diff --git a/.gitignore b/.gitignore index 71363ca..c2056b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,26 +1,47 @@ -SOURCES/gui-po.tgz -SOURCES/policycoreutils-2.9.tar.gz -SOURCES/policycoreutils-po.tgz -SOURCES/python-po.tgz -SOURCES/restorecond-2.9.tar.gz -SOURCES/sandbox-po.tgz -SOURCES/selinux-dbus-2.9.tar.gz -SOURCES/selinux-gui-2.9.tar.gz -SOURCES/selinux-python-2.9.tar.gz -SOURCES/selinux-sandbox-2.9.tar.gz -SOURCES/semodule-utils-2.9.tar.gz -SOURCES/sepolicy-icons.tgz -SOURCES/system-config-selinux.png +/policycoreutils_man_ru2.tar.bz2 +/policycoreutils-2.7.tar.gz +/selinux-python-2.7.tar.gz +/selinux-gui-2.7.tar.gz +/selinux-sandbox-2.7.tar.gz +/selinux-dbus-2.7.tar.gz +/semodule-utils-2.7.tar.gz +/restorecond-2.7.tar.gz +/policycoreutils-2.8-rc1.tar.gz +/restorecond-2.8-rc1.tar.gz +/selinux-dbus-2.8-rc1.tar.gz +/selinux-gui-2.8-rc1.tar.gz +/selinux-python-2.8-rc1.tar.gz +/selinux-sandbox-2.8-rc1.tar.gz +/semodule-utils-2.8-rc1.tar.gz +/policycoreutils-2.8-rc2.tar.gz +/restorecond-2.8-rc2.tar.gz +/selinux-dbus-2.8-rc2.tar.gz +/selinux-gui-2.8-rc2.tar.gz +/selinux-python-2.8-rc2.tar.gz +/selinux-sandbox-2.8-rc2.tar.gz +/semodule-utils-2.8-rc2.tar.gz +/policycoreutils-2.8-rc3.tar.gz +/restorecond-2.8-rc3.tar.gz +/selinux-dbus-2.8-rc3.tar.gz +/selinux-gui-2.8-rc3.tar.gz +/selinux-python-2.8-rc3.tar.gz +/selinux-sandbox-2.8-rc3.tar.gz +/semodule-utils-2.8-rc3.tar.gz +/policycoreutils-2.8.tar.gz +/restorecond-2.8.tar.gz +/selinux-dbus-2.8.tar.gz +/selinux-gui-2.8.tar.gz +/selinux-python-2.8.tar.gz +/selinux-sandbox-2.8.tar.gz +/semodule-utils-2.8.tar.gz /gui-po.tgz -/policycoreutils-2.9.tar.gz /policycoreutils-po.tgz /python-po.tgz -/restorecond-2.9.tar.gz /sandbox-po.tgz +/policycoreutils-2.9.tar.gz +/restorecond-2.9.tar.gz /selinux-dbus-2.9.tar.gz /selinux-gui-2.9.tar.gz /selinux-python-2.9.tar.gz /selinux-sandbox-2.9.tar.gz /semodule-utils-2.9.tar.gz -/sepolicy-icons.tgz -/system-config-selinux.png diff --git a/README.translations b/README.translations new file mode 100644 index 0000000..badaee4 --- /dev/null +++ b/README.translations @@ -0,0 +1,57 @@ +How to update source files on weblate: + $ git clone git@github.com:fedora-selinux/selinux.git + $ cd selinux + # generate new potfiles + $ for p in policycoreutils python gui sandbox; do + cd $p/po + rm $p.pot + make $p.pot + sed -i 's/charset=CHARSET/charset=UTF-8/g' $p.pot + cd - + done + # https://translate.fedoraproject.org/projects/selinux/policycoreutils/en/ + # Files -> Upload translations + # Repeat the process for python, gui and sandbox + # or use weblate command line tool (get your API key at https://translate.fedoraproject.org/accounts/profile/#api): + $ for p in policycoreutils python gui sandbox; do + wlc --key --url https://translate.fedoraproject.org/api/ upload --input $p/po/$p.pot selinux/rhel8$p/en --method=source + done + +How to pull new translations from weblate + $ git clone git@github.com:fedora-selinux/selinux.git + # https://translate.fedoraproject.org/projects/selinux/policycoreutils + # Files -> Download translation files as ZIP file (save in selinux source directory) + # Repeat the process for python, gui and sandbox + # or use weblate command line tool + $ for p in policycoreutils python gui sandbox; do + wlc --key --url https://translate.fedoraproject.org/api/ download selinux/rhel8$p --output selinux + done + # unzip archives + $ cd selinux + $ for p in policycoreutils python gui sandbox; do + unzip -o selinux-rhel8$p.zip -d .. + mv rhel8$p/selinux/$p/po/*.po $p/po/ + rm -rf selinux-rhel8$p.zip rhel8$p + done + $ git add . + $ git commit + +How to update translations in *-po.tgz files + $ rhpkg clone policycoreutils; cd policycoreutils + $ mkdir weblate; cd weblate + $ for p in policycoreutils python gui sandbox; do + wlc --key --url https://translate.fedoraproject.org/api/ download selinux/rhel8$p --output . + unzip -o selinux-rhel8$p.zip + mv selinux/rhel8$p/selinux/$p . + rm -rf selinux-rhel8$p.zip selinux + cd $p + tar -c -f ../$p-po.tgz -z . + cd - + done + # upload new sources + $ cp *.tgz .. + $ cd .. + $ cat sources | head -n -4 > sources + $ for p in gui policycoreutils python sandbox; do + rhpkg upload $p-po.tgz + done diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh new file mode 100644 index 0000000..4721f6e --- /dev/null +++ b/make-rhat-patches.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +POLICYCOREUTILS_VERSION=2.4 +SEPOLGEN_VERSION=1.2.2 +BRANCH=master + +REBASEDIR=`mktemp -d rebase.XXXXXX` +pushd $REBASEDIR + +git clone git@github.com:fedora-selinux/selinux.git +pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd + +# prepare policycoreutils-rhat.patch +tar xfz ../policycoreutils-$POLICYCOREUTILS_VERSION.tar.gz +pushd policycoreutils-$POLICYCOREUTILS_VERSION + +git init; git add .; git commit -m "init" +cp -r ../selinux/policycoreutils/* . +git add -A . + +git diff --cached --src-prefix=a/policycoreutils-$POLICYCOREUTILS_VERSION/ --dst-prefix=b/policycoreutils-$POLICYCOREUTILS_VERSION/ > ../../policycoreutils-rhat.patch + +popd + +#prepare sepolgen-rhat.patch +tar xfz ../sepolgen-$SEPOLGEN_VERSION.tar.gz +pushd sepolgen-$SEPOLGEN_VERSION + +git init; git add .; git commit -m "init" +cp -r ../selinux/sepolgen/* . +git add -A . + +git diff --cached --src-prefix=a/sepolgen-$SEPOLGEN_VERSION/ --dst-prefix=b/sepolgen-$SEPOLGEN_VERSION/ > ../../sepolgen-rhat.patch + +popd + +popd +# echo rm -rf $REBASEDIR + +echo policycoreutils-rhat.patch and sepolgen-rhat.patch created from https://github.com/fedora-selinux/selinux/commit/$COMMIT diff --git a/selinux-autorelabel b/selinux-autorelabel old mode 100755 new mode 100644 diff --git a/sepolicy-help.tgz b/sepolicy-help.tgz new file mode 100644 index 0000000..621da69 Binary files /dev/null and b/sepolicy-help.tgz differ diff --git a/sepolicy-icons.tgz b/sepolicy-icons.tgz new file mode 100644 index 