test/TEST-06-SELINUX/test.sh

	test.sh revision 5c7290b1956453024fc14abba2385ea9e9bccf8c
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen#!/bin/bash
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen# ex: ts=8 sw=4 sts=4 et filetype=sh
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenTEST_DESCRIPTION="SELinux tests"
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen# Requirements:
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen# Fedora 23
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen# selinux-policy-targeted
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen# selinux-policy-devel
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen. $TEST_BASE_DIR/test-functions
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenSETUP_SELINUX=yes
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenKERNEL_APPEND="$KERNEL_APPEND selinux=1"
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersencheck_result_qemu() {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ret=1
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    mkdir -p $TESTDIR/root
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    mount ${LOOPDEV}p1 $TESTDIR/root
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    [[ -e $TESTDIR/root/testok ]] && ret=0
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    cp -a $TESTDIR/root/var/log/journal $TESTDIR
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen    umount $TESTDIR/root
2a73e0d39a9bec82c3800071e375d27164727e71Tom Gundersen    [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen    ls -l $TESTDIR/journal/*/*.journal
16b9b87aeee9353b5b8dae6089a69752422a5b09Tom Gundersen    test -s $TESTDIR/failed && ret=$(($ret+1))
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    return $ret
16b9b87aeee9353b5b8dae6089a69752422a5b09Tom Gundersen}
a501033335ed402c8f7e86fe41a15531ba69abd7Tom Gundersen
a501033335ed402c8f7e86fe41a15531ba69abd7Tom Gundersentest_run() {
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen    if run_qemu; then
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen        check_result_qemu || return 1
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    else
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        dwarn "can't run QEMU, skipping"
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    fi
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    return 0
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen}
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
daeb71a36a98834664e4d95773a3629b746f4db8Tom Gundersentest_setup() {
16b9b87aeee9353b5b8dae6089a69752422a5b09Tom Gundersen    create_empty_image
3aeb37bc4f32b5edc334f2ac7c5d3c7b0a121328Tom Gundersen    mkdir -p $TESTDIR/root
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    mount ${LOOPDEV}p1 $TESTDIR/root
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    # Create what will eventually be our root filesystem onto an overlay
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    (
a501033335ed402c8f7e86fe41a15531ba69abd7Tom Gundersen        LOG_LEVEL=5
a501033335ed402c8f7e86fe41a15531ba69abd7Tom Gundersen        eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
f61942250a43a123580d7bbe5d7873dc5118ed97Tom Gundersen
f61942250a43a123580d7bbe5d7873dc5118ed97Tom Gundersen        setup_basic_environment
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen        # setup the testsuite service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        cat <<EOF >$initdir/etc/systemd/system/testsuite.service
97f2d76d4f4dfab8b0629c09926a05a1e5621125Tom Gundersen[Unit]
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenDescription=Testsuite service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenAfter=multi-user.target
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom Gundersen
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom Gundersen[Service]
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom GundersenExecStart=/test-selinux-checks.sh
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenType=oneshot
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom GundersenEOF
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        cat <<EOF >$initdir/etc/systemd/system/hola.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen[Service]
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenType=oneshot
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenExecStart=/bin/echo Start Hola
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenExecReload=/bin/echo Reload Hola
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenExecStop=/bin/echo Stop Hola
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenRemainAfterExit=yes
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenEOF
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
977085794d2996320e345433403de75f662b0622Tom Gundersen        setup_testsuite
977085794d2996320e345433403de75f662b0622Tom Gundersen
f61942250a43a123580d7bbe5d7873dc5118ed97Tom Gundersen        cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service
f61942250a43a123580d7bbe5d7873dc5118ed97Tom Gundersen[Unit]
9dc670ea766c711741f462b29572f2e5f8f3f6bcTom GundersenDescription=Load systemd-test module
9dc670ea766c711741f462b29572f2e5f8f3f6bcTom GundersenDefaultDependencies=no
9dc670ea766c711741f462b29572f2e5f8f3f6bcTom GundersenRequires=local-fs.target
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenConflicts=shutdown.target
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenAfter=local-fs.target
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenBefore=sysinit.target shutdown.target autorelabel.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenConditionSecurity=selinux
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenConditionPathExists=|/.load-systemd-test-module
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen[Service]
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load  && rm /.load-systemd-test-module'
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenType=oneshot
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenTimeoutSec=0
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenRemainAfterExit=yes
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom GundersenEOF
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom Gundersen
5b9d4dc05560ddda89e48b6b39365824b15e1300Tom Gundersen        touch $initdir/.load-systemd-test-module
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        mkdir -p $initdir/etc/systemd/system/basic.target.wants
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
977085794d2996320e345433403de75f662b0622Tom Gundersen        local _modules_dir=/var/lib/selinux
977085794d2996320e345433403de75f662b0622Tom Gundersen        rm -rf $initdir/$_modules_dir
977085794d2996320e345433403de75f662b0622Tom Gundersen        if ! cp -ar $_modules_dir $initdir/$_modules_dir; then
977085794d2996320e345433403de75f662b0622Tom Gundersen            dfatal "Failed to copy $_modules_dir"
977085794d2996320e345433403de75f662b0622Tom Gundersen            exit 1
977085794d2996320e345433403de75f662b0622Tom Gundersen        fi
977085794d2996320e345433403de75f662b0622Tom Gundersen
977085794d2996320e345433403de75f662b0622Tom Gundersen        local _policy_headers_dir=/usr/share/selinux/devel
977085794d2996320e345433403de75f662b0622Tom Gundersen        rm -rf $initdir/$_policy_headers_dir
977085794d2996320e345433403de75f662b0622Tom Gundersen        inst_dir /usr/share/selinux
977085794d2996320e345433403de75f662b0622Tom Gundersen        if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then
977085794d2996320e345433403de75f662b0622Tom Gundersen            dfatal "Failed to copy $_policy_headers_dir"
977085794d2996320e345433403de75f662b0622Tom Gundersen            exit 1
977085794d2996320e345433403de75f662b0622Tom Gundersen        fi
977085794d2996320e345433403de75f662b0622Tom Gundersen
977085794d2996320e345433403de75f662b0622Tom Gundersen        mkdir $initdir/systemd-test-module
977085794d2996320e345433403de75f662b0622Tom Gundersen        cp systemd_test.te $initdir/systemd-test-module
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        cp systemd_test.if $initdir/systemd-test-module
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        cp test-selinux-checks.sh $initdir
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        dracut_install -o sesearch
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        dracut_install runcon
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen        dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ) || return 1
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    # mask some services that we do not want to run in these tests
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    ddebug "umount $TESTDIR/root"
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    umount $TESTDIR/root
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen}
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersentest_cleanup() {
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    umount $TESTDIR/root 2>/dev/null
af6f0d422c521374ee6a2dd92df5935a5a476ae5Tom Gundersen    [[ $LOOPDEV ]] && losetup -d $LOOPDEV
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen    return 0
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen}
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersendo_test "$@"
43b3a5ef61859f06cdbaf26765cab8e1adac4296Tom Gundersen