368 lines
15 KiB
Bash
Executable File
368 lines
15 KiB
Bash
Executable File
#!/bin/bash
|
|
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# runtest.sh of /CoreOS/libselinux/Sanity/selinux_restorecon-functions
|
|
# Description: Test functions in selinux_restorecon.c
|
|
# Author: Jan Zarsky <jzarsky@redhat.com>
|
|
#
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# Copyright (c) 2016 Red Hat, Inc.
|
|
#
|
|
# This program is free software: you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation, either version 2 of
|
|
# the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be
|
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
# PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see http://www.gnu.org/licenses/.
|
|
#
|
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
# Include Beaker environment
|
|
. /usr/bin/rhts-environment.sh || exit 1
|
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
|
|
|
PACKAGE="libselinux"
|
|
|
|
function createTestFiles {
|
|
rlLogInfo "Creating testing files"
|
|
|
|
TmpDir="/home/user/testdir"
|
|
rlRun "mkdir $TmpDir"
|
|
|
|
rlRun "pushd $TmpDir"
|
|
|
|
rlRun "mkdir -p a/b"
|
|
|
|
rlRun "touch afile"
|
|
rlRun "touch a/bfile"
|
|
rlRun "touch a/b/cfile"
|
|
|
|
rlRun "popd"
|
|
}
|
|
|
|
function changeContext {
|
|
rlLogInfo "Changing context of testing files"
|
|
|
|
rlRun "pushd $TmpDir"
|
|
|
|
rlRun "chcon -t var_log_t ."
|
|
rlRun "chcon -t var_log_t a"
|
|
rlRun "chcon -t var_log_t a/b"
|
|
rlRun "chcon -t var_log_t afile"
|
|
rlRun "chcon -t var_log_t a/bfile"
|
|
rlRun "chcon -t var_log_t a/b/cfile"
|
|
|
|
rlRun "popd"
|
|
}
|
|
|
|
function deleteTestFiles {
|
|
rlLogInfo "Deleting testing files"
|
|
|
|
rlRun "rm -rf $TmpDir"
|
|
}
|
|
|
|
rlJournalStart
|
|
rlPhaseStartSetup
|
|
rlAssertRpm ${PACKAGE}
|
|
rlAssertRpm ${PACKAGE}-devel
|
|
rlAssertRpm "glibc"
|
|
rlAssertRpm "strace"
|
|
|
|
rlRun -l "gcc test_restorecon.c -o test_restorecon -lselinux -pedantic -Wall -Wextra -std=c99"
|
|
rlRun -l "gcc test_exclude_list.c -o test_exclude_list -lselinux -pedantic -Wall -Wextra -std=c99"
|
|
rlRun -l "gcc test_sehandle.c -o test_sehandle -lselinux -pedantic -Wall -Wextra -std=c99"
|
|
|
|
rlRun "useradd user"
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "test call"
|
|
createTestFiles
|
|
|
|
rlRun "./test_restorecon $TmpDir" 0 "Calling selinux_restorecon"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "test call with flags"
|
|
createTestFiles
|
|
|
|
rlRun "./test_restorecon $TmpDir IGNORE_DIGEST IGNORE_DIGEST NOCHANGE VERBOSE PROGRESS RECURSE \
|
|
SET_SPECFILE_CTX REALPATH XDEV" 0 "Calling selinux_restorecon with all flags"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "invalid path"
|
|
rlRun "./test_restorecon EMPTY" 255 "Calling selinux_restorecon with empty path"
|
|
|
|
# should probably return both 139 (segfault) or 255, but it is not so important
|
|
rlRun "./test_restorecon NULL" 139,255 "Calling selinux_restorecon with null as path"
|
|
rlRun "./test_restorecon NULL REALPATH" 139,255 "Calling selinux_restorecon with null as path and REALPATH flag"
|
|
|
|
rlRun "./test_restorecon /nonexistent" 255 "Calling selinux_restorecon with nonexisting path"
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "no flags"
|
|
createTestFiles
|
|
changeContext
|
|
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir" 0 "Calling selinux_restorecon"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep var_log_t"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep var_log_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep var_log_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep var_log_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep var_log_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep var_log_t" 1
|
|
|
|
rlLogInfo "Checking lsetxattr calls"
|
|
rlRun "grep lsetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep user_home_t"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep user_home_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep user_home_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep user_home_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep user_home_t" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep user_home_t" 1
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlRun "rm -f strace_xattr.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "RECURSE flag"
|
|
createTestFiles
|
|
changeContext
|
|
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon with RECURSE flag"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep var_log_t"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep var_log_t"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep var_log_t"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep var_log_t"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep var_log_t"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep var_log_t"
|
|
|
|
rlLogInfo "Checking lsetxattr calls"
|
|
