests/sedismod/Makefile | 65 --------- tests/sedismod/PURPOSE | 5 - tests/sedismod/runtest.sh | 83 ------------ tests/sedismod/sedismod.exp | 21 --- tests/sedispol/Makefile | 65 --------- tests/sedispol/PURPOSE | 5 - tests/sedispol/runtest.sh | 77 ----------- tests/sedispol/sedispol.exp | 21 --- tests/tests.yml | 38 ------ 22 files changed, 8 insertions(+), 1053 deletions(-) create mode 100644 .fmf/version create mode 100644 plans/selinux.fmf delete mode 100644 tests/checkmodule/Makefile delete mode 100644 tests/checkmodule/PURPOSE delete mode 100644 tests/checkmodule/mypolicy.te delete mode 100644 tests/checkmodule/runtest.sh delete mode 100644 tests/checkpolicy-docs/Makefile delete mode 100644 tests/checkpolicy-docs/PURPOSE delete mode 100644 tests/checkpolicy-docs/runtest.sh delete mode 100644 tests/checkpolicy/Makefile delete mode 100644 tests/checkpolicy/PURPOSE delete mode 100644 tests/checkpolicy/policy.conf.from.secilc delete mode 100644 tests/checkpolicy/runtest.sh delete mode 100644 tests/sedismod/Makefile delete mode 100644 tests/sedismod/PURPOSE delete mode 100755 tests/sedismod/runtest.sh delete mode 100755 tests/sedismod/sedismod.exp delete mode 100644 tests/sedispol/Makefile delete mode 100644 tests/sedispol/PURPOSE delete mode 100755 tests/sedispol/runtest.sh delete mode 100755 tests/sedispol/sedispol.exp delete mode 100644 tests/tests.yml diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plans/selinux.fmf b/plans/selinux.fmf new file mode 100644 index 0000000..be73559 --- /dev/null +++ b/plans/selinux.fmf @@ -0,0 +1,7 @@ +summary: selinux tests - Tier 1 | checkpolicy +discover: + how: fmf + url: https://src.fedoraproject.org/tests/selinux + filter: "tier:1 | component:checkpolicy" +execute: + how: tmt diff --git a/tests/checkmodule/Makefile b/tests/checkmodule/Makefile deleted file mode 100644 index 7be6779..0000000 --- a/tests/checkmodule/Makefile +++ /dev/null @@ -1,67 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/checkpolicy/Sanity/checkmodule -# Description: runs checkmodule with various options to find out if it behaves correctly -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2009 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/checkpolicy/Sanity/checkmodule -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE mypolicy.te - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Milos Malik " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: runs checkmodule with various options to find out if it behaves correctly" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: checkpolicy" >> $(METADATA) - @echo "Requires: checkpolicy" >> $(METADATA) - @echo "Requires: man" >> $(METADATA) - @echo "Requires: grep" >> $(METADATA) - @echo "Requires: mktemp" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4" >> $(METADATA) - - rhts-lint $(METADATA) - diff --git a/tests/checkmodule/PURPOSE b/tests/checkmodule/PURPOSE deleted file mode 100644 index e7316a6..0000000 --- a/tests/checkmodule/PURPOSE +++ /dev/null @@ -1,5 +0,0 @@ -PURPOSE of /CoreOS/checkpolicy/Sanity/checkmodule -Author: Milos Malik - -This TC runs checkmodule with various options to find out if it behaves correctly. - diff --git a/tests/checkmodule/mypolicy.te b/tests/checkmodule/mypolicy.te deleted file mode 100644 index 8a85503..0000000 --- a/tests/checkmodule/mypolicy.te +++ /dev/null @@ -1,9 +0,0 @@ -module mypolicy 1.0; -require { - type httpd_log_t; - type postfix_postdrop_t; - class dir getattr; - class file { read getattr }; -} -allow postfix_postdrop_t httpd_log_t:file getattr; - diff --git a/tests/checkmodule/runtest.sh b/tests/checkmodule/runtest.sh deleted file mode 100644 index f4ee8ce..0000000 --- a/tests/checkmodule/runtest.