diff --git a/policycoreutils/file-contexts/Makefile b/policycoreutils/file-contexts/Makefile new file mode 100644 index 0000000..fde8428 --- /dev/null +++ b/policycoreutils/file-contexts/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/policycoreutils/Sanity/file-contexts +# Description: Test semanage fcontext, restorecon, fixfiles, chcon +# Author: Jan Zarsky +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2018 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/policycoreutils/Sanity/file-contexts +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Jan Zarsky " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test semanage fcontext, restorecon, fixfiles, chcon" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils" >> $(METADATA) + @echo "Requires: policycoreutils-python-utils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/policycoreutils/file-contexts/PURPOSE b/policycoreutils/file-contexts/PURPOSE new file mode 100644 index 0000000..dad445e --- /dev/null +++ b/policycoreutils/file-contexts/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/policycoreutils/Sanity/file-contexts +Description: Test semanage fcontext, restorecon, fixfiles, chcon +Author: Jan Zarsky diff --git a/policycoreutils/file-contexts/main.fmf b/policycoreutils/file-contexts/main.fmf new file mode 100644 index 0000000..ea7225a --- /dev/null +++ b/policycoreutils/file-contexts/main.fmf @@ -0,0 +1,7 @@ +path: /policycoreutils/file-contexts +summary: Test semanage fcontext, restorecon, fixfiles, chcon +description: | + The test adds custom file contexts, runs restorecon and checks file + contexts. The chcon command is also tested. +relevancy: + - "distro = rhel-4, rhel-5, rhel-6: False" diff --git a/policycoreutils/file-contexts/runtest.sh b/policycoreutils/file-contexts/runtest.sh new file mode 100755 index 0000000..d421ec8 --- /dev/null +++ b/policycoreutils/file-contexts/runtest.sh @@ -0,0 +1,212 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/policycoreutils/Sanity/file-contexts +# Description: Test semanage fcontext, restorecon, fixfiles, chcon +# Author: Jan Zarsky +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2018 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="policycoreutils" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + + RUN_CON="system_u:object_r:var_run_t:s0" + HOME_BIN_CON="unconfined_u:object_r:home_bin_t:s0" + FILE_CON="user_tmp_t" + TEST_CON="user_home_t" + TEST_CON2="tmp_t" + + function checkFC { + ls -dZ $1 + ls -dZ $1 | grep $2 + return $? + } + rlPhaseEnd + + rlPhaseStartTest "semanage fcontext -l" + rlRun "semanage fcontext -l >stdout" + rlAssertGrep "SELinux fcontext" stdout + rlAssertGrep "SELinux Distribution fcontext Equivalence" stdout + rlAssertGrep "/run/\.\* *all files *$RUN_CON" stdout + rlAssertGrep "/run *directory *$RUN_CON" stdout + rlAssertGrep "/home/\[\^/\]+/bin(/\.\*)? *all files *$HOME_BIN_CON" stdout + rlAssertGrep "/run = /var/run" stdout + rlPhaseEnd + + rlPhaseStartTest "semanage fcontext add and delete" + rlRun "mkdir /tmp/test" + rlRun "pushd /tmp/test" + DIR=$(pwd) + + # add custom file context + rlRun "semanage fcontext -a -t $TEST_CON '$DIR/asdf'" + + rlRun "semanage fcontext -l -C | grep '$DIR/asdf *all files *system_u:object_r:$TEST_CON'" + + # test for regular file + rlRun "touch asdf" + rlRun "checkFC asdf $FILE_CON" + rlRun "restorecon asdf" + rlRun "checkFC asdf $TEST_CON" + rlRun "rm asdf" + + # test for directory + rlRun "mkdir asdf" + rlRun "checkFC asdf $FILE_CON" + rlRun "restorecon asdf" + rlRun "checkFC asdf $TEST_CON" + rlRun "rmdir asdf" + + # modify the context + rlRun "semanage fcontext -m -t $TEST_CON2 '$DIR/asdf'" + + rlRun "semanage fcontext -l -C | grep '$DIR/asdf *all files *system_u:object_r:$TEST_CON2'" + + # test + rlRun "touch asdf" + rlRun "checkFC asdf $FILE_CON" + rlRun "restorecon asdf" + rlRun "checkFC asdf $TEST_CON2" + rlRun "rm asdf" + + # delete the context + rlRun "semanage fcontext -d '$DIR/asdf'" + + rlRun "popd" + rlRun "rm -rf /tmp/test" + rlPhaseEnd + + rlPhaseStartTest "semanage fcontext add and delete with file type" + rlRun "mkdir /tmp/test" + rlRun "pushd /tmp/test" + DIR=$(pwd) + + # add custom file context for regular files + rlRun "semanage fcontext -a -f f -t $TEST_CON '$DIR/asdf'" + # add custom file context for directories + rlRun "semanage fcontext -a -f d -t $TEST_CON2 '$DIR/asdf'" + + rlRun "semanage fcontext -l | grep '$DIR/asdf *regular file *system_u:object_r:$TEST_CON'" + rlRun "semanage fcontext -l | grep '$DIR/asdf *directory *system_u:object_r:$TEST_CON2'" + + # test regular file + rlRun "touch asdf" + rlRun "checkFC asdf $FILE_CON" + rlRun "restorecon asdf" + rlRun "checkFC asdf $TEST_CON" + rlRun "rm asdf" + + # test directory + rlRun "mkdir asdf" + rlRun "checkFC asdf $FILE_CON" + rlRun "restorecon asdf" + rlRun "checkFC asdf $TEST_CON2" + rlRun "rmdir asdf" + + # delete the context + rlRun "semanage fcontext -d -f f '$DIR/asdf'" + rlRun "semanage fcontext -d -f d '$DIR/asdf'" + + rlRun "popd" + rlRun "rm -rf /tmp/test" + rlPhaseEnd + + rlPhaseStartTest "chcon" + rlRun "mkdir /tmp/test" + rlRun "pushd /tmp/test" + + rlRun "touch asdf" + rlRun "checkFC asdf $FILE_CON" + + rlRun "chcon -t $TEST_CON asdf" + rlRun "checkFC asdf $TEST_CON" + + rlRun "popd" + rlRun "rm -rf /tmp/test" + rlPhaseEnd + + rlPhaseStartTest "restorecon" + rlRun "mkdir /tmp/test" + rlRun "pushd /tmp/test" + DIR=$(pwd) + + # add a custom file context for whole directory + rlRun "semanage fcontext -a -t $TEST_CON '$DIR/.*'" + + # create test files and directories + rlRun "touch a" + rlRun "checkFC a $FILE_CON" + rlRun "mkdir dir" + rlRun "checkFC dir $FILE_CON" + rlRun "touch dir/a" + rlRun "checkFC dir/a $FILE_CON" + rlRun "touch dir/b" + rlRun "checkFC dir/b $FILE_CON" + rlRun "mkdir dir/dir" + rlRun "checkFC dir/dir $FILE_CON" + rlRun "touch dir/dir/a" + rlRun "checkFC dir/dir/a $FILE_CON" + + function prepareStr { + echo -n ".* $DIR/$1 .* [[:alnum:]:_]*$2:[[:alnum:]:_]*.*[[:alnum:]:_]*$3:[[:alnum:]:_]*" + } + + # run restorecon in dry-run mode for a single file + rlRun "restorecon -v -n dir/a >stdout" + rlRun "cat stdout" + rlAssertGrep "$(prepareStr dir/a $FILE_CON $TEST_CON)" stdout + rlRun "[ $(cat stdout | wc -l) -eq 1 ]" + + # run restorecon in recursive mode + rlRun "restorecon -r -v dir >stdout" + rlRun "cat stdout" + rlAssertGrep "$(prepareStr dir $FILE_CON $TEST_CON)" stdout + rlAssertGrep "$(prepareStr dir/a $FILE_CON $TEST_CON)" stdout + rlAssertGrep "$(prepareStr dir/b $FILE_CON $TEST_CON)" stdout + rlAssertGrep "$(prepareStr dir/dir $FILE_CON $TEST_CON)" stdout + rlAssertGrep "$(prepareStr dir/dir/a $FILE_CON $TEST_CON)" stdout + rlRun "[ $(cat stdout | wc -l) -eq 5 ]" + + rlRun "checkFC dir $TEST_CON" + rlRun "checkFC dir/a $TEST_CON" + rlRun "checkFC dir/b $TEST_CON" + rlRun "checkFC dir/dir $TEST_CON" + rlRun "checkFC dir/dir/a $TEST_CON" + + # delete the custom context + rlRun "semanage fcontext -d '$DIR/.*'" + + rlRun "popd" + rlRun "rm -rf /tmp/test" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "rm -rf stdout" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd