|
 |
a01344b |
#!/bin/bash
|
|
|
a01344b |
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
|
a01344b |
# SPDX-License-Identifier: GPLv2
|
|
|
a01344b |
# Copyright (c) 2021 Red Hat, Inc.
|
|
|
a01344b |
# Author: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
a01344b |
|
|
|
a01344b |
# Include Beakerlib environment
|
|
|
a01344b |
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
|
|
a01344b |
|
|
|
a01344b |
function boolGet() {
|
|
|
a01344b |
getsebool "$1" | cut -d ' ' -f 3
|
|
|
a01344b |
}
|
|
|
a01344b |
function boolSet() {
|
|
|
a01344b |
getsebool "$1" &>/dev/null || return 0
|
|
|
a01344b |
setsebool "$1" "$2" || return 1
|
|
|
a01344b |
[ "$(boolGet "$1")" == "$2" ]
|
|
|
a01344b |
}
|
|
|
a01344b |
|
|
|
a01344b |
TEST_BOOLEAN="domain_can_mmap_files"
|
|
|
a01344b |
|
|
|
a01344b |
rlJournalStart
|
|
|
a01344b |
rlPhaseStartSetup
|
|
|
a01344b |
rlRun "bool_default=\$(boolGet domain_can_mmap_files)" 0 \
|
|
|
a01344b |
"Get the initial boolean value"
|
|
|
a01344b |
rlRun "auditctl -a exclude,never -F subj_user=sysadm_u" 0 \
|
|
|
a01344b |
"Add an audit rule that triggers the bug"
|
|
|
a01344b |
rlPhaseEnd
|
|
|
a01344b |
|
|
|
a01344b |
rlPhaseStartTest
|
|
|
a01344b |
rlRun "setsebool domain_can_mmap_files $(( 1 - $bool_default )) &" 0 \
|
|
|
a01344b |
"Start setsebool in the background (it may hang)"
|
|
|
a01344b |
rlRun "sleep 5s" 0 "Give it a grace period of 5 seconds"
|
|
|
a01344b |
rlRun "test \$(jobs -r | wc -l) -eq 0" 0 "Check that it has exited"
|
|
|
a01344b |
rlPhaseEnd
|
|
|
a01344b |
|
|
|
a01344b |
rlPhaseStartCleanup
|
|
|
a01344b |
rlRun "auditctl -d exclude,never -F subj_user=sysadm_u" 0 \
|
|
|
a01344b |
"Remove the audit rule"
|
|
|
a01344b |
rlRun "boolSet domain_can_mmap_files $bool_default" 0 \
|
|
|
a01344b |
"Restore the boolean value"
|
|
|
a01344b |
rlPhaseEnd
|
|
|
a01344b |
rlJournalPrintText
|
|
|
a01344b |
rlJournalEnd
|