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/checkpolicy/Sanity/checkmodule -# Description: runs checkmodule with various options to find out if it behaves correctly -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2009 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh - -PACKAGE="checkpolicy" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - TEST_FILE=`mktemp` - TEST_DIR=`mktemp -d` - rlRun "rpm -ql ${PACKAGE} | grep bin/checkmodule" - rlPhaseEnd - - rlPhaseStartTest - rlRun "checkmodule >& ${TEST_FILE}" 1 - rlAssertGrep "loading policy configuration from policy.conf" ${TEST_FILE} - rlRun "checkmodule -b >& ${TEST_FILE}" 1 - rlAssertGrep "loading policy configuration from policy" ${TEST_FILE} - rlRun "checkmodule -V" - rlRun "checkmodule -U 1>/dev/null" 1 - rlRun "rm -f policy.conf" - for OPTION in "deny" "reject" "allow" ; do - rlRun "checkmodule -U ${OPTION} >& ${TEST_FILE}" 1 - rlAssertGrep "unable to open policy.conf" ${TEST_FILE} - done - rlRun "rm -f ${TEST_FILE}" - rlRun "touch ${TEST_FILE}" - rlRun "rm -rf ${TEST_DIR}" - rlRun "mkdir ${TEST_DIR}" - rlRun "checkmodule ${TEST_FILE}" 1,2 - rlRun "checkmodule -b ${TEST_FILE}" 1 - rlRun "checkmodule ${TEST_DIR}" 1,2 - rlRun "checkmodule -b ${TEST_DIR}" 1 - rlRun "rm -f ${TEST_FILE}" - rlRun "rm -rf ${TEST_DIR}" - rlRun "checkmodule ${TEST_FILE}" 1 - rlRun "checkmodule -b ${TEST_FILE}" 1 - if rlIsRHEL 5 ; then - rlRun "checkmodule --help 2>&1 | grep -- -d" - fi - rlRun "checkmodule --help 2>&1 | grep -- -h" - rlRun "checkmodule --help 2>&1 | grep -- -U" - rlPhaseEnd - - rlPhaseStartTest - for POLICY_KIND in minimum mls targeted ; do - rlRun "checkmodule -M -m -b -o testmod.mod /etc/selinux/${POLICY_KIND}/policy/policy.* >& ${TEST_FILE}" 1 - rlRun "grep -i \"checkmodule.*-b and -m are incompatible with each other\" ${TEST_FILE}" - done - rlPhaseEnd - - rlPhaseStartTest - INPUT_FILE="mypolicy.te" - OUTPUT_FILE="mypolicy.output" - rlRun "ls -l ${INPUT_FILE}" - rlRun "checkmodule -m -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*loading policy configuration from ${INPUT_FILE}\"" - rlRun "checkmodule -m -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*writing binary representation.*to ${OUTPUT_FILE}\"" - rlRun "ls -l ${OUTPUT_FILE}" - if checkmodule --help | grep -q " CIL " ; then - rlRun "rm -f ${OUTPUT_FILE}" - rlRun "checkmodule -m -C -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*loading policy configuration from ${INPUT_FILE}\"" - rlRun "checkmodule -m -C -o ${OUTPUT_FILE} ${INPUT_FILE} 2>&1 | grep \"checkmodule.*writing CIL to ${OUTPUT_FILE}\"" - rlRun "ls -l ${OUTPUT_FILE}" - fi - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "rm -rf ${TEST_FILE} ${TEST_DIR} ${OUTPUT_FILE}" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd - diff --git a/tests/checkpolicy-docs/Makefile b/tests/checkpolicy-docs/Makefile deleted file mode 100644 index ea1a0bc..0000000 --- a/tests/checkpolicy-docs/Makefile +++ /dev/null @@ -1,64 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/checkpolicy/Sanity/checkpolicy -# Description: covers an issue where manpage included an unsupported option. -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2009 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/checkpolicy/Sanity/checkpolicy -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Milos Malik " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: covers an issue where manpage included an unsupported option." >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 1m" >> $(METADATA) - @echo "RunFor: checkpolicy" >> $(METADATA) - @echo "Requires: checkpolicy" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4" >> $(METADATA) - - rhts-lint $(METADATA) - diff --git a/tests/checkpolicy-docs/PURPOSE b/tests/checkpolicy-docs/PURPOSE deleted file mode 100644 index bde34d7..0000000 --- a/tests/checkpolicy-docs/PURPOSE +++ /dev/null @@ -1,7 +0,0 @@ -PURPOSE of /CoreOS/checkpolicy/Sanity/checkpolicy - -Description: covers an issue where manpage included an unsupported option. - -Author: Milos Malik - - diff --git a/tests/checkpolicy-docs/runtest.sh b/tests/checkpolicy-docs/runtest.sh deleted file mode 100644 index 83a7079..0000000 --- a/tests/checkpolicy-docs/runtest.