diff --git a/.gitignore b/.gitignore index e69de29..ba42a0d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,11 @@ +setools-3.3.7.tar.bz2 +setools-3.3.8.tar.bz2 +setools-3.3.8-f1e5b20.tar.bz2 +/4.1.0.tar.gz +/4.1.1.tar.gz +/4.2.0-beta.tar.gz +/4.2.0-rc.tar.gz +/4.2.0.tar.gz +/4.2.1.tar.gz +/4.2.2.tar.gz +/4.3.0.tar.gz diff --git a/1001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch new file mode 100644 index 0000000..60f11e2 --- /dev/null +++ b/1001-Do-not-use-Werror-during-build.patch @@ -0,0 +1,49 @@ +From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 23 Feb 2017 08:17:07 +0100 +Subject: [PATCH 2/3] Do not use -Werror during build +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There are new warnings when setools are built with gcc 7 therefore we +want to suppress -Werror for now + +Fixes: +libqpol/policy_extend.c: In function ‘policy_extend’: +libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] + snprintf(buff, 9, "@ttr%04zd", i + 1); + ^~~~~ +libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] + snprintf(buff, 9, "@ttr%04zd", i + 1); + ^~~~~~~~~~~ +In file included from /usr/include/stdio.h:939:0, + from /usr/include/sepol/policydb/policydb.h:53, + from libqpol/policy_extend.c:29: +/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 + return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + __bos (__s), __fmt, __va_arg_pack ()); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors +error: command 'gcc' failed with exit status 1 +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index c94daf1..a7442ac 100644 +--- a/setup.py ++++ b/setup.py +@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], + libraries=['selinux', 'sepol'], + library_dirs=lib_dirs, + define_macros=macros, +- extra_compile_args=['-Werror', '-Wextra', ++ extra_compile_args=['-Wextra', + '-Waggregate-return', + '-Wfloat-equal', + '-Wformat', '-Wformat=2', +-- +2.17.2 + diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch new file mode 100644 index 0000000..a996069 --- /dev/null +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -0,0 +1,139 @@ +From 0575455a0abda5ee63c442433384268a959c4fbc Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 26 Apr 2019 15:27:25 +0200 +Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and + setools.DomainTransitionAnalysis + +dta and infoflow modules require networkx which brings lot of dependencies. +These dependencies are not necessary for setools module itself as it's +used in policycoreutils. + +Therefore it's better to use setools.infoflow.InfoFlowAnalysis and +setools.dta.DomainTransitionAnalysis and let the package containing +sedta and seinfoflow to require python3-networkx +--- + sedta | 4 ++-- + seinfoflow | 4 ++-- + setools/__init__.py | 4 ---- + setoolsgui/apol/dta.py | 2 +- + setoolsgui/apol/infoflow.py | 2 +- + tests/dta.py | 2 +- + tests/infoflow.py | 2 +- + 7 files changed, 8 insertions(+), 12 deletions(-) + +diff --git a/sedta b/sedta +index 60861ca630a5..41e38a237b42 100755 +--- a/sedta ++++ b/sedta +@@ -22,7 +22,7 @@ import argparse + import logging + import signal + +-import setools ++import setools.dta + + + def print_transition(trans): +@@ -114,7 +114,7 @@ else: + + try: + p = setools.SELinuxPolicy(args.policy) +- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) ++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) + + if args.shortest_path or args.all_paths: + if args.shortest_path: +diff --git a/seinfoflow b/seinfoflow +index f10c39de4d8e..fee749a83bb5 100755 +--- a/seinfoflow ++++ b/seinfoflow +@@ -17,7 +17,7 @@ + # along with SETools. If not, see . + # + +-import setools ++import setools.infoflow + import argparse + import sys + import logging +@@ -101,7 +101,7 @@ elif args.booleans is not None: + try: + p = setools.SELinuxPolicy(args.policy) + m = setools.PermissionMap(args.map) +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, + booleans=booleans) + + if args.shortest_path or args.all_paths: +diff --git a/setools/__init__.py b/setools/__init__.py +index 26fa5aa34a19..b7e51c43c4bb 100644 +--- a/setools/__init__.py ++++ b/setools/__init__.py +@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery + from .devicetreeconquery import DevicetreeconQuery + + # Information Flow Analysis +-from .infoflow import InfoFlowAnalysis + from .permmap import PermissionMap + +-# Domain Transition Analysis +-from .dta import DomainTransitionAnalysis +- + # Policy difference + from .diff import PolicyDifference + +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py +index 4608b9dbf34e..2cde44c142e9 100644 +--- a/setoolsgui/apol/dta.py ++++ b/setoolsgui/apol/dta.py +@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + + from ..logtosignal import LogHandlerToSignal + from .analysistab import AnalysisTab +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py +index 7bca299d23fc..7fee2778f35f 100644 +--- a/setoolsgui/apol/infoflow.py ++++ b/setoolsgui/apol/infoflow.py +@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread + from PyQt5.QtGui import QPalette, QTextCursor + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools.exception import UnmappedClass, UnmappedPermission + + from ..logtosignal import LogHandlerToSignal +diff --git a/tests/dta.py b/tests/dta.py +index a0cc9381469c..177e6fb0b961 100644 +--- a/tests/dta.py ++++ b/tests/dta.py +@@ -18,7 +18,7 @@ + import os + import unittest + +-from setools import DomainTransitionAnalysis ++from setools.dta import DomainTransitionAnalysis + from setools import TERuletype as TERT + from setools.exception import InvalidType + from setools.policyrep import Type +diff --git a/tests/infoflow.py b/tests/infoflow.py +index aa0e44a7e4f8..fca2848aeca5 100644 +--- a/tests/infoflow.py ++++ b/tests/infoflow.py +@@ -18,7 +18,7 @@ + import os + import unittest + +-from setools import InfoFlowAnalysis ++from setools.infoflow import InfoFlowAnalysis + from setools import TERuletype as TERT + from setools.exception import InvalidType + from setools.permmap import PermissionMap +-- +2.26.0.rc2 + diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch new file mode 100644 index 0000000..46e9a4d --- /dev/null +++ b/1003-Require-networkx-on-package-level.patch @@ -0,0 +1,24 @@ +From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 2 Apr 2020 16:06:14 +0200 +Subject: [PATCH] Require networkx on package level + +It allows us to ship python3-setools without dependency on python3-networkx +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 457c83049ca5..4bfd438002bb 100644 +--- a/setup.py ++++ b/setup.py +@@ -170,5 +170,5 @@ setup(name='setools', + # setup also requires libsepol and libselinux + # C libraries and headers to compile. + setup_requires=['setuptools', 'Cython>=0.27'], +- install_requires=['setuptools', 'networkx>=2.0'] ++ install_requires=['setuptools'] + ) +-- +2.26.0.rc2 + diff --git a/apol.console b/apol.console new file mode 100644 index 0000000..27874d8 --- /dev/null +++ b/apol.console @@ -0,0 +1,4 @@ +USER=root +PROGRAM=/usr/sbin/apol +SESSION=true +FALLBACK=true diff --git a/apol.desktop b/apol.desktop new file mode 100644 index 0000000..727733a --- /dev/null +++ b/apol.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=SELinux Policy Analysis +GenericName=SELinux Policy Analysis Tool +Comment=This tool can examine, search, and relate policy components and policy rules +Icon=apol +Exec=/usr/bin/apol +Type=Application +Terminal=false +Categories=System; +X-Desktop-File-Install-Version=0.2 +StartupNotify=true diff --git a/apol.png b/apol.png new file mode 100644 index 0000000..68ffcb7 Binary files /dev/null and b/apol.png differ diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..af6eb32 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,16 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + diff --git a/seaudit.console b/seaudit.console new file mode 100644 index 0000000..52990b5 --- /dev/null +++ b/seaudit.console @@ -0,0 +1,3 @@ +USER=root +PROGRAM=/usr/sbin/seaudit +SESSION=true diff --git a/seaudit.desktop b/seaudit.desktop new file mode 100644 index 0000000..d3a277e --- /dev/null +++ b/seaudit.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=SELinux Audit Log Analysis +GenericName=SELinux Audit Log Analysis Tool +Comment=The tool parses syslog files and extracts all policy , AVC and change of boolean messages. +Icon=seaudit.png +Exec=/usr/bin/seaudit +Type=Application +Terminal=false +Categories=System; +X-Desktop-File-Install-Version=0.2 +StartupNotify=true diff --git a/seaudit.png b/seaudit.png new file mode 100644 index 0000000..d2c3df6 Binary files /dev/null and b/seaudit.png differ diff --git a/sediffx.console b/sediffx.console new file mode 100644 index 0000000..fef4a87 --- /dev/null +++ b/sediffx.console @@ -0,0 +1,3 @@ +USER=root +PROGRAM=/usr/sbin/sediffx +SESSION=true diff --git a/sediffx.desktop b/sediffx.desktop new file mode 100644 index 0000000..fb714d9 --- /dev/null +++ b/sediffx.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=SELinux Policy Difference +GenericName=SELinux Policy Difference tool +Comment=This tool allows you to compare two policy files +Exec=/usr/bin/sediffx +Type=Application +Terminal=false +Categories=System; +X-Desktop-File-Install-Version=0.2 +StartupNotify=true +Icon=sediffx.png diff --git a/sediffx.png b/sediffx.png new file mode 100644 index 0000000..bd4f6c0 Binary files /dev/null and b/sediffx.png differ diff --git a/setools.pam b/setools.pam new file mode 100644 index 0000000..c7d67e3 --- /dev/null +++ b/setools.pam @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include config-util +account include config-util +session include config-util diff --git a/setools.spec b/setools.spec new file mode 100644 index 0000000..c1cae3b --- /dev/null +++ b/setools.spec @@ -0,0 +1,266 @@ +# % global setools_pre_ver rc +# % global gitver f1e5b20 + +%global sepol_ver 2.3-1 +%global selinux_ver 2.3-1 + + +Name: setools +Version: 4.3.0 +Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Summary: Policy analysis tools for SELinux + +License: GPLv2 +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +Source1: setools.pam +Source2: apol.desktop +Patch1001: 1001-Do-not-use-Werror-during-build.patch +Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +Patch1003: 1003-Require-networkx-on-package-level.patch +Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 +BuildRequires: flex, bison +BuildRequires: glibc-devel, gcc, git +BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} +BuildRequires: qt5-qtbase-devel +BuildRequires: swig +BuildRequires: python3-Cython +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: libselinux-devel + +Requires: %{name}-console = %{version}-%{release} +Requires: %{name}-console-analyses = %{version}-%{release} +Requires: %{name}-gui = %{version}-%{release} + +%description +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. + +%package console +Summary: Policy analysis command-line tools for SELinux +License: GPLv2 +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} + +%description console +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sediff Compare two policies to find differences. + seinfo List policy components. + sesearch Search rules (allow, type_transition, etc.) + + +%package console-analyses +Summary: Policy analysis command-line tools for SELinux +License: GPLv2 +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} +Requires: python3-networkx + +%description console-analyses +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sedta Perform domain transition analyses. + seinfoflow Perform information flow analyses. + + +%package -n python3-setools +Summary: Policy analysis tools for SELinux +Obsoletes: setools-libs < 4.0.0 +Recommends: libselinux-python3 +%{?python_provide:%python_provide python3-setools} +Requires: python3-setuptools + +%description -n python3-setools +SETools is a collection of graphical tools, command-line tools, and +Python 3 modules designed to facilitate SELinux policy analysis. + + +%package gui +Summary: Policy analysis graphical tools for SELinux +Requires: python3-setools = %{version}-%{release} +Requires: python3-qt5 +Requires: python3-networkx + +%description gui +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. + + +%prep +%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} + + +%build +%py3_build + + +%install +%py3_install + +%check +%if %{?_with_check:1}%{!?_with_check:0} +%{__python3} setup.py test +%endif + + +%files + +%files console +%{_bindir}/sediff +%{_bindir}/seinfo +%{_bindir}/sesearch +%{_mandir}/man1/sediff* +%{_mandir}/man1/seinfo* +%{_mandir}/man1/sesearch* +%{_mandir}/ru/man1/sediff* +%{_mandir}/ru/man1/seinfo* +%{_mandir}/ru/man1/sesearch* + +%files console-analyses +%{_bindir}/sedta +%{_bindir}/seinfoflow +%{_mandir}/man1/sedta* +%{_mandir}/man1/seinfoflow* +%{_mandir}/ru/man1/sedta* +%{_mandir}/ru/man1/seinfoflow* + +%files -n python3-setools +%license COPYING COPYING.GPL COPYING.LGPL +%{python3_sitearch}/setools +%{python3_sitearch}/setools-* + +%files gui +%{_bindir}/apol +%{python3_sitearch}/setoolsgui +%{_mandir}/man1/apol* +%{_mandir}/ru/man1/apol* + +%changelog +* Sat Aug 01 2020 Fedora Release Engineering - 4.3.0-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 4.