Merge #4 Run tests also with real selinux and semanage modules
This commit is contained in:
Lukas Vrabec
commit
5ac5425819
51
0002-Add-an-option-for-running-tests-with-real-modules.patch
Normal file
51
0002-Add-an-option-for-running-tests-with-real-modules.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
From ec0fa884fe5f3880c76fa08a6dac1fd3abee9d30 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Zarsky <jzarsky@redhat.com>
|
||||||
|
Date: Tue, 7 May 2019 10:48:00 +0200
|
||||||
|
Subject: [PATCH 1/2] Add an option for running tests with real modules
|
||||||
|
|
||||||
|
For testing purposes, the selinux and semanage modules are mocked. This
|
||||||
|
allows running the tests without SELinux enabled (e.g. in a container).
|
||||||
|
On SELinux-enabled systems, it makes sense to rerun the tests with the
|
||||||
|
actual selinux and semanage modules present on the system. For this
|
||||||
|
purpose, add a global constant named 'SELINUX_ENABLED'.
|
||||||
|
---
|
||||||
|
tests/test_main.py | 11 +++++++++++
|
||||||
|
1 file changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/test_main.py b/tests/test_main.py
|
||||||
|
index 9d8ac6d..08805db 100644
|
||||||
|
--- a/tests/test_main.py
|
||||||
|
+++ b/tests/test_main.py
|
||||||
|
@@ -22,6 +22,11 @@ from unittest.mock import patch
|
||||||
|
sys.path.insert(0, os.path.abspath('..'))
|
||||||
|
import udica.__main__
|
||||||
|
|
||||||
|
+# Use the selinux and semanage packages provided by the system instead of the mock ones. When
|
||||||
|
+# running on a system with SELinux disabled (e.g. in a container), it must be set to False.
|
||||||
|
+# On RHEL, CentOS or Fedora it may be set to True.
|
||||||
|
+SELINUX_ENABLED = False
|
||||||
|
+
|
||||||
|
class TestMain(unittest.TestCase):
|
||||||
|
"""Test basic functionality of udica"""
|
||||||
|
|
||||||
|
@@ -72,11 +77,17 @@ class TestMain(unittest.TestCase):
|
||||||
|
# FIXME: the load_policy function is not properly restoring current working directory
|
||||||
|
self.cwd = os.getcwd()
|
||||||
|
|
||||||
|
+ if SELINUX_ENABLED:
|
||||||
|
+ sys.path = [path for path in sys.path if path not in (os.getcwd(), '')]
|
||||||
|
+
|
||||||
|
import selinux
|
||||||
|
importlib.reload(selinux)
|
||||||
|
import semanage
|
||||||
|
importlib.reload(semanage)
|
||||||
|
|
||||||
|
+ if SELINUX_ENABLED:
|
||||||
|
+ sys.path = [''] + sys.path
|
||||||
|
+
|
||||||
|
with patch('sys.argv', args):
|
||||||
|
with patch('sys.stderr.write') as mock_err, patch('sys.stdout.write') as mock_out:
|
||||||
|
mock_out.output = ""
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
33
0003-Allow-running-test_main.py-directly.patch
Normal file
33
0003-Allow-running-test_main.py-directly.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From aa7037f35c77ea1bbb78860e7dc3c40509a980d9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Zarsky <jzarsky@redhat.com>
|
||||||
|
Date: Tue, 7 May 2019 11:03:36 +0200
|
||||||
|
Subject: [PATCH 2/2] Allow running test_main.py directly
|
||||||
|
|
||||||
|
By default, the tests are run using the 'python3 -m unittest' command.
|
||||||
|
Allow running 'test_main.py' directly so that the 'selinux_enabled'
|
||||||
|
argument can be specified.
|
||||||
|
|
||||||
|
When running on SELinux-enabled systems, the tests can be rerun with:
|
||||||
|
|
||||||
|
python3 test_main.py selinux_enabled
|
||||||
|
---
|
||||||
|
tests/test_main.py | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/test_main.py b/tests/test_main.py
|
||||||
|
index 08805db..6f37cbd 100644
|
||||||
|
--- a/tests/test_main.py
|
||||||
|
+++ b/tests/test_main.py
|
||||||
|
@@ -116,3 +116,9 @@ class TestMain(unittest.TestCase):
|
||||||
|
self.assertMultiLineEqual(policy, exp_policy)
|
||||||
|
|
||||||
|
os.unlink('my_container.cil')
|
||||||
|
+
|
||||||
|
+if __name__ == "__main__":
|
||||||
|
+ if 'selinux_enabled' in sys.argv:
|
||||||
|
+ SELINUX_ENABLED = True
|
||||||
|
+ sys.argv.remove('selinux_enabled')
|
||||||
|
+ unittest.main()
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
@ -12,3 +12,6 @@
|
|||||||
- smoke:
|
- smoke:
|
||||||
dir: ./source/tests
|
dir: ./source/tests
|
||||||
run: python3 -m unittest
|
run: python3 -m unittest
|
||||||
|
- smoke2:
|
||||||
|
dir: ./source/tests
|
||||||
|
run: python3 test_main.py selinux_enabled
|
||||||
|
|||||||
@ -13,15 +13,16 @@ Requires: python3 python3-libsemanage python3-libselinux
|
|||||||
BuildRequires: python2 python2-devel python2-setuptools
|
BuildRequires: python2 python2-devel python2-setuptools
|
||||||
Requires: python2 libsemanage-python libselinux-python
|
Requires: python2 libsemanage-python libselinux-python
|
||||||
%endif
|
%endif
|
||||||
patch00: 0001-Add-allow-rules-for-container_runtime_t-to-base_cont.patch
|
patch1: 0001-Add-allow-rules-for-container_runtime_t-to-base_cont.patch
|
||||||
|
patch2: 0002-Add-an-option-for-running-tests-with-real-modules.patch
|
||||||
|
patch3: 0003-Allow-running-test_main.py-directly.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Tool for generating SELinux security profiles for containers based on
|
Tool for generating SELinux security profiles for containers based on
|
||||||
inspection of container JSON file.
|
inspection of container JSON file.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p 1
|
||||||
%patch00 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user