From 6f541f3193f022a8f8e70f8af92c574617202938 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Jun 02 2020 20:32:01 +0000 Subject: Test reboot of CI machine and collect AVCs --- diff --git a/tests/test-reboot.yml b/tests/test-reboot.yml new file mode 100644 index 0000000..f468fb1 --- /dev/null +++ b/tests/test-reboot.yml @@ -0,0 +1,42 @@ +--- +- hosts: localhost + vars: + - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}" + tags: + - classic + tasks: + - name: reboot + block: + - name: restart host + shell: sleep 2 && shutdown -r now "Ansible updates triggered" + async: 1 + poll: 0 + ignore_errors: true + + - name: wait for host to come back + wait_for_connection: + delay: 10 + timeout: 300 + + - name: Re-create /tmp/artifacts + command: mkdir /tmp/artifacts + + - name: Generate fake SELinux denial + shell: runcon -u system_u -r system_r -t init_t -- /bin/cat /etc/shadow || true + + - name: Gather SELinux denials since boot + shell: | + ausearch -m avc -m selinux_err -m user_avc -ts boot > /tmp/avc.log 2> /tmp/avc.err.log + grep -q '' /tmp/avc.err.log && result=pass || result=fail + echo -e "results:\n- {result: $result, test: reboot}" > /tmp/results.yml + + always: + - name: Pull out the artifacts + fetch: + dest: "{{ artifacts }}/" + src: "{{ item }}" + flat: yes + with_items: + - /tmp/avc.log + - /tmp/avc.err.log + - /tmp/results.yml diff --git a/tests/tests.yml b/tests/tests.yml index aa1af2a..b073ca5 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -1,12 +1 @@ ---- -# Tests that run in all contexts -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - - container - repositories: - - repo: "https://src.fedoraproject.org/tests/selinux.git" - dest: "selinux" - fmf_filter: "tier: 1 | component: libsepol" +- import_playbook: test-reboot.yml