| |
@@ -0,0 +1,212 @@
|
| |
+ #!/bin/bash
|
| |
+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
| |
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| |
+ #
|
| |
+ # runtest.sh of /CoreOS/policycoreutils/Sanity/file-contexts
|
| |
+ # Description: Test semanage fcontext, restorecon, fixfiles, chcon
|
| |
+ # Author: Jan Zarsky <jzarsky@redhat.com>
|
| |
+ #
|
| |
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| |
+ #
|
| |
+ # Copyright (c) 2018 Red Hat, Inc.
|
| |
+ #
|
| |
+ # This program is free software: you can redistribute it and/or
|
| |
+ # modify it under the terms of the GNU General Public License as
|
| |
+ # published by the Free Software Foundation, either version 2 of
|
| |
+ # the License, or (at your option) any later version.
|
| |
+ #
|
| |
+ # This program is distributed in the hope that it will be
|
| |
+ # useful, but WITHOUT ANY WARRANTY; without even the implied
|
| |
+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
| |
+ # PURPOSE. See the GNU General Public License for more details.
|
| |
+ #
|
| |
+ # You should have received a copy of the GNU General Public License
|
| |
+ # along with this program. If not, see http://www.gnu.org/licenses/.
|
| |
+ #
|
| |
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| |
+
|
| |
+ # Include Beaker environment
|
| |
+ . /usr/bin/rhts-environment.sh || exit 1
|
| |
+ . /usr/share/beakerlib/beakerlib.sh || exit 1
|
| |
+
|
| |
+ PACKAGE="policycoreutils"
|
| |
+
|
| |
+ rlJournalStart
|
| |
+ rlPhaseStartSetup
|
| |
+ rlAssertRpm $PACKAGE
|
| |
+
|
| |
+ RUN_CON="system_u:object_r:var_run_t:s0"
|
| |
+ HOME_BIN_CON="unconfined_u:object_r:home_bin_t:s0"
|
| |
+ FILE_CON="user_tmp_t"
|
| |
+ TEST_CON="user_home_t"
|
| |
+ TEST_CON2="tmp_t"
|
| |
+
|
| |
+ function checkFC {
|
| |
+ ls -dZ $1
|
| |
+ ls -dZ $1 | grep $2
|
| |
+ return $?
|
| |
+ }
|
| |
+ rlPhaseEnd
|
| |
+
|
| |
+ rlPhaseStartTest "semanage fcontext -l"
|
| |
+ rlRun "semanage fcontext -l >stdout"
|
| |
+ rlAssertGrep "SELinux fcontext" stdout
|
| |
+ rlAssertGrep "SELinux Distribution fcontext Equivalence" stdout
|
| |
+ rlAssertGrep "/run/\.\* *all files *$RUN_CON" stdout
|
| |
+ rlAssertGrep "/run *directory *$RUN_CON" stdout
|
| |
+ rlAssertGrep "/home/\[\^/\]+/bin(/\.\*)? *all files *$HOME_BIN_CON" stdout
|
| |
+ rlAssertGrep "/run = /var/run" stdout
|
| |
+ rlPhaseEnd
|
| |
+
|
| |
+ rlPhaseStartTest "semanage fcontext add and delete"
|
| |
+ rlRun "mkdir /tmp/test"
|
| |
+ rlRun "pushd /tmp/test"
|
| |
+ DIR=$(pwd)
|
| |
+
|
| |
+ # add custom file context
|
| |
+ rlRun "semanage fcontext -a -t $TEST_CON '$DIR/asdf'"
|
| |
+
|
| |
+ rlRun "semanage fcontext -l -C | grep '$DIR/asdf *all files *system_u:object_r:$TEST_CON'"
|
| |
+
|
| |
+ # test for regular file
|
| |
+ rlRun "touch asdf"
|
| |
+ rlRun "checkFC asdf $FILE_CON"
|
| |
+ rlRun "restorecon asdf"
|
| |
+ rlRun "checkFC asdf $TEST_CON"
|
| |
+ rlRun "rm asdf"
|
| |
+
|
| |
+ # test for directory
|
| |
+ rlRun "mkdir asdf"
|
| |
+ rlRun "checkFC asdf $FILE_CON"
|
| |
+ rlRun "restorecon asdf"
|
| |
+ rlRun "checkFC asdf $TEST_CON"
|
| |
+ rlRun "rmdir asdf"
|
| |
+
|
| |
+ # modify the context
|
| |
+ rlRun "semanage fcontext -m -t $TEST_CON2 '$DIR/asdf'"
|
| |
+
|
| |
+ rlRun "semanage fcontext -l -C | grep '$DIR/asdf *all files *system_u:object_r:$TEST_CON2'"
|
| |
+
|
| |
+ # test
|
| |
+ rlRun "touch asdf"
|
| |
+ rlRun "checkFC asdf $FILE_CON"
|
| |
+ rlRun "restorecon asdf"
|
| |
+ rlRun "checkFC asdf $TEST_CON2"
|
| |
+ rlRun "rm asdf"
|
| |
+
|
| |
+ # delete the context
|
| |
+ rlRun "semanage fcontext -d '$DIR/asdf'"
|
| |
+
|
| |
+ rlRun "popd"
|
| |
+ rlRun "rm -rf /tmp/test"
|
| |
+ rlPhaseEnd
|
| |
+
|
| |
+ rlPhaseStartTest "semanage fcontext add and delete with file type"
|
| |
+ rlRun "mkdir /tmp/test"
|
| |
+ rlRun "pushd /tmp/test"
|
| |
+ DIR=$(pwd)
|
| |
+
|
| |
+ # add custom file context for regular files
|
| |
+ rlRun "semanage fcontext -a -f f -t $TEST_CON '$DIR/asdf'"
|
| |
+ # add custom file context for directories
|
| |
+ rlRun "semanage fcontext -a -f d -t $TEST_CON2 '$DIR/asdf'"
|
| |
+
|
| |
+ rlRun "semanage fcontext -l | grep '$DIR/asdf *regular file *system_u:object_r:$TEST_CON'"
|
| |
+ rlRun "semanage fcontext -l | grep '$DIR/asdf *directory *system_u:object_r:$TEST_CON2'"
|
| |
+
|
| |
+ # test regular file
|
| |
+ rlRun "touch asdf"
|
| |
+ rlRun "checkFC asdf $FILE_CON"
|
| |
+ rlRun "restorecon asdf"
|
| |
+ rlRun "checkFC asdf $TEST_CON"
|
| |
+ rlRun "rm asdf"
|
| |
+
|
| |
+ # test directory
|
| |
+ rlRun "mkdir asdf"
|
| |
+ rlRun "checkFC asdf $FILE_CON"
|
| |
+ rlRun "restorecon asdf"
|
| |
+ rlRun "checkFC asdf $TEST_CON2"
|
| |
+ rlRun "rmdir asdf"
|
| |
+
|
| |
+ # delete the context
|
| |
+ rlRun "semanage fcontext -d -f f '$DIR/asdf'"
|
| |
+ rlRun "semanage fcontext -d -f d '$DIR/asdf'"
|
| |
+
|
| |
+ rlRun "popd"
|
| |
+ rlRun "rm -rf /tmp/test"
|
| |
+ rlPhaseEnd
|
| |
+
|
| |
+ rlPhaseStartTest "chcon"
