From 41b007ecf3f998804a59170a229497ff5c04bc80 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Mon, 27 Apr 2020 12:08:35 +0200 Subject: [PATCH] Update 'tests/sanity' to include more containers Sanity testcase generates SELinux policy just for one container "fedora:latest". Testcase should test generating SELinux policy also for Fedora Rawhide container, RHEL universal base image {7,8} and centos containers --- tests/sanity/runtest.sh | 66 ++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/tests/sanity/runtest.sh b/tests/sanity/runtest.sh index c8c5f34..fa1f802 100755 --- a/tests/sanity/runtest.sh +++ b/tests/sanity/runtest.sh @@ -30,6 +30,8 @@ PACKAGE="udica" +CONTAINERS="fedora:latest fedora:rawhide ubi8 ubi7 centos:8 centos:7" + rlJournalStart rlPhaseStartSetup rlAssertRpm "udica" @@ -43,44 +45,46 @@ rlJournalStart rlRun "PAGER=cat man udica" rlPhaseEnd - rlPhaseStartTest "Test basic scenario" - rlRun "podman run -dit --name test -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 fedora" - rlRun "podman ps | grep test" - rlRun "ps -efZ | grep bash" - rlRun "ps -efZ | grep bash | grep container_t" + for CONTAINER_NAME in ${CONTAINERS} ; do + rlPhaseStartTest "Test basic scenario for ${CONTAINER_NAME} container" + rlRun "podman run -dit --name test -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 ${CONTAINER_NAME}" + rlRun "podman ps | grep test" + rlRun "ps -efZ | grep bash" + rlRun "ps -efZ | grep bash | grep container_t" - rlRun "podman exec test ls /home" 1,2 - rlRun "podman exec test touch /var/spool/test" 1 - rlRun "podman exec test dnf install nmap-ncat -y" 0 - rlWatchdog "rlRun \"podman exec test nc -l 53\"" 3 + rlRun "podman exec test ls /home" 1,2 + rlRun "podman exec test touch /var/spool/test" 1 + rlRun "podman exec test yum install nmap-ncat -y" 0 + rlWatchdog "rlRun \"podman exec test nc -l 53\"" 3 - CONT_ID=$(podman ps | grep test | cut -d ' ' -f 1) - rlRun "podman inspect $CONT_ID | udica my_container >$OUTPUT_FILE" - rlRun "podman stop test" - rlRun "podman rm --force test" + CONT_ID=$(podman ps | grep test | cut -d ' ' -f 1) + rlRun "podman inspect $CONT_ID | udica my_container >$OUTPUT_FILE" + rlRun "podman stop test" + rlRun "podman rm --force test" - rlRun "cat $OUTPUT_FILE" - rlAssertExists "my_container.cil" - SEMODULE=$(cat $OUTPUT_FILE | grep "semodule -i" | cut -d '#' -f 2) - rlRun "$SEMODULE" + rlRun "cat $OUTPUT_FILE" + rlAssertExists "my_container.cil" + SEMODULE=$(cat $OUTPUT_FILE | grep "semodule -i" | cut -d '#' -f 2) + rlRun "$SEMODULE" - PODMAN_OPT=$(cat $OUTPUT_FILE | grep "security-opt" | cut -d '"' -f 2) - rlRun "podman run -dit --name test2 $PODMAN_OPT -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 fedora" - rlRun "podman ps | grep test2" - rlRun "ps -efZ | grep bash" - rlRun "ps -efZ | grep bash | grep my_container.process" + PODMAN_OPT=$(cat $OUTPUT_FILE | grep "security-opt" | cut -d '"' -f 2) + rlRun "podman run -dit --name test2 $PODMAN_OPT -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 fedora" + rlRun "podman ps | grep test2" + rlRun "ps -efZ | grep bash" + rlRun "ps -efZ | grep bash | grep my_container.process" - rlRun "podman exec test2 ls /home" 0 - rlRun "podman exec test2 touch /var/spool/test" 0 - rlRun "podman exec test2 dnf install nmap-ncat -y" 0 - rlWatchdog "rlRun \"podman exec test2 nc -l 53\" 2" 3 + rlRun "podman exec test2 ls /home" 0 + rlRun "podman exec test2 touch /var/spool/test" 0 + rlRun "podman exec test2 yum install nmap-ncat -y" 0 + rlWatchdog "rlRun \"podman exec test2 nc -l 53\" 2" 3 - rlRun "podman stop test2" - rlRun "podman rm --force test2" + rlRun "podman stop test2" + rlRun "podman rm --force test2" - rlRun "semodule -r my_container base_container net_container home_container" - rlRun "rm my_container.cil" - rlPhaseEnd + rlRun "semodule -r my_container base_container net_container home_container" + rlRun "rm my_container.cil" + rlPhaseEnd + done rlPhaseStartTest "Compare different ways of obtaining policy" rlRun "podman run -dit --name test -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 fedora"