#!/bin/bash # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/libselinux/Sanity/selinux_restorecon-functions # Description: Test functions in selinux_restorecon.c # Author: Jan Zarsky # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Copyright (c) 2016 Red Hat, Inc. # # This program is free software: you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation, either version 2 of # the License, or (at your option) any later version. # # This program is distributed in the hope that it will be # useful, but WITHOUT ANY WARRANTY; without even the implied # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see http://www.gnu.org/licenses/. # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment . /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="libselinux" function createTestFiles { rlLogInfo "Creating testing files" TmpDir="/home/user/testdir" rlRun "mkdir $TmpDir" rlRun "pushd $TmpDir" rlRun "mkdir -p a/b" rlRun "touch afile" rlRun "touch a/bfile" rlRun "touch a/b/cfile" rlRun "popd" } function changeContext { rlLogInfo "Changing context of testing files" rlRun "pushd $TmpDir" rlRun "chcon -t var_log_t ." rlRun "chcon -t var_log_t a" rlRun "chcon -t var_log_t a/b" rlRun "chcon -t var_log_t afile" rlRun "chcon -t var_log_t a/bfile" rlRun "chcon -t var_log_t a/b/cfile" rlRun "popd" } function deleteTestFiles { rlLogInfo "Deleting testing files" rlRun "rm -rf $TmpDir" } rlJournalStart rlPhaseStartSetup rlAssertRpm ${PACKAGE} rlAssertRpm ${PACKAGE}-devel rlAssertRpm "glibc" rlAssertRpm "strace" rlRun -l "gcc test_restorecon.c -o test_restorecon -lselinux -pedantic -Wall -Wextra -std=c99" rlRun -l "gcc test_exclude_list.c -o test_exclude_list -lselinux -pedantic -Wall -Wextra -std=c99" rlRun -l "gcc test_sehandle.c -o test_sehandle -lselinux -pedantic -Wall -Wextra -std=c99" rlRun "useradd user" rlPhaseEnd rlPhaseStartTest "test call" createTestFiles rlRun "./test_restorecon $TmpDir" 0 "Calling selinux_restorecon" deleteTestFiles rlPhaseEnd rlPhaseStartTest "test call with flags" createTestFiles rlRun "./test_restorecon $TmpDir IGNORE_DIGEST IGNORE_DIGEST NOCHANGE VERBOSE PROGRESS RECURSE \ SET_SPECFILE_CTX REALPATH XDEV" 0 "Calling selinux_restorecon with all flags" deleteTestFiles rlPhaseEnd rlPhaseStartTest "invalid path" rlRun "./test_restorecon EMPTY" 255 "Calling selinux_restorecon with empty path" # should probably return both 139 (segfault) or 255, but it is not so important rlRun "./test_restorecon NULL" 139,255 "Calling selinux_restorecon with null as path" rlRun "./test_restorecon NULL REALPATH" 139,255 "Calling selinux_restorecon with null as path and REALPATH flag" rlRun "./test_restorecon /nonexistent" 255 "Calling selinux_restorecon with nonexisting path" rlPhaseEnd rlPhaseStartTest "no flags" createTestFiles changeContext rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir" 0 "Calling selinux_restorecon" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep var_log_t" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep var_log_t" 1 rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep var_log_t" 1 rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep var_log_t" 1 rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep var_log_t" 1 rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep var_log_t" 1 rlLogInfo "Checking lsetxattr calls" rlRun "grep lsetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep user_home_t" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep user_home_t" 1 rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep user_home_t" 1 rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep user_home_t" 1 rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep user_home_t" 1 rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep user_home_t" 1 rlRun "rm -f strace.out" rlRun "rm -f strace_xattr.out" deleteTestFiles rlPhaseEnd rlPhaseStartTest "RECURSE flag" createTestFiles changeContext rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon with RECURSE flag" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep var_log_t" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep var_log_t" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep var_log_t" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep var_log_t" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep var_log_t" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep var_log_t" rlLogInfo "Checking lsetxattr calls" rlRun "grep lsetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep user_home_t" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep user_home_t" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep user_home_t" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep user_home_t" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep user_home_t" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep user_home_t" rlRun "rm -f strace.out" rlRun "rm -f strace_xattr.out" deleteTestFiles rlPhaseEnd rlPhaseStartTest "NOCHANGE flag" createTestFiles changeContext rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE NOCHANGE" 0 "Calling selinux_restorecon with NOCHANGE flag" rlLogInfo "Checking lsetxattr calls" rlRun "grep lsetxattr strace.out" 1 rlRun "rm -f strace.out" deleteTestFiles rlPhaseEnd rlPhaseStartTest "/sys directory" # directory that supports security.restorecon_last xattr rlRun "strace -ostrace.out -s 64 ./test_restorecon /var/log RECURSE NOCHANGE" 0 "Calling selinux_restorecon on /tmp" rlRun "grep security.restorecon_last strace.out" 0 # directory that does not supports security.restorecon_last xattr rlRun "strace -ostrace.out -s 64 ./test_restorecon /sys RECURSE NOCHANGE" 0 "Calling selinux_restorecon on /sys" rlRun "grep security.restorecon_last strace.out" 1 rlRun "rm -f strace.out" rlPhaseEnd rlPhaseStartTest "no IGNORE_DIGEST flag" createTestFiles # run restorecon first time rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon for the first time" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" # run restorecon second time rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon for the second time" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux" 1 rlRun "rm -f strace.out" rlRun "rm -f strace_xattr.out" deleteTestFiles rlPhaseEnd rlPhaseStartTest "IGNORE_DIGEST flag" createTestFiles # run restorecon first time rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon for the first time" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" # run restorecon second time rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE IGNORE_DIGEST" 0 "Calling selinux_restorecon for the second time" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" rlRun "rm -f strace.out" rlRun "rm -f strace_xattr.out" deleteTestFiles rlPhaseEnd rlPhaseStartTest "selinux_restorecon_set_exclude_list" createTestFiles # empty exclude list rlRun "strace -ostrace.out -s 64 ./test_exclude_list EMPTY $TmpDir" 0 "Calling selinux_restorecon_set_exclude_list with empty list" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" # null as list if rlIsFedora ">=26"; then rlRun "strace -ostrace.out -s 64 ./test_exclude_list NULL $TmpDir" 139 "Calling selinux_restorecon_set_exclude_list with null as list" else rlRun "strace -ostrace.out -s 64 ./test_exclude_list NULL $TmpDir" 0 "Calling selinux_restorecon_set_exclude_list with null as list" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" fi # exclude $TmpDir/a rlRun "strace -ostrace.out -s 64 ./test_exclude_list $TmpDir/a $TmpDir" 0 "Calling selinux_restorecon_set_exclude_list" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" 1 rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" 1 rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" 1 rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" 1 rlRun "rm -f strace.out" rlRun "rm -f strace_xattr.out" deleteTestFiles rlPhaseEnd rlPhaseStartTest "selinux_restorecon_set_sehandle" createTestFiles # null sehandle rlRun "./test_sehandle NULL $TmpDir" 139,255 "Calling selinux_restorecon_set_sehandle with null handle" # invalid sehandle rlRun "./test_sehandle INVALID $TmpDir" 139,255 "Calling selinux_restorecon_set_sehandle with invalid handle" # default sehandle rlRun "strace -ostrace.out -s 64 ./test_sehandle DEFAULT $TmpDir" 0 "Calling selinux_restorecon_set_sehandle with default handle" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" # custom sehandle rlRun "strace -ostrace.out -s 64 ./test_sehandle CUSTOM $TmpDir" 0 "Calling selinux_restorecon_set_sehandle with custom handle" rlLogInfo "Checking lgetxattr calls" rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out" rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" rlRun "rm -f strace.out" rlRun "rm -f strace_xattr.out" deleteTestFiles rlPhaseEnd rlPhaseStartCleanup rlRun "rm -f test_restorecon test_exclude_list test_sehandle" rlRun "userdel -r user" rlPhaseEnd rlJournalPrintText rlJournalEnd