2016-01-31 12:01:43 +03:00
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
TEST_DESCRIPTION = "SELinux tests"
# Requirements:
# Fedora 23
# selinux-policy-targeted
# selinux-policy-devel
. $TEST_BASE_DIR /test-functions
SETUP_SELINUX = yes
2016-06-23 11:25:44 +03:00
KERNEL_APPEND = " $KERNEL_APPEND selinux=1 security=selinux "
2016-01-31 12:01:43 +03:00
check_result_qemu( ) {
ret = 1
mkdir -p $TESTDIR /root
mount ${ LOOPDEV } p1 $TESTDIR /root
[ [ -e $TESTDIR /root/testok ] ] && ret = 0
[ [ -f $TESTDIR /root/failed ] ] && cp -a $TESTDIR /root/failed $TESTDIR
cp -a $TESTDIR /root/var/log/journal $TESTDIR
umount $TESTDIR /root
[ [ -f $TESTDIR /failed ] ] && cat $TESTDIR /failed
ls -l $TESTDIR /journal/*/*.journal
test -s $TESTDIR /failed && ret = $(( $ret + 1 ))
return $ret
}
test_run( ) {
if run_qemu; then
check_result_qemu || return 1
else
dwarn "can't run QEMU, skipping"
fi
return 0
}
test_setup( ) {
create_empty_image
mkdir -p $TESTDIR /root
mount ${ LOOPDEV } p1 $TESTDIR /root
# Create what will eventually be our root filesystem onto an overlay
(
LOG_LEVEL = 5
eval $( udevadm info --export --query= env --name= ${ LOOPDEV } p2)
setup_basic_environment
# setup the testsuite service
cat <<EOF >$initdir /etc/systemd/system/testsuite.service
[ Unit]
Description = Testsuite service
After = multi-user.target
[ Service]
ExecStart = /test-selinux-checks.sh
Type = oneshot
EOF
cat <<EOF >$initdir /etc/systemd/system/hola.service
[ Service]
Type = oneshot
ExecStart = /bin/echo Start Hola
ExecReload = /bin/echo Reload Hola
ExecStop = /bin/echo Stop Hola
RemainAfterExit = yes
EOF
setup_testsuite
cat <<EOF >$initdir /etc/systemd/system/load-systemd-test-module.service
[ Unit]
Description = Load systemd-test module
DefaultDependencies = no
Requires = local-fs.target
Conflicts = shutdown.target
After = local-fs.target
Before = sysinit.target shutdown.target autorelabel.service
ConditionSecurity = selinux
ConditionPathExists = | /.load-systemd-test-module
[ Service]
ExecStart = /bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load && rm /.load-systemd-test-module'
Type = oneshot
TimeoutSec = 0
RemainAfterExit = yes
EOF
touch $initdir /.load-systemd-test-module
mkdir -p $initdir /etc/systemd/system/basic.target.wants
ln -fs load-systemd-test-module.service $initdir /etc/systemd/system/basic.target.wants/load-systemd-test-module.service
local _modules_dir = /var/lib/selinux
rm -rf $initdir /$_modules_dir
if ! cp -ar $_modules_dir $initdir /$_modules_dir ; then
dfatal " Failed to copy $_modules_dir "
exit 1
fi
local _policy_headers_dir = /usr/share/selinux/devel
rm -rf $initdir /$_policy_headers_dir
inst_dir /usr/share/selinux
if ! cp -ar $_policy_headers_dir $initdir /$_policy_headers_dir ; then
dfatal " Failed to copy $_policy_headers_dir "
exit 1
fi
mkdir $initdir /systemd-test-module
cp systemd_test.te $initdir /systemd-test-module
cp systemd_test.if $initdir /systemd-test-module
cp test-selinux-checks.sh $initdir
dracut_install -o sesearch
dracut_install runcon
dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
) || return 1
# mask some services that we do not want to run in these tests
ln -s /dev/null $initdir /etc/systemd/system/systemd-hwdb-update.service
ln -s /dev/null $initdir /etc/systemd/system/systemd-journal-catalog-update.service
ln -s /dev/null $initdir /etc/systemd/system/systemd-networkd.service
ln -s /dev/null $initdir /etc/systemd/system/systemd-networkd.socket
ln -s /dev/null $initdir /etc/systemd/system/systemd-resolved.service
ddebug " umount $TESTDIR /root "
umount $TESTDIR /root
}
test_cleanup( ) {
umount $TESTDIR /root 2>/dev/null
[ [ $LOOPDEV ] ] && losetup -d $LOOPDEV
return 0
}
do_test " $@ "
