1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

test: testing for networkd NetLabel feature

This commit is contained in:
Topi Miettinen 2022-08-20 20:57:06 +03:00 committed by Yu Watanabe
parent 4b3590c324
commit a4640bed74
5 changed files with 32 additions and 0 deletions

View File

@ -361,3 +361,8 @@ Address=10.3.3.251/16
Address=10.3.3.252/16
Address=10.3.3.253/16
Address=10.3.3.254/16
[Address]
Address=10.4.3.2/24
# just a random label which should exist
NetLabel=system_u:object_r:root_t:s0

View File

@ -26,6 +26,8 @@ SendDecline=yes
# DenyList= will be ignored
AllowList=192.168.5.0/24 192.168.6.0/24
DenyList=192.168.5.0/24
# just a random label which should exist
NetLabel=system_u:object_r:root_t:s0
[Route]
Destination=192.168.5.0/24

View File

@ -14,3 +14,5 @@ SubnetId=0
Announce=no
Token=eui64
Token=::1a:2b:3c:4d
# just a random label which should exist
NetLabel=system_u:object_r:root_t:s0

View File

@ -7,3 +7,5 @@ IPv6AcceptRA=true
[IPv6AcceptRA]
UseDomains=yes
# just a random label which should exist
NetLabel=system_u:object_r:root_t:s0

View File

@ -889,6 +889,18 @@ class Utilities():
self.assertNotRegex(output, address_regex)
def check_netlabel(self, interface, address, label='system_u:object_r:root_t:s0'):
if not shutil.which('selinuxenabled'):
print(f'## Checking NetLabel skipped: selinuxenabled command not found.')
elif call_quiet('selinuxenabled') != 0:
print(f'## Checking NetLabel skipped: SELinux disabled.')
elif not shutil.which('netlabelctl'): # not packaged by all distros
print(f'## Checking NetLabel skipped: netlabelctl command not found.')
else:
output = check_output('netlabelctl unlbl list')
print(output)
self.assertRegex(output, f'interface:{interface},address:{address},label:"{label}"')
class NetworkctlTests(unittest.TestCase, Utilities):
def setUp(self):
@ -2209,6 +2221,8 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
self.assertIn('inet6 2001:db8:1:f101::1/64 scope global deprecated', output)
self.assertRegex(output, r'inet6 fd[0-9a-f:]*1/64 scope global')
self.check_netlabel('dummy98', '10\.4\.3\.0/24')
# Tests for #20891.
# 1. set preferred lifetime forever to drop the deprecated flag for testing #20891.
check_output('ip address change 10.7.8.9/16 dev dummy98 preferred_lft forever')
@ -4267,6 +4281,9 @@ class NetworkdRATests(unittest.TestCase, Utilities):
print(output)
self.assertRegex(output, '2002:da8:1:0')
self.check_netlabel('veth99', '2002:da8:1::/64')
self.check_netlabel('veth99', '2002:da8:2::/64')
def test_ipv6_token_static(self):
copy_network_unit('25-veth.netdev', '25-ipv6-prefix.network', '25-ipv6-prefix-veth-token-static.network')
start_networkd()
@ -4560,6 +4577,8 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
self.assertIn('client provides name: test-hostname', output)
self.assertIn('26:mtu', output)
self.check_netlabel('veth99', '192\.168\.5\.0/24')
def test_dhcp_client_ipv4_use_routes_gateway(self):
first = True
for (routes, gateway, dns_and_ntp_routes, classless) in itertools.product([True, False], repeat=4):
@ -5117,6 +5136,8 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
print(output)
self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto dhcp metric [0-9]* expires')
self.check_netlabel('dummy98', '3ffe:501:ffff:[2-9a-f]00::/64')
def verify_dhcp4_6rd(self, tunnel_name):
print('### ip -4 address show dev veth-peer scope global')
output = check_output('ip -4 address show dev veth-peer scope global')