diff --git a/tests/capsh-basic-functionality/Makefile b/tests/capsh-basic-functionality/Makefile new file mode 100644 index 0000000..49f35ed --- /dev/null +++ b/tests/capsh-basic-functionality/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libcap/Sanity/capsh-basic-functionality +# Description: tests basic functionality +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libcap/Sanity/capsh-basic-functionality +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Karel Srot " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: tests basic functionality" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libcap" >> $(METADATA) + @echo "Requires: libcap" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/capsh-basic-functionality/PURPOSE b/tests/capsh-basic-functionality/PURPOSE new file mode 100644 index 0000000..810902f --- /dev/null +++ b/tests/capsh-basic-functionality/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/libcap/Sanity/capsh-basic-functionality +Description: tests basic functionality +Author: Karel Srot diff --git a/tests/capsh-basic-functionality/runtest.sh b/tests/capsh-basic-functionality/runtest.sh new file mode 100755 index 0000000..6102418 --- /dev/null +++ b/tests/capsh-basic-functionality/runtest.sh @@ -0,0 +1,123 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libcap/Sanity/capsh-basic-functionality +# Description: tests basic functionality +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libcap" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "useradd -m libcap_tester" + rlPhaseEnd + + rlPhaseStartTest "Remove the listed capabilities from the prevailing bounding set" + rlRun -s "capsh --drop=cap_net_raw -- -c 'getpcaps \$\$'" + rlAssertGrep "Capabilities for" $rlRun_LOG + rlAssertNotGrep cap_net_raw $rlRun_LOG + rlRun -s "capsh --drop=cap_net_raw -- -c 'ping localhost -c 1'" 2,126 "Ping without cap_net_raw shoud fail" + rlAssertGrep "Operation not permitted" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Set the prevailing process capabilities" + rlRun -s "capsh --caps=cap_chown+p --print" + rlAssertGrep "Current: = cap_chown+p" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Set the inheritable set of capabilities" + rlRun -s "capsh --inh=cap_chown --print" + rlRun "grep 'Current: = ' $rlRun_LOG | grep 'cap_chown+eip'" + rlRun -s "capsh --inh=cap_chown -- -c 'getpcaps \$\$' 2>&1" + rlAssertGrep "cap_chown+eip" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Assume the identity of the user nobody" + USERID=`id -u nobody` + GROUPID=`id -g nobody` + rlRun -s "capsh --user=nobody -- -c 'id'" + rlAssertGrep "uid=$USERID(nobody) gid=$GROUPID(nobody) groups=$GROUPID(nobody)" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Force all uid values to equal to nobody" + rlRun -s "capsh --uid=$USERID -- -c 'id'" + rlAssertGrep "uid=$USERID(nobody) gid=0(root) groups=0(root)" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Force all gid values to equal to nobody" + rlRun -s "capsh --gid=$GROUPID -- -c 'id'" + rlAssertGrep "uid=0(root) gid=$GROUPID(nobody)" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Set the supplementary groups" + GROUP2ID=`id -g daemon` + rlRun -s "capsh --groups=${GROUPID},${GROUP2ID} -- -c id" + rlAssertGrep "uid=0(root) gid=0(root) groups=0(root),${GROUP2ID}(daemon),${GROUPID}(nobody)" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Permit the process to retain its capabilities after a setuid" + CURRENT=`capsh --print | grep 'Current:' | cut -d '+' -f 1` + rlRun -s "capsh --keep=0 --uid=$USERID --print" + rlAssertGrep 'Current: =$' $rlRun_LOG -E + rlRun -s "capsh --keep=1 --uid=$USERID --print" + rlAssertGrep "$CURRENT" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Decode capabilities" + rlRun "CODE=$( cat /proc/$$/status | awk '/CapEff/ { print $2 }' )" + rlRun "DECODE=$( capsh --decode=$CODE | cut -d '=' -f 2 )" + rlRun "capsh --print | grep 'Current: = $DECODE'" + rlPhaseEnd + + rlPhaseStartTest "Verify the existence of a capability on the system" + rlRun "capsh --supports=cap_net_raw" + rlRun -s "capsh --supports=cap_foo_bar" 1 + rlAssertGrep "cap\[cap_foo_bar\] not recognized by library" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "Verify exit code for unsupported option" + rlRun "capsh --foo bar" 1 + rlPhaseEnd + + rlPhaseStartTest "Run as a regular user" + USERID=`id -u libcap_tester` + rlRun -s "su - libcap_tester -c 'capsh --print'" + rlAssertGrep "Current: =\$" $rlRun_LOG -E + rlAssertGrep "uid=$USERID(libcap_tester)" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "userdel -r libcap_tester" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/pam_cap-so-sanity-test/Makefile b/tests/pam_cap-so-sanity-test/Makefile new file mode 100644 index 0000000..3f30e80 --- /dev/null +++ b/tests/pam_cap-so-sanity-test/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test +# Description: basic functionality test for pam_cap.so module +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libcap/Sanity/pam_cap-so-sanity-test +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Karel Srot " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: basic functionality test for pam_cap.so module" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libcap" >> $(METADATA) + @echo "Requires: libcap" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/pam_cap-so-sanity-test/PURPOSE b/tests/pam_cap-so-sanity-test/PURPOSE new file mode 100644 index 0000000..9edc2b0 --- /dev/null +++ b/tests/pam_cap-so-sanity-test/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test +Description: basic functionality test for pam_cap.so module +Author: Karel Srot + +Test if a test user can be granted capabilities via pam_cap.so module. diff --git a/tests/pam_cap-so-sanity-test/runtest.sh b/tests/pam_cap-so-sanity-test/runtest.sh new file mode 100755 index 0000000..be93b30 --- /dev/null +++ b/tests/pam_cap-so-sanity-test/runtest.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test +# Description: basic functionality test for pam_cap.so module +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libcap" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "useradd -m pam_cap_user" + rlRun "useradd -m pam_cap_user2" + rlFileBackup /etc/pam.d/su + [ -f /etc/security/capability.conf ] && rlFileBackup /etc/security/capability.conf + rlRun "echo -e 'cap_net_raw pam_cap_user\nnone *' > /etc/security/capability.conf" + rlRun "sed '1 s/^/auth required pam_cap.so/' -i /etc/pam.d/su" 0 "Configure pam_cap.so in /etc/pam.d/su" + rlPhaseEnd + + rlPhaseStartTest + rlRun "su - pam_cap_user -c 'getpcaps \$\$' &> user1.log" + rlAssertGrep "Capabilities for.* = cap_net_raw" user1.log -E + rlRun "su - pam_cap_user2 -c 'getpcaps \$\$' &> user2.log" + rlAssertNotGrep "cap_net_raw" user2.log + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "userdel -r pam_cap_user" + rlRun "userdel -r pam_cap_user2" + rlFileRestore + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/pkg-config-libcap-pc-addition/Makefile b/tests/pkg-config-libcap-pc-addition/Makefile new file mode 100644 index 0000000..57b4cd6 --- /dev/null +++ b/tests/pkg-config-libcap-pc-addition/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition +# Description: Test for BZ#1425490 (Missing libcap.pc) +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Karel Srot " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test for BZ#1425490 (Missing libcap.pc)" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libcap" >> $(METADATA) + @echo "Requires: libcap libcap-devel pkgconfig" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 1425490" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/pkg-config-libcap-pc-addition/PURPOSE b/tests/pkg-config-libcap-pc-addition/PURPOSE new file mode 100644 index 0000000..68dbb0b --- /dev/null +++ b/tests/pkg-config-libcap-pc-addition/PURPOSE @@ -0,0 +1,7 @@ +PURPOSE of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition +Description: Test for BZ#1425490 (Missing libcap.pc) +Author: Karel Srot +Bug summary: Missing libcap.pc +Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1425490 + +Checking the presence and sanity of the libcap.pc file. diff --git a/tests/pkg-config-libcap-pc-addition/runtest.sh b/tests/pkg-config-libcap-pc-addition/runtest.sh new file mode 100755 index 0000000..b63ad04 --- /dev/null +++ b/tests/pkg-config-libcap-pc-addition/runtest.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition +# Description: Test for BZ#1425490 (Missing libcap.pc) +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libcap" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest + rlRun "rpm -ql libcap-devel | grep libcap.pc" 0 "There must be libcap.pc" + if [ $? -eq 0 ]; then + PCFILE=$(rpm -ql libcap-devel | grep libcap.pc) + rlRun "pkg-config --libs libcap | grep -- '-lcap'" + VER=$(awk '/Version:/ { print $2 }' $PCFILE | tail -1) + rlRun "pkg-config --modversion libcap | grep $VER" + rlRun -s "pkg-config --print-variables libcap" + rlAssertGrep "^prefix" $rlRun_LOG + rlAssertGrep "^exec_prefix" $rlRun_LOG + rlAssertGrep "^libdir" $rlRun_LOG + rlAssertGrep "^includedir" $rlRun_LOG + fi + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/setcap-getcap-basic-functionality/Makefile b/tests/setcap-getcap-basic-functionality/Makefile new file mode 100644 index 0000000..02ce5d5 --- /dev/null +++ b/tests/setcap-getcap-basic-functionality/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality +# Description: test basic functionality +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/libcap/Sanity/setcap-getcap-basic-functionality +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Karel Srot " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: test basic functionality" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: libcap" >> $(METADATA) + @echo "Requires: libcap" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/setcap-getcap-basic-functionality/PURPOSE b/tests/setcap-getcap-basic-functionality/PURPOSE new file mode 100644 index 0000000..a6ea33d --- /dev/null +++ b/tests/setcap-getcap-basic-functionality/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality +Description: test basic functionality +Author: Karel Srot diff --git a/tests/setcap-getcap-basic-functionality/runtest.sh b/tests/setcap-getcap-basic-functionality/runtest.sh new file mode 100755 index 0000000..3639367 --- /dev/null +++ b/tests/setcap-getcap-basic-functionality/runtest.sh @@ -0,0 +1,98 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality +# Description: test basic functionality +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="libcap" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlRun "mkdir mydir && touch file1 mydir/file2 mydir/file3" + rlPhaseEnd + + rlPhaseStartTest "set and get capabilities" + rlRun "setcap cap_net_admin+p file1 cap_net_raw+ei mydir/file2" + rlRun -s "getcap file1 mydir/file2" + rlAssertGrep "file1 = cap_net_admin+p" $rlRun_LOG + rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "set capabilities via stdin" + rlRun "echo -e 'cap_net_raw+p\ncap_net_admin+p' > input" + rlRun -s "setcap - mydir/file3 < input" + rlAssertGrep "Please enter caps for file \[empty line to end\]:" $rlRun_LOG + rlRun "getcap mydir/file3 | grep 'mydir/file3 = cap_net_admin,cap_net_raw+p'" + rlPhaseEnd + + rlPhaseStartTest "set capabilities quietly via stdin" + rlRun "echo -e 'cap_net_raw+p' > input" + rlRun -s "setcap -q - mydir/file3 < input" + rlAssertNotGrep "Please enter caps for file" $rlRun_LOG + rlRun "getcap mydir/file3 | grep 'mydir/file3 = cap_net_raw+p'" + rlPhaseEnd + + rlPhaseStartTest "remove capabilities" + rlRun "setcap -r mydir/file3" + rlRun "getcap | grep file3" 1 "There should be no capabilities listed for file1" + rlPhaseEnd + + rlPhaseStartTest "listing capabilities recursively" + rlRun -s "getcap -r *" + rlAssertGrep "file1 = cap_net_admin+p" $rlRun_LOG + rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartTest "listing capabilities verbosely" + rlRun -s "getcap -v mydir/*" + rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG + rlAssertGrep "mydir/file3\$" $rlRun_LOG -E + rlPhaseEnd + + rlPhaseStartTest "print help" + rlRun "setcap -h | grep 'usage: setcap'" 1 + rlRun "getcap -h | grep 'usage: getcap'" 1 + rlPhaseEnd + + rlPhaseStartTest "exit with 1 on error" + rlRun -s "setcap foo bar" 1 + rlAssertGrep "fatal error: Invalid argument" $rlRun_LOG + rlRun -s "getcap -f oo" 1 + rlAssertGrep "getcap: invalid option -- 'f'" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml index 08a5513..fbbca7f 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -3,11 +3,26 @@ - role: standard-test-beakerlib tags: - classic + - container tests: - sanity-tests + - pam_cap-so-sanity-test + - setcap-getcap-basic-functionality required_packages: - - libcap + - libcap # libcap package required for all tests - libcap-devel - libcmocka - libcmocka-devel - gcc + - iputils # ping command required for capsh-basic-functionality + +# Tests that run in atomic +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - atomic + tests: + - capsh-basic-functionality + - pam_cap-so-sanity-test + - setcap-getcap-basic-functionality