rlRun "grep lsetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out | grep user_home_t"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out | grep user_home_t"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out | grep user_home_t"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out | grep user_home_t"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out | grep user_home_t"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out | grep user_home_t"
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlRun "rm -f strace_xattr.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "NOCHANGE flag"
|
|
createTestFiles
|
|
changeContext
|
|
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE NOCHANGE" 0 "Calling selinux_restorecon with NOCHANGE flag"
|
|
|
|
rlLogInfo "Checking lsetxattr calls"
|
|
rlRun "grep lsetxattr strace.out" 1
|
|
|
|
rlRun "rm -f strace.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "/sys directory"
|
|
# directory that supports security.restorecon_last xattr
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon /var/log RECURSE NOCHANGE" 0 "Calling selinux_restorecon on /tmp"
|
|
|
|
rlRun "grep security.restorecon_last strace.out" 0
|
|
|
|
# directory that does not supports security.restorecon_last xattr
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon /sys RECURSE NOCHANGE" 0 "Calling selinux_restorecon on /sys"
|
|
|
|
rlRun "grep security.restorecon_last strace.out" 1
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "no IGNORE_DIGEST flag"
|
|
createTestFiles
|
|
|
|
# run restorecon first time
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon for the first time"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
|
|
# run restorecon second time
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon for the second time"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux" 1
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlRun "rm -f strace_xattr.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "IGNORE_DIGEST flag"
|
|
createTestFiles
|
|
|
|
# run restorecon first time
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE" 0 "Calling selinux_restorecon for the first time"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
|
|
# run restorecon second time
|
|
rlRun "strace -ostrace.out -s 64 ./test_restorecon $TmpDir RECURSE IGNORE_DIGEST" 0 "Calling selinux_restorecon for the second time"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlRun "rm -f strace_xattr.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "selinux_restorecon_set_exclude_list"
|
|
createTestFiles
|
|
|
|
# empty exclude list
|
|
rlRun "strace -ostrace.out -s 64 ./test_exclude_list EMPTY $TmpDir" 0 "Calling selinux_restorecon_set_exclude_list with empty list"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
|
|
# null as list
|
|
if rlIsFedora ">=26"; then
|
|
rlRun "strace -ostrace.out -s 64 ./test_exclude_list NULL $TmpDir" 139 "Calling selinux_restorecon_set_exclude_list with null as list"
|
|
else
|
|
rlRun "strace -ostrace.out -s 64 ./test_exclude_list NULL $TmpDir" 0 "Calling selinux_restorecon_set_exclude_list with null as list"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
fi
|
|
|
|
# exclude $TmpDir/a
|
|
rlRun "strace -ostrace.out -s 64 ./test_exclude_list $TmpDir/a $TmpDir" 0 "Calling selinux_restorecon_set_exclude_list"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out" 1
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out" 1
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out" 1
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlRun "rm -f strace_xattr.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartTest "selinux_restorecon_set_sehandle"
|
|
createTestFiles
|
|
|
|
# null sehandle
|
|
rlRun "./test_sehandle NULL $TmpDir" 139,255 "Calling selinux_restorecon_set_sehandle with null handle"
|
|
|
|
# invalid sehandle
|
|
rlRun "./test_sehandle INVALID $TmpDir" 139,255 "Calling selinux_restorecon_set_sehandle with invalid handle"
|
|
|
|
# default sehandle
|
|
rlRun "strace -ostrace.out -s 64 ./test_sehandle DEFAULT $TmpDir" 0 "Calling selinux_restorecon_set_sehandle with default handle"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
|
|
# custom sehandle
|
|
rlRun "strace -ostrace.out -s 64 ./test_sehandle CUSTOM $TmpDir" 0 "Calling selinux_restorecon_set_sehandle with custom handle"
|
|
|
|
rlLogInfo "Checking lgetxattr calls"
|
|
rlRun "grep lgetxattr strace.out | grep security.selinux > strace_xattr.out"
|
|
|
|
rlRun "grep \"\\\"$TmpDir\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/afile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/bfile\\\"\" strace_xattr.out"
|
|
rlRun "grep \"\\\"$TmpDir/a/b/cfile\\\"\" strace_xattr.out"
|
|
|
|
rlRun "rm -f strace.out"
|
|
rlRun "rm -f strace_xattr.out"
|
|
|
|
deleteTestFiles
|
|
rlPhaseEnd
|
|
|
|
rlPhaseStartCleanup
|
|
rlRun "rm -f test_restorecon test_exclude_list test_sehandle"
|
|
|
|
rlRun "userdel -r user"
|
|
rlPhaseEnd
|
|
rlJournalPrintText
|
|
rlJournalEnd
|