0000000..722135f Binary files /dev/null and b/sepolicy-icons.tgz differ diff --git a/sources b/sources index 809a5d6..ad243f8 100644 --- a/sources +++ b/sources @@ -1,13 +1,11 @@ -SHA512 (gui-po.tgz) = a1e70afd3113fdab9339231fcb1bf64128aec03063026f4c6e721a29e6e5cc7cf35493bf4e60236b239e1602ad1061a763dfb50e5d285eee40c3f817d21c9920 SHA512 (policycoreutils-2.9.tar.gz) = d8356115671ba66de05f1c13193ab47fab69cc4d09603a92171ed40afafc084dd191591bf336b7d722de637378ad09622ebb6eca85c06063ca9ddd6db10e02a2 -SHA512 (policycoreutils-po.tgz) = 1cd58a3462f11082a858d4460d3a6d4cfa25c345f5d5657ba5274a11194310c3b45ed051ac9461c1d1710f54513ee8bd6643f788b97c9c5d71e66ed7a018d5d1 -SHA512 (python-po.tgz) = 01ce85e8ac163cd7c47c869cbcf57997a007a3227b33d9954c4e346fbf72eb581d6d964cfcce498c6fa7e48466e63692edc41812f7aeb813243fc385567a0c08 SHA512 (restorecond-2.9.tar.gz) = 6de9dd4c6b8e5d8275221aba5df27437998f635cfe83a5da75de479e260ceea884a36253eb873a8d71e1a77ed67544d8657fb75fe409af1f630052ce73ec5d8a -SHA512 (sandbox-po.tgz) = 34726bde3f244720d2158a4d743c458d556463aebb82326a27fb136d6b330aba560f1de601390b2e1fb8b998170f62b1957f95195273ce99afa2a9bc3bbe5aaf SHA512 (selinux-dbus-2.9.tar.gz) = f7a9ab2975eb97ff389a78ddaa2fcf3cd1c5fe590abdbe6aa0aa0c3f0c3a96cc0f34ce54b14e0348b46c1de9257ebe5288e16d585c96a9d8149d969788af359e SHA512 (selinux-gui-2.9.tar.gz) = b6e1847c9f2668670cbe9c2fc65e18001eb03e1d73af049ad6520af486950cf657885a9fb71ad9679c0060fb3ee7dd166d4354e863ad517a9f3aee93587ea57e SHA512 (selinux-python-2.9.tar.gz) = 1138661128635004fec04dc5e39f035680b5f21beb1b79f3328690a1b93a3984d522a02724af793340112a5e647d363dda8a7d3536de959b34ffd69aa396254d SHA512 (selinux-sandbox-2.9.tar.gz) = 429994f6140d7ba03b023681d04b365af837e23c5d64e998f849febe08872549bffc0bc490717d6f500332845ec849483ba0d3dfffa77e02b6a2cd2f631c9f1f SHA512 (semodule-utils-2.9.tar.gz) = 688f1fcb34042b837019302debda76847691657709130b99bf937a85774a0ae69d789ee82b0633a4d2dc661dc6d0a1706a878ac681317df2abe68418bec3f952 -SHA512 (sepolicy-icons.tgz) = 38b03f68450b086a790789f1604ab1b2bdd8aa104c345a73101016d6ddd38742ddc73cde206ce1a799474cc3b587751f1d75903d79bd7db2271bc3a6075b3430 -SHA512 (system-config-selinux.png) = d38e7dd12edbfd256df7b704f12658f0c3ba9d61da9d472c9a4794668c430c429a13cd836e5766b85288250936edfcb0db814a71f1bf4d267c3472d5ff8c4a5d +SHA512 (gui-po.tgz) = a1e70afd3113fdab9339231fcb1bf64128aec03063026f4c6e721a29e6e5cc7cf35493bf4e60236b239e1602ad1061a763dfb50e5d285eee40c3f817d21c9920 +SHA512 (policycoreutils-po.tgz) = 1cd58a3462f11082a858d4460d3a6d4cfa25c345f5d5657ba5274a11194310c3b45ed051ac9461c1d1710f54513ee8bd6643f788b97c9c5d71e66ed7a018d5d1 +SHA512 (python-po.tgz) = 01ce85e8ac163cd7c47c869cbcf57997a007a3227b33d9954c4e346fbf72eb581d6d964cfcce498c6fa7e48466e63692edc41812f7aeb813243fc385567a0c08 +SHA512 (sandbox-po.tgz) = 34726bde3f244720d2158a4d743c458d556463aebb82326a27fb136d6b330aba560f1de601390b2e1fb8b998170f62b1957f95195273ce99afa2a9bc3bbe5aaf diff --git a/system-config-selinux.png b/system-config-selinux.png new file mode 100644 index 0000000..68ffcb7 Binary files /dev/null and b/system-config-selinux.png differ diff --git a/tests/CIL-modules-without-compilation/Makefile b/tests/CIL-modules-without-compilation/Makefile new file mode 100644 index 0000000..2d8a660 --- /dev/null +++ b/tests/CIL-modules-without-compilation/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +# Description: What the test does +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: What the test does" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/CIL-modules-without-compilation/PURPOSE b/tests/CIL-modules-without-compilation/PURPOSE new file mode 100644 index 0000000..a9c7d54 --- /dev/null +++ b/tests/CIL-modules-without-compilation/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +Author: Milos Malik + +Is it possible to manage policy modules written in CIL without any compilation? Does semanage and semodule understand them? + diff --git a/tests/CIL-modules-without-compilation/runtest.sh b/tests/CIL-modules-without-compilation/runtest.sh new file mode 100755 index 0000000..451461a --- /dev/null +++ b/tests/CIL-modules-without-compilation/runtest.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation +# Description: What the test does +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "echo '()' > empty.cil" + rlRun "echo '(())' > invalid.cil" + rlPhaseEnd + + rlPhaseStartTest "empty CIL module" + rlRun "semodule -lfull | grep '400.*empty.*cil'" 1 + rlRun "semodule -i empty.cil" + rlRun "semodule -lfull | grep '400.*empty.*cil'" + rlRun "semodule -r empty" + rlRun "semodule -lfull | grep '400.*empty.*cil'" 1 + rlRun "semanage module -l | grep 'empty.*400.*cil'" 1 + rlRun "semanage module -a empty.cil" + rlRun "semanage module -l | grep 'empty.*400.*cil'" + rlRun "semanage module -r empty" + rlRun "semanage module -l | grep 'empty.*400.*cil'" 1 + rlPhaseEnd + + rlPhaseStartTest "invalid CIL module" + rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1 + rlRun "semodule -i invalid.cil" 1 + rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1 + rlRun "semodule -r invalid" 1 + rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1 + rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1 + rlRun "semanage module -a invalid.cil" 1 + rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1 + rlRun "semanage module -r invalid" 1 + rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1 + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "rm -f empty.cil invalid.cil" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/linux-system-roles.selinux-tests/Makefile b/tests/linux-system-roles.selinux-tests/Makefile new file mode 100644 index 0000000..eed0222 --- /dev/null +++ b/tests/linux-system-roles.selinux-tests/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of selinux-ansible-playbook +# Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests +# Author: Petr Lautrbach +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2018 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=linux-system-roles.selinux-tests +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Petr Lautrbach " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils ansible git" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/linux-system-roles.selinux-tests/PURPOSE b/tests/linux-system-roles.selinux-tests/PURPOSE new file mode 100644 index 0000000..0494ab0 --- /dev/null +++ b/tests/linux-system-roles.selinux-tests/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of selinux-ansible-playbook +Author: Petr Lautrbach + +Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests diff --git a/tests/linux-system-roles.selinux-tests/runtest.sh b/tests/linux-system-roles.selinux-tests/runtest.sh new file mode 100755 index 0000000..95485af --- /dev/null +++ b/tests/linux-system-roles.selinux-tests/runtest.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests +# Author: Petr Lautrbach +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2018 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlAssertRpm "git" + rlAssertRpm "ansible" + + rlPhaseEnd + + rlPhaseStartTest + rlRun "git clone https://github.com/linux-system-roles/selinux.git" + rlRun "cd selinux/test" + + for ansible_test in test_*.yml; do + rlRun "ansible-playbook -i localhost, -c local -v $ansible_test" + done + + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "cd ../../" + rlRun "rm -rf selinux" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/load_policy/Makefile b/tests/load_policy/Makefile new file mode 100644 index 0000000..ffee588 --- /dev/null +++ b/tests/load_policy/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/load_policy +# Description: Does load_policy work as expected? Does it produce correct audit messages? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/load_policy +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does load_policy work as expected? Does it produce correct audit messages?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: audit policycoreutils selinux-policy-targeted" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/load_policy/PURPOSE b/tests/load_policy/PURPOSE new file mode 100644 index 0000000..a5984d3 --- /dev/null +++ b/tests/load_policy/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/load_policy +Author: Milos Malik + +Does load_policy work as expected? Does it produce correct audit messages? + diff --git a/tests/load_policy/runtest.sh b/tests/load_policy/runtest.sh new file mode 100755 index 0000000..2a77654 --- /dev/null +++ b/tests/load_policy/runtest.sh @@ -0,0 +1,79 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/load_policy +# Description: Does load_policy work as expected? Does it produce correct audit messages? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" +if rlIsRHEL 6 ; then + SELINUX_FS_MOUNT="/selinux" +else # RHEL-7 and above + SELINUX_FS_MOUNT="/sys/fs/selinux" +fi + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "ls -l `which load_policy`" + BINARY_POLICY=`find /etc/selinux/targeted -type f -name policy.?? | sort -n | tail -n 1` + rlRun "ls -l ${BINARY_POLICY}" + rlPhaseEnd + + rlPhaseStartTest + rlRun "load_policy --xyz 2>&1 | grep \"invalid option\"" + rlRun "dmesg | grep -i selinux" 0,1 + rlRun "grep -i selinux /proc/mounts" + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "load_policy -q" + rlRun "grep -i selinux /proc/mounts" + sleep 1 + if rlIsRHEL ; then + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy" + fi + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'" + rlRun "umount ${SELINUX_FS_MOUNT}" + rlRun "grep -i selinux /proc/mounts" 1 + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "load_policy -i ${BINARY_POLICY}" + rlRun "grep -i selinux /proc/mounts" + sleep 1 + if rlIsRHEL ; then + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy" + fi + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'" + rlRun "dmesg | grep -i selinux" + rlPhaseEnd + + rlPhaseStartCleanup + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/restorecon/Makefile b/tests/restorecon/Makefile new file mode 100644 index 0000000..991e8f9 --- /dev/null +++ b/tests/restorecon/Makefile @@ -0,0 +1,70 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/restorecon +# Description: does restorecon work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/restorecon +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te testpolicy.fc + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh;: + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: does restorecon work correctly ?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 15m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: e2fsprogs" >> $(METADATA) + @echo "Requires: libselinux" >> $(METADATA) + @echo "Requires: selinux-policy-devel" >> $(METADATA) + @echo "Requires: libselinux-utils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/restorecon/PURPOSE b/tests/restorecon/PURPOSE new file mode 100644 index 0000000..d029be8 --- /dev/null +++ b/tests/restorecon/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/restorecon +Author: Milos Malik + +Does restorecon work correctly? + diff --git a/tests/restorecon/runtest.sh b/tests/restorecon/runtest.sh new file mode 100755 index 0000000..b16d4c0 --- /dev/null +++ b/tests/restorecon/runtest.sh @@ -0,0 +1,367 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/restorecon +# Description: does restorecon work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlServiceStop mcstrans mcstransd + rlRun "rpm -qf `which restorecon` | grep ${PACKAGE}" + rlRun "setenforce 1" + rlRun "sestatus" + rlRun "setsebool allow_domain_fd_use on" + rlPhaseEnd + + rlPhaseStartTest "Functional test" + + TESTDIR="/opt/restorecon_testdir" + DIRS="correct.dir incorrect1.dir