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/checkpolicy/Sanity/checkpolicy-docs -# Description: covers an issue where manpage included an unsupported option. -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2009 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh - -PACKAGE="checkpolicy" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - rlAssertExists "/usr/share/man/man8/checkpolicy.8.gz" - rlPhaseEnd - - rlPhaseStartTest - rlRun "man checkpolicy | col -b | grep -- '-m]'" 1 - rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/.*checkmodule" - if rlIsRHEL 5 ; then - rlRun "man checkmodule | col -b | grep -- -d" - fi - rlRun "man checkmodule | col -b | grep -- -h" - rlRun "man checkmodule | col -b | grep -- -U" - rlPhaseEnd - -rlJournalPrintText -rlJournalEnd - diff --git a/tests/checkpolicy/Makefile b/tests/checkpolicy/Makefile deleted file mode 100644 index 1ba29a4..0000000 --- a/tests/checkpolicy/Makefile +++ /dev/null @@ -1,64 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/checkpolicy/Sanity/checkpolicy -# Description: runs checkpolicy with various options to find out if it behaves correctly -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2009 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/checkpolicy/Sanity/checkpolicy -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE policy.conf.from.secilc - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Milos Malik " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: runs checkpolicy with various options to find out if it behaves correctly" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: checkpolicy setools" >> $(METADATA) - @echo "Requires: checkpolicy setools-console selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4" >> $(METADATA) - - rhts-lint $(METADATA) - diff --git a/tests/checkpolicy/PURPOSE b/tests/checkpolicy/PURPOSE deleted file mode 100644 index c60c59e..0000000 --- a/tests/checkpolicy/PURPOSE +++ /dev/null @@ -1,7 +0,0 @@ -PURPOSE of /CoreOS/checkpolicy/Sanity/checkpolicy - -Description: runs checkpolicy with various options to find out if it behaves correctly - -Author: Milos Malik - - diff --git a/tests/checkpolicy/policy.conf.from.secilc b/tests/checkpolicy/policy.conf.from.secilc deleted file mode 100644 index 938af91..0000000 --- a/tests/checkpolicy/policy.conf.from.secilc +++ /dev/null @@ -1,143 +0,0 @@ -class file -class process -class char - -sid kernel -sid security -sid unlabeled - -common file {ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton } - -class file inherits file { execute_no_trans entrypoint execmod open audit_access } -class char inherits file { foo transition } -class process { open } - -sensitivity s0 alias sens0; -sensitivity s1; - -dominance { s0 s1 } - -category c0 alias cat0; -category c1; -category c2; - -level s0:c0.c2; -level s1:c0.c2; - -mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1 eq r2))); -mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or (r1 != r2)); -mlsconstrain file { open } (l1 dom h2); -mlsconstrain file { open } (h1 domby l2); -mlsconstrain file { open } (l1 incomp l2); - -mlsvalidatetrans file (h1 domby l2); - -attribute foo_type; -attribute bar_type; -attribute baz_type; -attribute exec_type; - -type bin_t, bar_type, exec_type; -type kernel_t, foo_type, exec_type, baz_type; -type security_t, baz_type; -type unlabeled_t, baz_type; - -type exec_t, baz_type; -type console_t, baz_type; -type auditadm_t, baz_type; -type console_device_t, baz_type; -type user_tty_device_t, baz_type; -type device_t, baz_type; -type getty_t, baz_type; -type a_t, baz_type; -type b_t, baz_type; - -typealias bin_t alias sbin_t; - -bool secure_mode false; -bool console_login true; -bool b1 false; - -role system_r; -role