2020-03-04 10:35:06 +01:00
|
|
|
#!/usr/bin/env bash
|
2017-08-07 21:09:21 +02:00
|
|
|
set -e
|
2016-01-31 10:01:43 +01:00
|
|
|
TEST_DESCRIPTION="SELinux tests"
|
2017-08-04 14:34:14 +02:00
|
|
|
TEST_NO_NSPAWN=1
|
2016-01-31 10:01:43 +01:00
|
|
|
|
|
|
|
# Requirements:
|
|
|
|
# Fedora 23
|
|
|
|
# selinux-policy-targeted
|
|
|
|
# selinux-policy-devel
|
|
|
|
|
2018-03-23 09:48:15 +01:00
|
|
|
# Check if selinux-policy-devel is installed, and if it isn't bail out early instead of failing
|
2018-06-05 21:27:01 +02:00
|
|
|
test -f /usr/share/selinux/devel/include/system/systemd.if || exit 0
|
2018-03-23 09:48:15 +01:00
|
|
|
|
2016-01-31 10:01:43 +01:00
|
|
|
. $TEST_BASE_DIR/test-functions
|
|
|
|
SETUP_SELINUX=yes
|
2016-06-23 10:25:44 +02:00
|
|
|
KERNEL_APPEND="$KERNEL_APPEND selinux=1 security=selinux"
|
2016-01-31 10:01:43 +01:00
|
|
|
|
|
|
|
test_setup() {
|
2019-07-12 17:47:26 +02:00
|
|
|
create_empty_image_rootdir
|
2016-01-31 10:01:43 +01:00
|
|
|
|
|
|
|
# Create what will eventually be our root filesystem onto an overlay
|
|
|
|
(
|
|
|
|
LOG_LEVEL=5
|
|
|
|
eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
|
|
|
|
|
|
|
|
setup_basic_environment
|
2019-10-08 09:10:12 +02:00
|
|
|
mask_supporting_services
|
2016-01-31 10:01:43 +01:00
|
|
|
|
|
|
|
# setup the testsuite service
|
|
|
|
cat <<EOF >$initdir/etc/systemd/system/testsuite.service
|
|
|
|
[Unit]
|
|
|
|
Description=Testsuite service
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart=/test-selinux-checks.sh
|
|
|
|
Type=oneshot
|
|
|
|
EOF
|
|
|
|
|
|
|
|
cat <<EOF >$initdir/etc/systemd/system/hola.service
|
|
|
|
[Service]
|
|
|
|
Type=oneshot
|
|
|
|
ExecStart=/bin/echo Start Hola
|
|
|
|
ExecReload=/bin/echo Reload Hola
|
|
|
|
ExecStop=/bin/echo Stop Hola
|
|
|
|
RemainAfterExit=yes
|
|
|
|
EOF
|
|
|
|
|
|
|
|
setup_testsuite
|
|
|
|
|
|
|
|
cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service
|
|
|
|
[Unit]
|
|
|
|
Description=Load systemd-test module
|
|
|
|
DefaultDependencies=no
|
|
|
|
Requires=local-fs.target
|
|
|
|
Conflicts=shutdown.target
|
|
|
|
After=local-fs.target
|
|
|
|
Before=sysinit.target shutdown.target autorelabel.service
|
|
|
|
ConditionSecurity=selinux
|
|
|
|
ConditionPathExists=|/.load-systemd-test-module
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load && rm /.load-systemd-test-module'
|
|
|
|
Type=oneshot
|
|
|
|
TimeoutSec=0
|
|
|
|
RemainAfterExit=yes
|
|
|
|
EOF
|
|
|
|
|
|
|
|
touch $initdir/.load-systemd-test-module
|
|
|
|
mkdir -p $initdir/etc/systemd/system/basic.target.wants
|
|
|
|
ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service
|
|
|
|
|
|
|
|
local _modules_dir=/var/lib/selinux
|
|
|
|
rm -rf $initdir/$_modules_dir
|
|
|
|
if ! cp -ar $_modules_dir $initdir/$_modules_dir; then
|
|
|
|
dfatal "Failed to copy $_modules_dir"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
local _policy_headers_dir=/usr/share/selinux/devel
|
|
|
|
rm -rf $initdir/$_policy_headers_dir
|
|
|
|
inst_dir /usr/share/selinux
|
|
|
|
if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then
|
|
|
|
dfatal "Failed to copy $_policy_headers_dir"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
mkdir $initdir/systemd-test-module
|
|
|
|
cp systemd_test.te $initdir/systemd-test-module
|
|
|
|
cp systemd_test.if $initdir/systemd-test-module
|
|
|
|
cp test-selinux-checks.sh $initdir
|
|
|
|
dracut_install -o sesearch
|
|
|
|
dracut_install runcon
|
|
|
|
dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
|
2019-07-08 21:11:32 +02:00
|
|
|
)
|
2016-01-31 10:01:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
do_test "$@"
|