tests / selinux

Clone
Source Code
GIT

#465 test if exim can send into /var/spool/exim/exim_daemon_notify
Merged 3 months ago by mmalik. Opened 3 months ago by mmalik.
tests/ mmalik/selinux exim-daemon-notify  into  main

file modified
+3 -1 
@@ -54,7 +54,7 @@ 
 

  	@echo "Type:            Regression" >> $(METADATA)
 

  	@echo "TestTime:        5m" >> $(METADATA)
 

  	@echo "RunFor:          selinux-policy" >> $(METADATA)
 

- 	@echo "Requires:        audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted /usr/sbin/service setools-console at exim" >> $(METADATA)
 

+ 	@echo "Requires:        audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted /usr/sbin/service setools-console at exim lsof" >> $(METADATA)
 

  	@echo "RhtsRequires:    library(selinux-policy/common)" >> $(METADATA)
 

  	@echo "Priority:        Normal" >> $(METADATA)
 

  	@echo "License:         GPLv2" >> $(METADATA)
 
@@ -66,6 +66,8 @@ 
 

  	@echo "Bug:             1444441" >> $(METADATA) # RHEL-7
 

  	@echo "Bug:             RHEL-14110" >> $(METADATA) # RHEL-9
 

  	@echo "Bug:             RHEL-14186" >> $(METADATA) # RHEL-8
 

+ 	@echo "Bug:             RHEL-21902" >> $(METADATA) # RHEL-9
 

+ 	@echo "Bug:             RHEL-21903" >> $(METADATA) # RHEL-8
 

  

  	rhts-lint $(METADATA)

file modified
+3 
@@ -20,6 +20,7 @@ 
 

    - setools-console
 

    - at
 

    - exim
 

+   - lsof
 

  environment:
 

      AVC_ERROR: +no_avc_check
 

  duration: 5m
 
@@ -39,6 +40,8 @@ 
 

    - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1444441
 

    - verifies: https://issues.redhat.com/browse/RHEL-14110
 

    - verifies: https://issues.redhat.com/browse/RHEL-14186
 

+   - verifies: https://issues.redhat.com/browse/RHEL-21902
 

+   - verifies: https://issues.redhat.com/browse/RHEL-21903
 

  adjust:
 

    - enabled: false
 

      when: distro == rhel-4, rhel-alt-7

file modified
+8 
@@ -85,6 +85,13 @@ 
 

      rlPhaseEnd
 

      fi
 

  

+     if rlIsRHEL 8 9 || rlIsCentOS 8 9 ; then
 

+     rlPhaseStartTest "RHEL-21902 + RHEL-21903"
 

+         rlSEMatchPathCon "/var/spool/exim/exim_daemon_notify" "exim_spool_t"
 

+         rlSESearchRule "allow exim_t exim_t : unix_dgram_socket { sendto } [ ]"
 

+     rlPhaseEnd
 

+     fi
 

+ 

      rlPhaseStartTest "real scenario -- standalone service"
 

          rlRun "echo ${ROOT_PASSWORD} | passwd --stdin root"
 

          if ! rlSEDefined ${PROCESS_CONTEXT} ; then
 
@@ -92,6 +99,7 @@ 
 

              PROCESS_CONTEXT="sendmail_t"
 

          fi
 

          rlSEService ${ROOT_PASSWORD} ${SERVICE_NAME} ${PROCESS_NAME} ${PROCESS_CONTEXT} "start status" 1
 

+         rlRun "lsof | grep exim_daemon_notify"
 

          rlRun "restorecon -Rv /run /var -e /var/ARTIFACTS" 0-255
 

          rlSEService ${ROOT_PASSWORD} ${SERVICE_NAME} ${PROCESS_NAME} ${PROCESS_CONTEXT} "restart status stop status" 1
 

      rlPhaseEnd

TBA later

The TC covers RHEL-21902 and RHEL-21903.

rebased onto 9672bdbd7ba500a820f6364acb137ab90e2558d0
3 months ago

rebased onto 225d6b6f7ea53c7b414f8555554b4b8c9923b1fe
3 months ago

rebased onto 096e4a6dcc4cfb5922e6ed6f20f2181ff98d9c9a
3 months ago

The TC passed as expected.

Unfortunately, I'm not able to reproduce the SELinux denials on Fedora.

rebased onto 3ea1adb
3 months ago

Pull-Request has been merged by mmalik
3 months ago
Metadata
None
No Tags
Changes Summary 3
+3 -1
file changed
selinux-policy/exim-and-similar/Makefile
+3 -0
file changed
selinux-policy/exim-and-similar/main.fmf
+8 -0
file changed
selinux-policy/exim-and-similar/runtest.sh
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.