user_r; -role system_r types bin_t; -role system_r types kernel_t; -role system_r types security_t; -role system_r types unlabeled_t; - -policycap open_perms; -permissive device_t; - -range_transition device_t console_t : file s0:c0 - s1:c0.c1; - -type_transition device_t console_t : file console_device_t; -type_member device_t bin_t : file exec_t; - -if console_login{ - type_change auditadm_t console_device_t : file user_tty_device_t; -} - -role_transition system_r bin_t user_r; - -auditallow device_t auditadm_t: file { open }; -dontaudit device_t auditadm_t: file { read }; - -allow system_r user_r; - -allow console_t console_device_t: char { write setattr }; -allow console_t console_device_t: file { open read getattr }; -allow foo_type self: file { execute }; -allow bin_t device_t: file { execute }; -allow bin_t exec_t: file { execute }; -allow bin_t bin_t: file { execute }; -allow a_t b_t : file { write }; -allow console_t console_device_t: file { read write getattr setattr lock append }; -allow kernel_t kernel_t : file { execute }; - -if b1 { - allow a_t b_t : file { read }; -} - -if secure_mode{ - auditallow device_t exec_t: file { read write }; -} - -if console_login{ - allow getty_t console_device_t: file { getattr open read write append }; -} -else { - dontaudit getty_t console_device_t: file { getattr open read write append }; -} - -if (not ((secure_mode eq console_login) xor ((secure_mode or console_login) and secure_mode))){ - allow bin_t exec_t: file { execute }; -} - -user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1; -user user_u roles user_r level s0:c0 range s0:c0 - s0:c0; - -validatetrans file (t1 == exec_t); - -constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2))); -constrain file { open } (r1 dom r2); -constrain file { open } (r1 domby r2); -constrain file { open } (r1 incomp r2); -constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2))); -constrain char { write setattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2))); - - -sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1 -sid security system_u:system_r:security_t:s0:c0 - s1:c0,c1 -sid unlabeled system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1 - -fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1; - -genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1 - -portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 -portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 - -netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 - -nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 -nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222:: system_u:system_r:bin_t:s0:c0 - s1:c0,c1 diff --git a/tests/checkpolicy/runtest.sh b/tests/checkpolicy/runtest.sh deleted file mode 100644 index 815dbaf..0000000 --- a/tests/checkpolicy/runtest.sh +++ /dev/null @@ -1,153 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/checkpolicy/Sanity/checkpolicy -# Description: runs checkpolicy with various options to find out if it behaves correctly -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2009 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh - -PACKAGE="checkpolicy" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - rlAssertRpm selinux-policy-minimum - rlAssertRpm selinux-policy-mls - rlAssertRpm selinux-policy-targeted - rlRun "uname -a" - TEST_FILE=`mktemp` - TEST_DIR=`mktemp -d` - OUTPUT_FILE=`mktemp` - rlAssertExists "/usr/bin/checkpolicy" - rlPhaseEnd - - rlPhaseStartTest "compilation from policy.conf" - MIN_VERSION="15" - MAX_VERSION=`find /etc/selinux/ -name policy.?? | cut -d / -f 6 | cut -d . -f 2 | head -n 1` - if rlIsRHEL 5 6 ; then - VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION}` - else - # some versions are skipped because seinfo segfaults when inspecting binary policies between v.20 and v.23" - VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION} | grep -v -e 19 -e 20 -e 21 -e 22 -e 23` - fi - for CUR_VERSION in ${VERSIONS} ; do - rlRun "rm -f policy.out" - rlWatchdog "checkpolicy -M -c ${CUR_VERSION} -o policy.out policy.conf.from.secilc" 15 - if [ -s policy.out ] ; then - rlRun "seinfo policy.out 2>&1 | tee ${OUTPUT_FILE}" - rlRun "grep -i -e \"policy version.