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 16 2020 Petr Lautrbach - 4.3.0-3 +- rebuild with SELinux userspace 3.1 release + +* Tue May 26 2020 Miro Hrončok - 4.3.0-2 +- Rebuilt for Python 3.9 + +* Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 +- SETools 4.3.0 release +- Revised sediff method for TE rules. This drastically reduced memory and run time. +- Added infiniband context support to seinfo, sediff, and apol. +- Added apol configuration for location of Qt assistant. +- Fixed sediff issue where properties header would display when not requested. +- Fixed sediff issue with type_transition file name comparison. +- Fixed permission map socket sendto information flow direction. +- Added methods to TypeAttribute class to make it a complete Python collection. +- Genfscon now will look up classes rather than using fixed values which + were dropped from libsepol. + +* Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 +- setools requires -console, -console-analyses and -gui packages (#1794314) + +* Thu Jan 30 2020 Fedora Release Engineering - 4.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Oct 03 2019 Miro Hrončok - 4.2.2-3 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Mon Aug 19 2019 Miro Hrončok - 4.2.2-2 +- Rebuilt for Python 3.8 + +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1} +- SETools 4.2.2 release + +* Mon May 13 2019 Vit Mojzis - 4.2.1-3 +- Use %set_build_flags instead of %optflags + +* Mon May 06 2019 Vit Mojzis - 4.2.1-2 +- SELinuxPolicy: Create a map of aliases on policy load (#1672631) + +* Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 +- SETools 4.2.1 release (#1581761, #1595582) + +* Wed Nov 14 2018 Vit Mojzis - 4.2.0-1 +- Update source to SETools 4.2.0 release + +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + +* Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta +- Require userspace release 2.8 +- setools-gui requires python3-setools +- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) +- Drop python2 subpackage (4.2.0 no longer supports python2) + +* Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 +- Add Requires for python[23]-setuptools - no longer required (just recommended) + by python[23] (#1623371) + +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12.1 +- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 + +* Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 4.1.1-10 +- Rebuilt for Python 3.7 + +* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-9 +- Move gui python files to -gui subpackage + +* Thu Apr 26 2018 Vit Mojzis - 4.1.1-8 +- Add support for SCTP protocol (#1568333) + +* Thu Apr 19 2018 Iryna Shcherbina - 4.1.1-7 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering - 4.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Sep 04 2017 Petr Lautrbach - 4.1.1-5 +- setools-python2 requires python2-enum34 + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-4 +- Add Provides for the old name without %%_isa + +* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-3 +- Python 2 binary package renamed to python2-setools + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 +- Python 3 binary package renamed to python3-setools + +* Thu Aug 10 2017 Petr Lautrbach - 4.1.1-2 +- bswap_* macros are defined in byteswap.h + +* Mon Aug 07 2017 Petr Lautrbach - 4.1.1-1 +- New upstream release + +* Thu Aug 03 2017 Fedora Release Engineering - 4.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon May 22 2017 Petr Lautrbach - 4.1.0-3 +- setools-python{,3} packages should have a weak dependency on libselinux-python{,3} + (#1447747) + +* Thu Feb 23 2017 Petr Lautrbach - 4.1.0-2 +- Move python networkx dependency to -gui and -console-analyses +- Ship sedta and seinfoflow in setools-console-analyses + +* Wed Feb 15 2017 Petr Lautrbach - 4.1.0-1 +- New upstream release. diff --git a/sources b/sources new file mode 100644 index 0000000..ff7f110 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile b/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile new file mode 100644 index 0000000..a5e7a6b --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +# Description: Make sure setools requires setools-console and setools-gui +# Author: Vit Mojzis +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Vit Mojzis " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Make sure setools requires setools-console and setools-gui" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 1820078" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh new file mode 100755 index 0000000..16267ce --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools +# Description: Make sure setools requires setools-console and setools-gui +# Author: Vit Mojzis +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools" + +rlJournalStart + rlPhaseStartSetup + rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console" + OUTPUT_FILE=`mktemp` + rlPhaseEnd + + rlPhaseStartTest "bz#1820078" + rlRun "dnf -y install ${PACKAGE}" 0 + rlAssertRpm "${PACKAGE}-gui" + rlAssertRpm "${PACKAGE}-console" + # make sure that setools-* packages do not require setools + rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1 + rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1 + if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi + rlPhaseEnd + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/Sanity/sedta/Makefile b/tests/Sanity/sedta/Makefile new file mode 100644 index 0000000..e45b9de --- /dev/null +++ b/tests/Sanity/sedta/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/setools/Sanity/sedta +# Description: Does sedta work as expected? Does it support all features? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/setools/Sanity/sedta +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does sedta work as expected? Does it support all features?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 1h" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Requires: policycoreutils setools-console-analyses" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/Sanity/sedta/PURPOSE b/tests/Sanity/sedta/PURPOSE new file mode 100644 index 0000000..db04487 --- /dev/null +++ b/tests/Sanity/sedta/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/setools/Sanity/sedta +Description: Does sedta work as expected? Does it support all features? +Author: Milos Malik diff --git a/tests/Sanity/sedta/runtest.sh b/tests/Sanity/sedta/runtest.sh new file mode 100755 index 0000000..4fb0483 --- /dev/null +++ b/tests/Sanity/sedta/runtest.sh @@ -0,0 +1,88 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/setools/Sanity/sedta +# Description: Does sedta work as expected? Does it support all features? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE}-console-analyses + OUTPUT_FILE=`mktemp` + rlRun "semodule -i testpolicy.cil" + rlRun "semodule -l | grep testpolicy" + rlPhaseEnd + + rlPhaseStartTest "invalid values" + rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}" + rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}" + rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}" + rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'must be positive' ${OUTPUT_FILE}" + rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}" + rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}" + rlPhaseEnd + + rlPhaseStartTest "valid values" + # transitivity + rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + # reflexivity + rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + # path is longer than limit + rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + # non-existent relation + rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + # non-existent relation + rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "semodule -r testpolicy" + rlRun "semodule -l | grep testpolicy" 1 + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/Sanity/sedta/testpolicy.cil b/tests/Sanity/sedta/testpolicy.cil new file mode 100644 index 0000000..cc39d72 --- /dev/null +++ b/tests/Sanity/sedta/testpolicy.cil @@ -0,0 +1,21 @@ +( type xyz_t ) + +( type first_t ) +( type first_exec_t ) +( type second_t ) +( type second_exec_t ) +( type third_t ) +( type third_exec_t ) + +( typetransition first_t second_exec_t process second_t ) +( typetransition second_t third_exec_t process third_t ) + +( allow first_t second_exec_t ( file ( getattr open read execute ))) +( allow first_t second_t ( process ( transition ))) +( allow second_t third_exec_t ( file ( getattr open read execute ))) +( allow second_t third_t ( process ( transition ))) + +( allow first_t first_exec_t ( file ( entrypoint ))) +( allow second_t second_exec_t ( file ( entrypoint ))) +( allow third_t third_exec_t ( file ( entrypoint ))) + diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..f1c994e --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,21 @@ +--- +# Test to run in classic context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + repositories: + - repo: "https://src.fedoraproject.org/tests/selinux.git" + dest: "selinux" + fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy" + +# Test to run in classic context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - Sanity/sedta + - Regression/The-setools-package-doesn-t-install-any-tools