incorrect2.dir customizable.dir" + FILES="correct.file incorrect.file customizable.file" + + rlRun "make -f /usr/share/selinux/devel/Makefile" + rlRun "semodule -i testpolicy.pp" + + rlFileBackup /etc/selinux/targeted/contexts/customizable_types + rlRun "echo 'customizable_t' >> /etc/selinux/targeted/contexts/customizable_types" + + # Here is the testing dirs and files structure + # all the files have initial context corresponding to their names + + # ./ + # correct.file + # incorrect.file + # customizable.file + + # correct.dir/ + # correct.file + # incorrect.file + # customizable.file + + # incorrect1.dir/ + # correct.file + # incorrect.file + # customizable.file + + # incorrect2.dir/ + # correct.file + # incorrect.file + # customizable.file + + # customizable.dir/ + # correct.file + # incorrect.file + # customizable.file + + # Function to set initial contexts + function set_contexts { + # Set the intended contexts + rlLog "Setting initial contexts of testing dirs..." + restorecon -R $TESTDIR + for ITEM in `find . -name 'incorrect*'`; do + chcon -t incorrect_t $ITEM + done + for ITEM in `find . -name 'customizable*'`; do + chcon -t customizable_t $ITEM + done + } + + # Check that files in dir $1 have the initial contexts + function check_initial_contexts { + if echo $1 | grep -q 'incorrect.dir'; then + rlRun "ls -ladZ $1 | grep :incorrect_t" + elif echo $1 | grep -q 'correct.dir'; then + rlRun "ls -ladZ $1 | grep :correct_t" + elif echo $1 | grep -q 'customizable.dir'; then + rlRun "ls -ladZ $1 | grep :customizable_t" + fi + rlRun "ls -ladZ $1/* | grep '\ ../file_list < +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-interface +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + test -x runtest.sh || chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does semanage interface ... work correctly?" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-interface/PURPOSE b/tests/semanage-interface/PURPOSE new file mode 100644 index 0000000..86bd3ab --- /dev/null +++ b/tests/semanage-interface/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-interface +Description: Does semanage interface ... work correctly? +Author: Milos Malik + diff --git a/tests/semanage-interface/runtest.sh b/tests/semanage-interface/runtest.sh new file mode 100755 index 0000000..ba8608b --- /dev/null +++ b/tests/semanage-interface/runtest.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-interface +# Description: Does semanage interface ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage interface --help" 0,1 + for POLICY_TYPE in minimum mls targeted ; do + if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then + continue + fi + rlRun "semanage interface -l -S ${POLICY_TYPE}" + done + if ! rlIsRHEL 5; then + rlRun "semanage interface -l -S unknown 2>&1 | grep \"store cannot be accessed\"" + fi + rlRun "semanage interface -a -t xyz_t xyz 2>&1 | grep -i -e 'not defined' -e 'error' -e 'could not'" + rlRun "semanage interface -m xyz" 1,2 + rlRun "semanage interface -d xyz" 1 + rlRun "semanage interface -a -t netif_t xyz" + if rlIsRHEL 5 6; then + rlRun "semanage interface -m -r s0 xyz" + else + rlRun "semanage interface -m -t netif_t -r s0 xyz" + fi + rlRun "semanage interface -l | grep \"xyz.*:netif_t:s0\"" + rlRun "semanage interface -d xyz" + rlRun "semanage interface -l | grep xyz" 1 + rlPhaseEnd + + rlPhaseStartCleanup + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-login/Makefile b/tests/semanage-login/Makefile new file mode 100644 index 0000000..1172ca9 --- /dev/null +++ b/tests/semanage-login/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-login +# Description: Does semanage login ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-login +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + test -x runtest.sh || chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does semanage login ... work correctly?" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-python-utils grep shadow-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-login/PURPOSE b/tests/semanage-login/PURPOSE new file mode 100644 index 0000000..b8f26c6 --- /dev/null +++ b/tests/semanage-login/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-login +Description: Does semanage login ... work correctly? +Author: Milos Malik + diff --git a/tests/semanage-login/runtest.sh b/tests/semanage-login/runtest.sh new file mode 100755 index 0000000..daf074c --- /dev/null +++ b/tests/semanage-login/runtest.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-login +# Description: Does semanage login ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage login --help" 0,1 + for POLICY_TYPE in minimum mls targeted ; do + if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then + continue + fi + rlRun "semanage login -l -S ${POLICY_TYPE}" + done + if ! rlIsRHEL 5; then + rlRun "semanage login -l -S unknown 2>&1 | grep \"store cannot be accessed\"" + fi + rlRun "semanage login -a -s xyz_u xyz 2>&1 | grep -i -e 'does not exist' -e 'mapping.*invalid' -e 'could not query'" + rlRun "semanage login -m xyz" 1 + rlRun "semanage login -d xyz" 1 + rlRun "useradd xyz" + rlRun "semanage login -a -s user_u xyz" + rlRun "semanage login -m -r s0 xyz" + rlRun "semanage login -l | grep \"xyz.*user_u.