*${CUR_VERSION}\" -e \"unable to open policy\" ${OUTPUT_FILE}" - else - rlRun "ls -l policy.out" - fi - done - rlPhaseEnd - - rlPhaseStartTest - rlRun "checkpolicy >& ${TEST_FILE}" 1 - rlAssertGrep "loading policy configuration from policy.conf" ${TEST_FILE} - rlRun "checkpolicy -b >& ${TEST_FILE}" 1 - rlAssertGrep "loading policy configuration from policy" ${TEST_FILE} - rlRun "checkpolicy -V" - rlRun "checkpolicy -U 2>&1 | grep \"option requires an argument\"" - rlRun "checkpolicy -U xyz" 1 - rlRun "rm -f policy.conf" - if ! rlIsRHEL 4 ; then - for OPTION in "deny" "reject" "allow" ; do - rlRun "checkpolicy -U ${OPTION} >& ${TEST_FILE}" 1 - rlAssertGrep "unable to open policy.conf" ${TEST_FILE} - done - fi - rlRun "rm -f ${TEST_FILE}" - rlRun "touch ${TEST_FILE}" - rlRun "rm -rf ${TEST_DIR}" - rlRun "mkdir ${TEST_DIR}" - rlRun "checkpolicy ${TEST_FILE}" 1,2 - rlRun "checkpolicy -b ${TEST_FILE}" 1 - rlRun "checkpolicy ${TEST_DIR}" 1,2 - rlRun "checkpolicy -b ${TEST_DIR}" 1 - rlRun "rm -f ${TEST_FILE}" - rlRun "rm -rf ${TEST_DIR}" - rlRun "checkpolicy ${TEST_FILE}" 1 - rlRun "checkpolicy -b ${TEST_FILE}" 1 - rlRun "checkpolicy -c 2>&1 | grep \"option requires an argument\"" - rlRun "checkpolicy -c 0 2>&1 | grep \"value 0 not in range\"" - rlRun "checkpolicy -t 2>&1 | grep \"option requires an argument\"" - rlRun "checkpolicy -t xyz 2>&1 | grep -i \"unknown target platform\"" - rlRun "checkpolicy --help 2>&1 | grep -- '-m]'" 1 - rlPhaseEnd - - rlPhaseStartTest - if rlIsRHEL 5 6 ; then - ACTIVE_POLICY="/selinux/policy" - else - ACTIVE_POLICY="/sys/fs/selinux/policy" - fi - rlRun "echo -e 'q\n' | checkpolicy -Mdb ${ACTIVE_POLICY} | tee ${OUTPUT_FILE}" - rlRun "grep -qi -e error -e ebitmap -e 'not match' ${OUTPUT_FILE}" 1 - for POLICY_TYPE in minimum mls targeted ; do - if [ ! -e /etc/selinux/${POLICY_TYPE}/policy/policy.* ] ; then - continue - fi - rlRun "echo -e 'q\n' | checkpolicy -Mdb /etc/selinux/${POLICY_TYPE}/policy/policy.* | tee ${OUTPUT_FILE}" - rlRun "grep -qi -e error -e ebitmap -e 'not match' ${OUTPUT_FILE}" 1 - done - rlPhaseEnd - - rlPhaseStartTest - if rlIsRHEL 5 6 ; then - ACTIVE_POLICY_TREE="/selinux" - else # RHEL-7 and above - ACTIVE_POLICY_TREE="/sys/fs/selinux" - fi - MIN_VERSION="15" - MAX_VERSION=`find /etc/selinux/ -name policy.?? | cut -d / -f 6 | cut -d . -f 2 | head -n 1` - for POLICY_TYPE in minimum mls targeted ; do - if rlIsRHEL 5 6 ; then - VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION}` - else - # some versions are skipped because seinfo segfaults when inspecting binary policies between v.20 and v.23" - VERSIONS=`seq ${MIN_VERSION} 1 ${MAX_VERSION} | grep -v -e 19 -e 20 -e 21 -e 22 -e 23` - fi - for CUR_VERSION in ${VERSIONS} ; do - rlRun "rm -f policy.out" - rlWatchdog "checkpolicy -b -M -c ${CUR_VERSION} -o policy.out /etc/selinux/${POLICY_TYPE}/policy/policy.${MAX_VERSION}" 15 - if [ -s policy.out ] ; then - rlRun "seinfo policy.out 2>&1 | tee ${OUTPUT_FILE}" - rlRun "grep -i -e \"policy version.*${CUR_VERSION}\" -e \"unable to open policy\" ${OUTPUT_FILE}" - else - rlRun "ls -l policy.out" - fi - done - done - rlPhaseEnd - - rlPhaseStartCleanup - rm -f ${OUTPUT_FILE} policy.out - rlPhaseEnd -rlJournalPrintText -rlJournalEnd - diff --git a/tests/sedismod/Makefile b/tests/sedismod/Makefile deleted file mode 100644 index 62a901c..0000000 --- a/tests/sedismod/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/checkpolicy/Sanity/sedismod -# Description: Does sedismod work correctly ?) -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/checkpolicy/Sanity/sedismod -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE sedismod.exp - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - test -x sedismod.exp || chmod a+x sedismod.exp - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Milos Malik " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Does sedismod work correctly?" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: checkpolicy" >> $(METADATA) - @echo "Requires: checkpolicy selinux-policy-targeted expect policycoreutils psmisc" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - - rhts-lint $(METADATA) - diff --git a/tests/sedismod/PURPOSE b/tests/sedismod/PURPOSE deleted file mode 100644 index 3c9db2c..0000000 --- a/tests/sedismod/PURPOSE +++ /dev/null @@ -1,5 +0,0 @@ -PURPOSE of /CoreOS/checkpolicy/Sanity/sedismod -Author: Milos Malik - -Does sedismod work correctly? - diff --git a/tests/sedismod/runtest.sh b/tests/sedismod/runtest.sh deleted file mode 100755 index 8f86e9e..0000000 --- a/tests/sedismod/runtest.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/checkpolicy/Sanity/sedismod -# Description: Does sedismod work correctly -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="checkpolicy" -# TODO: repeat for all policy modules that are installed under /etc/selinux -if rlIsFedora ; then - POLICY_FILE="`find /var/lib/selinux/targeted -type d -name base`/hll" -elif rlIsRHEL '<7.3' ; then - POLICY_FILE=`find /etc/selinux/targeted -type f -name base.pp` -else # RHEL-7.3 and above - POLICY_FILE="`find /etc/selinux/targeted -type d -name base`/hll" -fi - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - OUTPUT_FILE=`mktemp` - if rlIsRHEL '>=7.3' || rlIsFedora ; then - rlRun "semodule -H -E base" - else - rlRun "cp ${POLICY_FILE} ./base.pp.bz2" - rlRun "rm -f base.pp" - rlRun "bzip2 -d ./base.pp.bz2" - fi - POLICY_FILE="base.pp" - rlRun "ls -l ${POLICY_FILE}" - rlPhaseEnd - - rlPhaseStartTest "check all available options" - if rlIsRHEL 6 ; then - AVAILABLE_OPTIONS="1 2 3 4 5 6 7 8 0 a b c u" - else # RHEL-7 and above - AVAILABLE_OPTIONS="1 2 3 4 5 6 7 8 9 0 a b c u F" - fi - for OPTION in ${AVAILABLE_OPTIONS} ; do - rlRun "rm -f ${OUTPUT_FILE}" - rlWatchdog "./sedismod.exp ${OPTION} ${POLICY_FILE} ${OUTPUT_FILE}" 65 - # rlWatchdog kills the expect script, but we need to kill the sedismod process too - rlRun "killall sedismod" 0,1 - rlRun "ls -l ${OUTPUT_FILE}" - if [ -s ${OUTPUT_FILE} ] ; then - rlPass "sedismod produced some output" - else - rlFail "sedismod did not produce any output" - fi - done - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "rm -f ${OUTPUT_FILE} ${POLICY_FILE}" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd - diff --git a/tests/sedismod/sedismod.exp b/tests/sedismod/sedismod.exp deleted file mode 100755 index 7409bfe..0000000 --- a/tests/sedismod/sedismod.exp +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/expect -f -# ./sedismod.exp option policyfile outputfile -set option [lrange $argv 0 0] -set policyfile [lrange $argv 1 1] -set outputfile [lrange $argv 2 2] -set timeout 60 -spawn sedismod $policyfile -expect "Command*:" { - send -- "f\r" -} -expect "Filename*:" { - send -- "$outputfile\r" -} -expect "Command*:" { - send -- "$option\r" -} -expect "Command*:" { - send -- "q\r" -} -expect eof - diff --git a/tests/sedispol/Makefile b/tests/sedispol/Makefile deleted file mode 100644 index f39bae8..0000000 --- a/tests/sedispol/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/checkpolicy/Sanity/sedispol -# Description: Does sedispol work correctly? -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/checkpolicy/Sanity/sedispol -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE sedispol.exp - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - test -x sedispol.exp || chmod a+x sedispol.exp - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Milos Malik " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Does sedispol work correctly?" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: checkpolicy" >> $(METADATA) - @echo "Requires: checkpolicy selinux-policy expect" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - - rhts-lint $(METADATA) - diff --git a/tests/sedispol/PURPOSE b/tests/sedispol/PURPOSE deleted file mode 100644 index 4ab0c43..0000000 --- a/tests/sedispol/PURPOSE +++ /dev/null @@ -1,5 +0,0 @@ -PURPOSE of /CoreOS/checkpolicy/Sanity/sedispol -Author: Milos Malik - -Does sedispol work correctly? - diff --git a/tests/sedispol/runtest.sh b/tests/sedispol/runtest.sh deleted file mode 100755 index 5ed441b..0000000 --- a/tests/sedispol/runtest.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/checkpolicy/Sanity/sedispol -# Description: Does sedispol work correctly? -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="checkpolicy" -# TODO: repeat for all policy files that are installed under /etc/selinux -POLICY_FILE=`find /etc/selinux/targeted/policy/ -type f` - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - OUTPUT_FILE=`mktemp` - rlPhaseEnd - - rlPhaseStartTest - if rlIsRHEL 6 ; then - AVAILABLE_OPTIONS="1 2 3 4 5 6 c p u" - else # RHEL-7 and above - AVAILABLE_OPTIONS="1 2 3 4 5 6 8 c p u F" - fi - for OPTION in ${AVAILABLE_OPTIONS} ; do - rlRun "rm -f ${OUTPUT_FILE}" - rlWatchdog "./sedispol.exp ${OPTION} ${POLICY_FILE} ${OUTPUT_FILE}" 65 - # rlWatchdog kills the expect script, but we need to kill the sedispol process too - rlRun "killall sedispol" 0,1 - rlRun "ls -l ${OUTPUT_FILE}" - if [ -s ${OUTPUT_FILE} ] ; then - rlPass "sedispol produced some output" - else - rlFail "sedispol did not produce any output" - fi - done - rlPhaseEnd - - rlPhaseStartTest - rlRun "echo q | sedispol ${POLICY_FILE} >& ${OUTPUT_FILE}" - rlRun "grep AVTAB ${OUTPUT_FILE}" - rlRun "grep AVTAG ${OUTPUT_FILE}" 1 - rlRun "echo -en 'u\nq\n' | sedispol ${POLICY_FILE} >& ${OUTPUT_FILE}" - rlRun "grep permissions ${OUTPUT_FILE}" - rlRun "grep permisions ${OUTPUT_FILE}" 1 - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "rm -f ${OUTPUT_FILE}" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd - diff --git a/tests/sedispol/sedispol.exp b/tests/sedispol/sedispol.exp deleted file mode 100755 index 462e3b8..0000000 --- a/tests/sedispol/sedispol.exp +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/expect -f -# ./sedispol.exp option policyfile outputfile -set option [lrange $argv 0 0] -set policyfile [lrange $argv 1 1] -set outputfile [lrange $argv 2 2] -set timeout 60 -spawn sedispol $policyfile -expect "Command*:" { - send -- "f\r" -} -expect "Filename*:" { - send -- "$outputfile\r" -} -expect "Command*:" { - send -- "$option\r" -} -expect "Command*:" { - send -- "q\r" -} -expect eof - diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 334b38c..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Tests for Classic -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - repositories: - - repo: "https://src.fedoraproject.org/tests/selinux.git" - dest: "selinux" - fmf_filter: "tier:1 | component:checkpolicy" - -# Tests for Container -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - container - repositories: - - repo: "https://src.fedoraproject.org/tests/selinux.git" - dest: "selinux" - tests: - - selinux/checkpolicy/checkmodule - - selinux/checkpolicy/checkpolicy - - selinux/checkpolicy/sedismod - - selinux/checkpolicy/sedispol - required_packages: - - checkpolicy # Required by all tests - - grep # Required by checkmodule - - coreutils # Required by checkmodule - - setools-console # Required by checkpolicy - - selinux-policy-minimum # Required by checkpolicy - - selinux-policy-mls # Required by checkpolicy - - selinux-policy-targeted # Required by checkpolicy and sedismod - - expect # Required by sedismod and sedispol - - policycoreutils # Required by sedismod - - psmisc # Required by sedismod - - selinux-policy # Required by sedispol