mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-22 22:03:43 +03:00
cc4338e435
As it turns out /usr/share/selinux/devel/ is now included in more RPMs than just selinux-policy-devel (specifically container-selinux, which is pulled in by various container related RPMs). Let's hence tighten the dependency check a bit and look for systemd's .if file, which is what we actually care about.
112 lines
3.5 KiB
Bash
Executable File
112 lines
3.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
|
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
|
set -e
|
|
TEST_DESCRIPTION="SELinux tests"
|
|
TEST_NO_NSPAWN=1
|
|
|
|
# Requirements:
|
|
# Fedora 23
|
|
# selinux-policy-targeted
|
|
# selinux-policy-devel
|
|
|
|
# Check if selinux-policy-devel is installed, and if it isn't bail out early instead of failing
|
|
test -f /usr/share/selinux/devel/include/system/systemd.if || exit 0
|
|
|
|
. $TEST_BASE_DIR/test-functions
|
|
SETUP_SELINUX=yes
|
|
KERNEL_APPEND="$KERNEL_APPEND selinux=1 security=selinux"
|
|
|
|
test_setup() {
|
|
create_empty_image
|
|
mkdir -p $TESTDIR/root
|
|
mount ${LOOPDEV}p1 $TESTDIR/root
|
|
|
|
# Create what will eventually be our root filesystem onto an overlay
|
|
(
|
|
LOG_LEVEL=5
|
|
eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
|
|
|
setup_basic_environment
|
|
|
|
# setup the testsuite service
|
|
cat <<EOF >$initdir/etc/systemd/system/testsuite.service
|
|
[Unit]
|
|
Description=Testsuite service
|
|
After=multi-user.target
|
|
|
|
[Service]
|
|
ExecStart=/test-selinux-checks.sh
|
|
Type=oneshot
|
|
EOF
|
|
|
|
cat <<EOF >$initdir/etc/systemd/system/hola.service
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/bin/echo Start Hola
|
|
ExecReload=/bin/echo Reload Hola
|
|
ExecStop=/bin/echo Stop Hola
|
|
RemainAfterExit=yes
|
|
EOF
|
|
|
|
setup_testsuite
|
|
|
|
cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service
|
|
[Unit]
|
|
Description=Load systemd-test module
|
|
DefaultDependencies=no
|
|
Requires=local-fs.target
|
|
Conflicts=shutdown.target
|
|
After=local-fs.target
|
|
Before=sysinit.target shutdown.target autorelabel.service
|
|
ConditionSecurity=selinux
|
|
ConditionPathExists=|/.load-systemd-test-module
|
|
|
|
[Service]
|
|
ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load && rm /.load-systemd-test-module'
|
|
Type=oneshot
|
|
TimeoutSec=0
|
|
RemainAfterExit=yes
|
|
EOF
|
|
|
|
touch $initdir/.load-systemd-test-module
|
|
mkdir -p $initdir/etc/systemd/system/basic.target.wants
|
|
ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service
|
|
|
|
local _modules_dir=/var/lib/selinux
|
|
rm -rf $initdir/$_modules_dir
|
|
if ! cp -ar $_modules_dir $initdir/$_modules_dir; then
|
|
dfatal "Failed to copy $_modules_dir"
|
|
exit 1
|
|
fi
|
|
|
|
local _policy_headers_dir=/usr/share/selinux/devel
|
|
rm -rf $initdir/$_policy_headers_dir
|
|
inst_dir /usr/share/selinux
|
|
if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then
|
|
dfatal "Failed to copy $_policy_headers_dir"
|
|
exit 1
|
|
fi
|
|
|
|
mkdir $initdir/systemd-test-module
|
|
cp systemd_test.te $initdir/systemd-test-module
|
|
cp systemd_test.if $initdir/systemd-test-module
|
|
cp test-selinux-checks.sh $initdir
|
|
dracut_install -o sesearch
|
|
dracut_install runcon
|
|
dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
|
|
) || return 1
|
|
|
|
# mask some services that we do not want to run in these tests
|
|
ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
|
|
ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
|
|
ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
|
|
ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
|
|
ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service
|
|
|
|
ddebug "umount $TESTDIR/root"
|
|
umount $TESTDIR/root
|
|
}
|
|
|
|
do_test "$@"
|