|
| |
+ rlRun "mkdir /tmp/test"
|
| |
+ rlRun "pushd /tmp/test"
|
| |
+
|
| |
+ rlRun "touch asdf"
|
| |
+ rlRun "checkFC asdf $FILE_CON"
|
| |
+
|
| |
+ rlRun "chcon -t $TEST_CON asdf"
|
| |
+ rlRun "checkFC asdf $TEST_CON"
|
| |
+
|
| |
+ rlRun "popd"
|
| |
+ rlRun "rm -rf /tmp/test"
|
| |
+ rlPhaseEnd
|
| |
+
|
| |
+ rlPhaseStartTest "restorecon"
|
| |
+ rlRun "mkdir /tmp/test"
|
| |
+ rlRun "pushd /tmp/test"
|
| |
+ DIR=$(pwd)
|
| |
+
|
| |
+ # add a custom file context for whole directory
|
| |
+ rlRun "semanage fcontext -a -t $TEST_CON '$DIR/.*'"
|
| |
+
|
| |
+ # create test files and directories
|
| |
+ rlRun "touch a"
|
| |
+ rlRun "checkFC a $FILE_CON"
|
| |
+ rlRun "mkdir dir"
|
| |
+ rlRun "checkFC dir $FILE_CON"
|
| |
+ rlRun "touch dir/a"
|
| |
+ rlRun "checkFC dir/a $FILE_CON"
|
| |
+ rlRun "touch dir/b"
|
| |
+ rlRun "checkFC dir/b $FILE_CON"
|
| |
+ rlRun "mkdir dir/dir"
|
| |
+ rlRun "checkFC dir/dir $FILE_CON"
|
| |
+ rlRun "touch dir/dir/a"
|
| |
+ rlRun "checkFC dir/dir/a $FILE_CON"
|
| |
+
|
| |
+ function prepareStr {
|
| |
+ echo -n ".* $DIR/$1 .* [[:alnum:]:_]*$2:[[:alnum:]:_]*.*[[:alnum:]:_]*$3:[[:alnum:]:_]*"
|
| |
+ }
|
| |
+
|
| |
+ # run restorecon in dry-run mode for a single file
|
| |
+ rlRun "restorecon -v -n dir/a >stdout"
|
| |
+ rlRun "cat stdout"
|
| |
+ rlAssertGrep "$(prepareStr dir/a $FILE_CON $TEST_CON)" stdout
|
| |
+ rlRun "[ $(cat stdout | wc -l) -eq 1 ]"
|
| |
+
|
| |
+ # run restorecon in recursive mode
|
| |
+ rlRun "restorecon -r -v dir >stdout"
|
| |
+ rlRun "cat stdout"
|
| |
+ rlAssertGrep "$(prepareStr dir $FILE_CON $TEST_CON)" stdout
|
| |
+ rlAssertGrep "$(prepareStr dir/a $FILE_CON $TEST_CON)" stdout
|
| |
+ rlAssertGrep "$(prepareStr dir/b $FILE_CON $TEST_CON)" stdout
|
| |
+ rlAssertGrep "$(prepareStr dir/dir $FILE_CON $TEST_CON)" stdout
|
| |
+ rlAssertGrep "$(prepareStr dir/dir/a $FILE_CON $TEST_CON)" stdout
|
| |
+ rlRun "[ $(cat stdout | wc -l) -eq 5 ]"
|
| |
+
|
| |
+ rlRun "checkFC dir $TEST_CON"
|
| |
+ rlRun "checkFC dir/a $TEST_CON"
|
| |
+ rlRun "checkFC dir/b $TEST_CON"
|
| |
+ rlRun "checkFC dir/dir $TEST_CON"
|
| |
+ rlRun "checkFC dir/dir/a $TEST_CON"
|
| |
+
|
| |
+ # delete the custom context
|
| |
+ rlRun "semanage fcontext -d '$DIR/.*'"
|
| |
+
|
| |
+ rlRun "popd"
|
| |
+ rlRun "rm -rf /tmp/test"
|
| |
+ rlPhaseEnd
|
| |
+
|
| |
+ rlPhaseStartCleanup
|
| |
+ rlRun "rm -rf stdout"
|
| |
+ rlPhaseEnd
|
| |
+ rlJournalPrintText
|
| |
+ rlJournalEnd
|
| |
