Add an option for running tests with real modules

To simplify udica testing on Fedora, add an option that allows running
the tests with real system packages (selinux and semanage).

0002-Add-an-option-for-running-tests-with-real-modules.patch

@@ -0,0 +1,51 @@
+From ec0fa884fe5f3880c76fa08a6dac1fd3abee9d30 Mon Sep 17 00:00:00 2001
+From: Jan Zarsky <jzarsky@redhat.com>
+Date: Tue, 7 May 2019 10:48:00 +0200
+Subject: [PATCH 1/2] Add an option for running tests with real modules
+
+For testing purposes, the selinux and semanage modules are mocked. This
+allows running the tests without SELinux enabled (e.g. in a container).
+On SELinux-enabled systems, it makes sense to rerun the tests with the
+actual selinux and semanage modules present on the system. For this
+purpose, add a global constant named 'SELINUX_ENABLED'.
+---
+ tests/test_main.py | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/tests/test_main.py b/tests/test_main.py
+index 9d8ac6d..08805db 100644
+--- a/tests/test_main.py
++++ b/tests/test_main.py
+@@ -22,6 +22,11 @@ from unittest.mock import patch
+ sys.path.insert(0, os.path.abspath('..'))
+ import udica.__main__
+ 
++# Use the selinux and semanage packages provided by the system instead of the mock ones. When
++# running on a system with SELinux disabled (e.g. in a container), it must be set to False.
++# On RHEL, CentOS or Fedora it may be set to True.
++SELINUX_ENABLED = False
++
+ class TestMain(unittest.TestCase):
+     """Test basic functionality of udica"""
+ 
+@@ -72,11 +77,17 @@ class TestMain(unittest.TestCase):
+         # FIXME: the load_policy function is not properly restoring current working directory
+         self.cwd = os.getcwd()
+ 
++        if SELINUX_ENABLED:
++            sys.path = [path for path in sys.path if path not in (os.getcwd(), '')]
++
+         import selinux
+         importlib.reload(selinux)
+         import semanage
+         importlib.reload(semanage)
+ 
++        if SELINUX_ENABLED:
++            sys.path = [''] + sys.path
++
+         with patch('sys.argv', args):
+             with patch('sys.stderr.write') as mock_err, patch('sys.stdout.write') as mock_out:
+                 mock_out.output = ""
+-- 
+2.20.1
+

0003-Allow-running-test_main.py-directly.patch

@@ -0,0 +1,33 @@
+From aa7037f35c77ea1bbb78860e7dc3c40509a980d9 Mon Sep 17 00:00:00 2001
+From: Jan Zarsky <jzarsky@redhat.com>
+Date: Tue, 7 May 2019 11:03:36 +0200
+Subject: [PATCH 2/2] Allow running test_main.py directly
+
+By default, the tests are run using the 'python3 -m unittest' command.
+Allow running 'test_main.py' directly so that the 'selinux_enabled'
+argument can be specified.
+
+When running on SELinux-enabled systems, the tests can be rerun with:
+
+    python3 test_main.py selinux_enabled
+---
+ tests/test_main.py | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tests/test_main.py b/tests/test_main.py
+index 08805db..6f37cbd 100644
+--- a/tests/test_main.py
++++ b/tests/test_main.py
+@@ -116,3 +116,9 @@ class TestMain(unittest.TestCase):
+             self.assertMultiLineEqual(policy, exp_policy)
+ 
+         os.unlink('my_container.cil')
++
++if __name__ == "__main__":
++    if 'selinux_enabled' in sys.argv:
++        SELINUX_ENABLED = True
++        sys.argv.remove('selinux_enabled')
++    unittest.main()
+-- 
+2.20.1
+

udica.spec

@@ -13,15 +13,16 @@ Requires: python3 python3-libsemanage python3-libselinux
 BuildRequires: python2 python2-devel python2-setuptools
 Requires: python2 libsemanage-python libselinux-python
 %endif
-patch00: 0001-Add-allow-rules-for-container_runtime_t-to-base_cont.patch
+patch1: 0001-Add-allow-rules-for-container_runtime_t-to-base_cont.patch
+patch2: 0002-Add-an-option-for-running-tests-with-real-modules.patch
+patch3: 0003-Allow-running-test_main.py-directly.patch
 
 %description
 Tool for generating SELinux security profiles for containers based on
 inspection of container JSON file.
 
 %prep
-%setup -q
-%patch00 -p1
+%autosetup -p 1
 
 %build
 %if 0%{?fedora} || 0%{?rhel} > 7