*s0\"" + rlRun "semanage login -d xyz" + rlRun "semanage login -l | grep xyz" 1 + rlRun "userdel -rf xyz" + rlPhaseEnd + + rlPhaseStartCleanup + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-permissive-d-problems/Makefile b/tests/semanage-permissive-d-problems/Makefile new file mode 100644 index 0000000..a5bffc2 --- /dev/null +++ b/tests/semanage-permissive-d-problems/Makefile @@ -0,0 +1,70 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh; : + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: semanage permissive -d accepts more than domain types, its behavior is not reliable" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils-python-utils" >> $(METADATA) + @echo "Requires: policycoreutils-devel" >> $(METADATA) + @echo "Requires: selinux-policy-devel" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: coreutils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELServer5 -RHELClient5" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-permissive-d-problems/PURPOSE b/tests/semanage-permissive-d-problems/PURPOSE new file mode 100644 index 0000000..f0d5e6f --- /dev/null +++ b/tests/semanage-permissive-d-problems/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +Author: Milos Malik + +Does semanage permissive work correctly? + diff --git a/tests/semanage-permissive-d-problems/runtest.sh b/tests/semanage-permissive-d-problems/runtest.sh new file mode 100755 index 0000000..61ccc4f --- /dev/null +++ b/tests/semanage-permissive-d-problems/runtest.sh @@ -0,0 +1,93 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems +# Description: semanage permissive -d accepts more than domain types, its behavior is not reliable +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "rpm -qf /usr/sbin/semanage" + OUTPUT_FILE=`mktemp` + rlRun "sestatus" + rlPhaseEnd + + if selinuxenabled ; then + rlPhaseStartTest + if rlIsRHEL 7 ; then + rlFileBackup /usr/share/selinux/default/Makefile + rlRun "rm -rf /usr/share/selinux/default/Makefile" + fi + rlRun "semanage permissive -l | grep fenced" 1 + rlRun "semanage permissive -a fenced_t" + rlRun "semanage permissive -l | grep fenced" + rlRun "semanage permissive -d fenced_t" + rlRun "semanage permissive -l | grep fenced" 1 + if rlIsRHEL 7 ; then + rlFileRestore + fi + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$" + rlRun "semanage permissive -a ypbind_t" + rlRun "semanage permissive -a ypserv_t" + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$" + rlRun "semanage permissive -d yp" 1-255 + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$" + rlRun "semanage permissive -d ypbind_t" + rlRun "semanage permissive -d ypserv_t" + rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}" + rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$" + rlPhaseEnd + + rlPhaseStartTest + rlRun -s "semanage permissive -d" 1 + rlAssertNotGrep 'traceback' $rlRun_LOG -iEq + rlAssertGrep 'error: the following argument is required: type' $rlRun_LOG -iEq + rm -f $rlRun_LOG + rlPhaseEnd + else + rlPhaseStartTest + rlRun "semanage permissive -l >& ${OUTPUT_FILE}" 0,1 + rlRun "grep -C 32 -i -e exception -e traceback -e error ${OUTPUT_FILE}" 1 + rlPhaseEnd + fi + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-port-add-delete-problems/Makefile b/tests/semanage-port-add-delete-problems/Makefile new file mode 100644 index 0000000..263da02 --- /dev/null +++ b/tests/semanage-port-add-delete-problems/Makefile @@ -0,0 +1,71 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +# Description: semanage accepts invalid port numbers and then cannot delete them +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh;: + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: semanage accepts invalid port numbers and then cannot delete them" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 15m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils-python-utils" >> $(METADATA) + @echo "Requires: setools-console" >> $(METADATA) + @echo "Requires: libselinux" >> $(METADATA) + @echo "Requires: libselinux-utils" >> $(METADATA) + @echo "Requires: coreutils" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-port-add-delete-problems/PURPOSE b/tests/semanage-port-add-delete-problems/PURPOSE new file mode 100644 index 0000000..a59e74f --- /dev/null +++ b/tests/semanage-port-add-delete-problems/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +Author: Milos Malik + +semanage accepts invalid port numbers and then cannot delete them + diff --git a/tests/semanage-port-add-delete-problems/runtest.sh b/tests/semanage-port-add-delete-problems/runtest.sh new file mode 100755 index 0000000..2bd9c9a --- /dev/null +++ b/tests/semanage-port-add-delete-problems/runtest.sh @@ -0,0 +1,137 @@ +#!/bin/bash +# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems +# Description: semanage accepts invalid port numbers and then cannot delete them +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" +PORT_NAME="ldap_port_t" +BAD_PORT_NUMBER="123456" +GOOD_PORT_NUMBER="1389" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "rpm -qf /usr/sbin/semanage" + rlRun "rpm -qf /usr/bin/seinfo" + OUTPUT_FILE=`mktemp` + rlRun "setenforce 1" + rlRun "sestatus" + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage port -l | grep ${PORT_NAME}" + + rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}" + rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1 + rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}" + rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1 + rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}" + #rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'" + + rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1 + rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}" + rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" + rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}" + rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1 + rlPhaseEnd + + rlPhaseStartTest + rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1 + rlRun "semanage port -l | grep syslogd_port_t" + rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1 + rlPhaseEnd + + if rlIsRHEL ; then + rlPhaseStartTest + rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\"" + if rlIsRHEL 5 6; then + PORT_TYPE="syslogd_port_t" + else + PORT_TYPE="commplex_link_port_t" + fi + + # adding a port number to a type + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005" + sleep 2 + + # Check for user_avc + rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1 + LINE_COUNT=`wc -l < ${OUTPUT_FILE}` + rlRun "cat ${OUTPUT_FILE}" + rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT} + + # deleting a port number from a type + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005" + sleep 2 + + # Check for user_avc + rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1 + LINE_COUNT=`wc -l < ${OUTPUT_FILE}` + rlRun "cat ${OUTPUT_FILE}" + rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT} + rlPhaseEnd + fi + + if ! rlIsRHEL 5 ; then + rlPhaseStartTest + rlRun "seinfo --portcon | grep :hi_reserved_port_t:" + rlRun "seinfo --portcon | grep :reserved_port_t:" + rlRun "semanage port -l | grep ^hi_reserved_port_t" + rlRun "semanage port -l | grep ^reserved_port_t" + if ! rlIsRHEL 6 ; then + rlRun "seinfo --portcon | grep :unreserved_port_t:" + rlRun "semanage port -l | grep ^unreserved_port_t" + fi + rlPhaseEnd + fi + + rlPhaseStartTest "manipulation with hard-wired ports" + rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'" + rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i + rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i + rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'" + rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i + rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i + rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'" + rlPhaseEnd + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-user/Makefile b/tests/semanage-user/Makefile new file mode 100644 index 0000000..5ab248d --- /dev/null +++ b/tests/semanage-user/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Regression/semanage-user +# Description: Does semanage user ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Regression/semanage-user +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + test -x runtest.sh || chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does semanage user ... work correctly?" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-python-utils grep selinux-policy-devel selinux-policy-minimum selinux-policy-mls selinux-policy-targeted selinux-policy-devel" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/semanage-user/PURPOSE b/tests/semanage-user/PURPOSE new file mode 100644 index 0000000..8089db8 --- /dev/null +++ b/tests/semanage-user/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Regression/semanage-user +Description: Does semanage user ... work correctly? +Author: Milos Malik + diff --git a/tests/semanage-user/runtest.sh b/tests/semanage-user/runtest.sh new file mode 100755 index 0000000..b2413fb --- /dev/null +++ b/tests/semanage-user/runtest.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Regression/semanage-user +# Description: Does semanage user ... work correctly? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "make -f /usr/share/selinux/devel/Makefile" + rlRun "ls -l testpolicy.pp" + rlPhaseEnd + + rlPhaseStartTest + if rlIsRHEL 5 6; then + rlRun "semanage user --help" 1 + else + rlRun "semanage user --help" 0 + # semanage: list option can not be used with --level ("semanage user -l") + rlRun "semanage user --help | grep fcontext" 1 + fi + for POLICY_TYPE in minimum mls targeted ; do + if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then + continue + fi + rlRun "semanage user -l -S ${POLICY_TYPE}" + done + if ! rlIsRHEL 5; then + rlRun "semanage user -l -S unknown 2>&1 | grep \"store cannot be accessed\"" + fi + rlRun "semanage user -a -P user -R xyz_r xyz_u 2>&1 | grep -i -e 'undefined' -e 'error' -e 'could not'" + rlRun "semanage user -m xyz_u" 1 + rlRun "semanage user -d xyz_u" 1 + rlRun "semodule -i testpolicy.pp" + rlRun "semanage user -a -P user -R xyz_r xyz_u" + rlRun "semanage user -m -r s0 xyz_u" + rlRun "semanage user -l | grep \"xyz_u.*s0.*s0.*xyz_r\"" + rlRun "semanage user -d xyz_u" + rlRun "semanage user -l | grep xyz_u" 1 + rlRun "semodule -r testpolicy" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "rm -rf tmp testpolicy.{fc,if,pp}" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/semanage-user/testpolicy.te b/tests/semanage-user/testpolicy.te new file mode 100644 index 0000000..b854bef --- /dev/null +++ b/tests/semanage-user/testpolicy.te @@ -0,0 +1,11 @@ +module testpolicy 1.0; + +type xyz_t; +role xyz_r; + +require { + type xyz_t; +} + +role xyz_r types xyz_t; + diff --git a/tests/sepolicy-generate/Makefile b/tests/sepolicy-generate/Makefile new file mode 100644 index 0000000..9e1a9b7 --- /dev/null +++ b/tests/sepolicy-generate/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/sepolicy-generate +# Description: sepolicy generate sanity test +# Author: Michal Trunecka +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/sepolicy-generate +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Michal Trunecka " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: sepolicy generate sanity test" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 115m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils policycoreutils-devel rpm-build" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL5 -RHEL6" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/sepolicy-generate/PURPOSE b/tests/sepolicy-generate/PURPOSE new file mode 100644 index 0000000..a069ff2 --- /dev/null +++ b/tests/sepolicy-generate/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/sepolicy-generate +Description: sepolicy generate sanity test +Author: Michal Trunecka diff --git a/tests/sepolicy-generate/runtest.sh b/tests/sepolicy-generate/runtest.sh new file mode 100755 index 0000000..5da10b8 --- /dev/null +++ b/tests/sepolicy-generate/runtest.sh @@ -0,0 +1,115 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate +# Description: sepolicy generate sanity test +# Author: Michal Trunecka +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlRun "rlCheckRequirements ${PACKAGES[*]}" || rlDie "cannot continue" + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest + rlRun "mkdir mypolicy" + rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home" + rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te" + rlRun "rm -rf mypolicy" + rlPhaseEnd + + rlPhaseStartTest + rlRun "mkdir mypolicy" + rlRun "touch /usr/bin/testpolicy" + for VARIANT in " -n testpolicy --admin_user -r webadm_r" \ + " --application /usr/bin/testpolicy " \ + " -n testpolicy --confined_admin -a firewalld " \ + " -n testpolicy --confined_admin " \ + " -n testpolicy --customize -d httpd_t -a firewalld " \ + " -n testpolicy --customize -d httpd_t" \ + " --dbus /usr/bin/testpolicy " \ + " -n testpolicy --desktop_user " \ + " --inetd /usr/bin/testpolicy " \ + " --init /usr/bin/testpolicy " \ + " -n testpolicy --newtype -t newtype_var_log_t " \ + " -n testpolicy --newtype -t newtype_unit_file_t " \ + " -n testpolicy --newtype -t newtype_var_run_t " \ + " -n testpolicy --newtype -t newtype_var_cache_t " \ + " -n testpolicy --newtype -t newtype_tmp_t " \ + " -n testpolicy --newtype -t newtype_port_t " \ + " -n testpolicy --newtype -t newtype_var_spool_t " \ + " -n testpolicy --newtype -t newtype_var_lib_t " \ + " -n testpolicy --sandbox " \ + " -n testpolicy --term_user " \ + " -n testpolicy --x_user " +# " --cgi /usr/bin/testpolicy " + do + rlRun "sepolicy generate -p mypolicy $VARIANT" + rlRun "cat mypolicy/testpolicy.te" + rlRun "cat mypolicy/testpolicy.if" + rlRun "cat mypolicy/testpolicy.fc" + if echo "$VARIANT" | grep -q newtype; then + rlAssertNotExists "mypolicy/testpolicy.sh" + rlAssertNotExists "mypolicy/testpolicy.spec" + else + rlRun "mypolicy/testpolicy.sh" + rlRun "semodule -l | grep testpolicy" + rlRun "semanage user -d testpolicy_u" 0-255 + rlRun "semodule -r testpolicy" + fi + + rlRun "rm -rf mypolicy/*" + rlRun "sleep 1" + + if ! echo "$VARIANT" | grep -q newtype; then + rlRun "sepolicy generate -p mypolicy -w /home $VARIANT" + rlRun "cat mypolicy/testpolicy.te" + rlRun "cat mypolicy/testpolicy.if" + rlRun "cat mypolicy/testpolicy.fc" + + rlRun "mypolicy/testpolicy.sh" + rlRun "semodule -l | grep testpolicy" + rlRun "semanage user -d testpolicy_u" 0-255 + rlRun "semodule -r testpolicy" + + rlRun "rm -rf mypolicy/*" + rlRun "sleep 1" + fi + done + rlRun "rm -rf mypolicy" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/sestatus/Makefile b/tests/sestatus/Makefile new file mode 100644 index 0000000..e45db0d --- /dev/null +++ b/tests/sestatus/Makefile @@ -0,0 +1,67 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/sestatus +# Description: tests everything about sestatus +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/sestatus +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: tests everything about sestatus" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: man" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/sestatus/PURPOSE b/tests/sestatus/PURPOSE new file mode 100644 index 0000000..cacee0f --- /dev/null +++ b/tests/sestatus/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/sestatus +Description: tests everything about sestatus +Author: Milos Malik + diff --git a/tests/sestatus/runtest.sh b/tests/sestatus/runtest.sh new file mode 100644 index 0000000..b91b948 --- /dev/null +++ b/tests/sestatus/runtest.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/sestatus +# Description: tests everything about sestatus +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" +if rlIsRHEL 5 6 ; then + SELINUX_FS_MOUNT="/selinux" +else # RHEL-7 and above + SELINUX_FS_MOUNT="/sys/fs/selinux" +fi + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlFileBackup /etc/sestatus.conf + rlRun "mount | grep -i selinux" 0,1 + OUTPUT_FILE=`mktemp` + rlPhaseEnd + + rlPhaseStartTest "basic use" + rlRun "sestatus" + rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "policy booleans" ${OUTPUT_FILE} -i + rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "process contexts" ${OUTPUT_FILE} -i + rlAssertGrep "file contexts" ${OUTPUT_FILE} -i + rlAssertGrep "current context" ${OUTPUT_FILE} -i + rlAssertGrep "init context" ${OUTPUT_FILE} -i + rlAssertGrep "controlling term" ${OUTPUT_FILE} -i + rlRun "sestatus --xyz 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "invalid option" ${OUTPUT_FILE} -i + rlPhaseEnd + + rlPhaseStartTest "extreme cases" + # pretend that the config file contains an invalid section + rlRun "sed -i 's/files/xyz/' /etc/sestatus.conf" + rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "line not in a section" ${OUTPUT_FILE} -i + rlRun "rm -f /etc/sestatus.conf" + rlRun "mkdir /etc/sestatus.conf" # intentionally replaced a file with a directory + rlRun "sestatus -v" + # pretend that the config file is missing + rlRun "rm -rf /etc/sestatus.conf" + for OPTION in "-bv" "-v" ; do + rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "unable to open /etc/sestatus.conf" ${OUTPUT_FILE} -i + done + rlFileRestore + # pretend that SELinux is disabled + rlRun "umount ${SELINUX_FS_MOUNT}" + for OPTION in "" "-b" "-v" "-bv" ; do + rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i + done + rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + # pretend that no booleans are defined + rlRun "mkdir ./booleans" + rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans" + rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}" + rlRun "umount ${SELINUX_FS_MOUNT}/booleans" + rlAssertNotGrep "booleans" ${OUTPUT_FILE} -i + rlRun "rmdir ./booleans" + rlPhaseEnd + + # This bug is not worth fixing in RHEL-5 + if ! rlIsRHEL 5 ; then + rlPhaseStartTest + rlRun "rpm -ql ${PACKAGE} | grep /usr/sbin/sestatus" + rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/man8/sestatus.8" + for OPTION in b v ; do + rlRun "sestatus --help 2>&1 | grep -- -${OPTION}" + rlRun "man sestatus | col -b | grep -- -${OPTION}" + done + if ! rlIsRHEL 6 ; then + rlRun "man -w sestatus.conf" + fi + rlPhaseEnd + fi + + rlPhaseStartCleanup + rlFileRestore + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/setsebool/Makefile b/tests/setsebool/Makefile new file mode 100644 index 0000000..0730993 --- /dev/null +++ b/tests/setsebool/Makefile @@ -0,0 +1,65 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/setsebool +# Description: does setsebool work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/setsebool +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chcon -t bin_t runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: does setsebool work correctly ?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 45m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: audit policycoreutils libselinux-utils shadow-utils grep" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/setsebool/PURPOSE b/tests/setsebool/PURPOSE new file mode 100644 index 0000000..07ce0bf --- /dev/null +++ b/tests/setsebool/PURPOSE @@ -0,0 +1,5 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/setsebool +Author: Milos Malik + +Does setsebool work as expected? Does it produce correct audit messages? + diff --git a/tests/setsebool/runtest.sh b/tests/setsebool/runtest.sh new file mode 100755 index 0000000..04040d1 --- /dev/null +++ b/tests/setsebool/runtest.sh @@ -0,0 +1,151 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/setsebool +# Description: does setsebool work correctly ? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="policycoreutils" +USER_NAME="user${RANDOM}" +USER_SECRET="s3kr3t${RANDOM}" +BOOLEAN="ftpd_connect_db" +if rlIsRHEL 5 6 ; then + SELINUX_FS_MOUNT="/selinux" +else # RHEL-7 and above + SELINUX_FS_MOUNT="/sys/fs/selinux" +fi + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + OUTPUT_FILE=`mktemp` + chcon -t tmp_t ${OUTPUT_FILE} + + rlRun "useradd ${USER_NAME}" + rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}" + rlPhaseEnd + + rlPhaseStartTest + for OPTION in "" "-P" ; do + for OPERATOR in " " "=" ; do + for VALUE in 0 1 false true off on ; do + rlRun "setsebool ${OPTION} ${BOOLEAN}${OPERATOR}${VALUE} | grep -i -e illegal -e usage -e invalid" 1 + if [ ${VALUE} == "0" -o ${VALUE} == "false" ] ; then + SHOWN_VALUE="off" + elif [ ${VALUE} == "1" -o ${VALUE} == "true" ] ; then + SHOWN_VALUE="on" + else + SHOWN_VALUE=${VALUE} + fi + rlRun "getsebool -a | grep \"^${BOOLEAN}.*${SHOWN_VALUE}\"" + done + done + done + rlPhaseEnd + + rlPhaseStartTest + rlRun "setsebool" 1 + rlRun "setsebool xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\"" + rlRun "setsebool xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + rlRun "setsebool xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + if ! rlIsRHEL 5 6 ; then + rlRun "setsebool -N 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\"" + rlRun "setsebool -P 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\"" + fi + rlRun "setsebool -P xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\"" + rlRun "setsebool -P xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + rlRun "setsebool -P xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\"" + rlPhaseEnd + + if ! rlIsRHEL 5 6 ; then + rlPhaseStartTest + rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "try as root" ${OUTPUT_FILE} -i + rlPhaseEnd + + rlPhaseStartTest + for OPTION in "" "-P" ; do + rlRun "getsebool allow_ypbind | grep nis_enabled" + rlRun "setsebool ${OPTION} allow_ypbind on" + rlRun "getsebool allow_ypbind | grep \"nis_enabled.*on\"" + rlRun "setsebool ${OPTION} allow_ypbind off" + rlRun "getsebool allow_ypbind | grep \"nis_enabled.*off\"" + done + rlPhaseEnd + + rlPhaseStartTest + # https://fedoraproject.org/wiki/Features/SELinuxBooleansRename + for LINE in `cat /etc/selinux/*/booleans.subs_dist | sort | uniq | tr -s ' ' | tr ' ' ':'` ; do + OLD_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 1` + NEW_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 2` + rlRun "getsebool ${OLD_BOOLEAN_NAME} 2>&1 | tee ${OUTPUT_FILE}" + rlRun "getsebool ${NEW_BOOLEAN_NAME} 2>&1 | tee -a ${OUTPUT_FILE}" + rlRun "uniq -c ${OUTPUT_FILE} | grep '2 '" + done + rlPhaseEnd + fi + + rlPhaseStartTest "audit messages" + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "setsebool ${BOOLEAN} on" + rlRun "setsebool ${BOOLEAN} off" + rlRun "setsebool ${BOOLEAN} on" + sleep 1 + rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=1 old_val=0\"" + rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=0 old_val=1\"" + if rlIsRHEL ; then + rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=SYSCALL.*comm=setsebool\"" + fi + rlPhaseEnd + + rlPhaseStartTest "extreme cases" + # pretend that no booleans are defined + rlRun "mkdir ./booleans" + rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans" + rlRun "setsebool ${BOOLEAN} on 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i + rlRun "setsebool ${BOOLEAN} off 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i + rlRun "umount ${SELINUX_FS_MOUNT}/booleans" + rlRun "rmdir ./booleans" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "userdel -rf ${USER_NAME}" + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..bc70c56 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,26 @@ +--- +# Tests to run in a classic environment +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + repositories: + - repo: "https://src.fedoraproject.org/tests/selinux.git" + dest: "selinux" + fmf_filter: "tier: 1 | component: policycoreutils & tags: generic" + required_packages: + - lksctp-tools # sctp_test + - psmisc # sctp_test + +# Tests for atomic host +- hosts: localhost + tags: + - atomic + # no compatible tests + +# Tests for docker container +- hosts: localhost + tags: + - container + # no compatible tests diff --git a/zanata.xml b/zanata.xml new file mode 100644 index 0000000..1bee19b --- /dev/null +++ b/zanata.xml @@ -0,0 +1,8 @@ + + + https://fedora.zanata.org/ + selinux + master + gettext + +