[thirdparty/systemd.git] / test / TEST-06-SELINUX / test.sh

#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
set -e
TEST_DESCRIPTION="SELinux tests"
TEST_NO_NSPAWN=1

# Requirements:
# Fedora 23
# selinux-policy-targeted
# selinux-policy-devel

# Check if selinux-policy-devel is installed, and if it isn't bail out early instead of failing
test -d /usr/share/selinux/devel || exit 0

. $TEST_BASE_DIR/test-functions
SETUP_SELINUX=yes
KERNEL_APPEND="$KERNEL_APPEND selinux=1 security=selinux"

test_setup() {
    create_empty_image
    mkdir -p $TESTDIR/root
    mount ${LOOPDEV}p1 $TESTDIR/root

    # Create what will eventually be our root filesystem onto an overlay
    (
        LOG_LEVEL=5
        eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)

        setup_basic_environment

        # setup the testsuite service
        cat <<EOF >$initdir/etc/systemd/system/testsuite.service
[Unit]
Description=Testsuite service
After=multi-user.target

[Service]
ExecStart=/test-selinux-checks.sh
Type=oneshot
EOF

        cat <<EOF >$initdir/etc/systemd/system/hola.service
[Service]
Type=oneshot
ExecStart=/bin/echo Start Hola
ExecReload=/bin/echo Reload Hola
ExecStop=/bin/echo Stop Hola
RemainAfterExit=yes
EOF

        setup_testsuite

        cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service
[Unit]
Description=Load systemd-test module
DefaultDependencies=no
Requires=local-fs.target
Conflicts=shutdown.target
After=local-fs.target
Before=sysinit.target shutdown.target autorelabel.service
ConditionSecurity=selinux
ConditionPathExists=|/.load-systemd-test-module

[Service]
ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load  && rm /.load-systemd-test-module'
Type=oneshot
TimeoutSec=0
RemainAfterExit=yes
EOF

        touch $initdir/.load-systemd-test-module
        mkdir -p $initdir/etc/systemd/system/basic.target.wants
        ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service

        local _modules_dir=/var/lib/selinux
        rm -rf $initdir/$_modules_dir
        if ! cp -ar $_modules_dir $initdir/$_modules_dir; then
            dfatal "Failed to copy $_modules_dir"
            exit 1
        fi

        local _policy_headers_dir=/usr/share/selinux/devel
        rm -rf $initdir/$_policy_headers_dir
        inst_dir /usr/share/selinux
        if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then
            dfatal "Failed to copy $_policy_headers_dir"
            exit 1
        fi

        mkdir $initdir/systemd-test-module
        cp systemd_test.te $initdir/systemd-test-module
        cp systemd_test.if $initdir/systemd-test-module
        cp test-selinux-checks.sh $initdir
        dracut_install -o sesearch
        dracut_install runcon
        dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
    ) || return 1

    # mask some services that we do not want to run in these tests
    ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
    ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
    ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
    ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
    ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service

    ddebug "umount $TESTDIR/root"
    umount $TESTDIR/root
}

do_test "$@"
Commit	Line	Data
5c7290b1 EV	1	#!/bin/bash
	2	# -- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; --
	3	# ex: ts=8 sw=4 sts=4 et filetype=sh
818567fc	4	set -e
5c7290b1	5	TEST_DESCRIPTION="SELinux tests"
054ee249	6	TEST_NO_NSPAWN=1
5c7290b1 EV	7
	8	# Requirements:
	9	# Fedora 23
	10	# selinux-policy-targeted
	11	# selinux-policy-devel
	12
67321fdf LP	13	# Check if selinux-policy-devel is installed, and if it isn't bail out early instead of failing
	14	test -d /usr/share/selinux/devel \|\| exit 0
	15
5c7290b1 EV	16	. $TEST_BASE_DIR/test-functions
5c7290b1 EV	17	SETUP_SELINUX=yes
a415d436	18	KERNEL_APPEND="$KERNEL_APPEND selinux=1 security=selinux"
5c7290b1	19
5c7290b1 EV	20	test_setup() {
	21	create_empty_image
	22	mkdir -p $TESTDIR/root
	23	mount ${LOOPDEV}p1 $TESTDIR/root
	24
	25	# Create what will eventually be our root filesystem onto an overlay
	26	(
	27	LOG_LEVEL=5
	28	eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
	29
	30	setup_basic_environment
	31
	32	# setup the testsuite service
	33	cat <<EOF >$initdir/etc/systemd/system/testsuite.service
	34	[Unit]
	35	Description=Testsuite service
	36	After=multi-user.target
	37
	38	[Service]
	39	ExecStart=/test-selinux-checks.sh
	40	Type=oneshot
	41	EOF
	42
	43	cat <<EOF >$initdir/etc/systemd/system/hola.service
	44	[Service]
	45	Type=oneshot
	46	ExecStart=/bin/echo Start Hola
	47	ExecReload=/bin/echo Reload Hola
	48	ExecStop=/bin/echo Stop Hola
	49	RemainAfterExit=yes
	50	EOF
	51
	52	setup_testsuite
	53
	54	cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service
	55	[Unit]
	56	Description=Load systemd-test module
	57	DefaultDependencies=no
	58	Requires=local-fs.target
	59	Conflicts=shutdown.target
	60	After=local-fs.target
	61	Before=sysinit.target shutdown.target autorelabel.service
	62	ConditionSecurity=selinux
	63	ConditionPathExists=\|/.load-systemd-test-module
	64
	65	[Service]
	66	ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load && rm /.load-systemd-test-module'
	67	Type=oneshot
	68	TimeoutSec=0
	69	RemainAfterExit=yes
	70	EOF
	71
	72	touch $initdir/.load-systemd-test-module
	73	mkdir -p $initdir/etc/systemd/system/basic.target.wants
	74	ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service
	75
	76	local _modules_dir=/var/lib/selinux
	77	rm -rf $initdir/$_modules_dir
	78	if ! cp -ar $_modules_dir $initdir/$_modules_dir; then
	79	dfatal "Failed to copy $_modules_dir"
	80	exit 1
	81	fi
	82
	83	local _policy_headers_dir=/usr/share/selinux/devel
84	rm -rf $initdir/$_policy_headers_dir
85	inst_dir /usr/share/selinux
86	if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then
87	dfatal "Failed to copy $_policy_headers_dir"
88	exit 1
89	fi
90
91	mkdir $initdir/systemd-test-module
92	cp systemd_test.te $initdir/systemd-test-module
93	cp systemd_test.if $initdir/systemd-test-module
94	cp test-selinux-checks.sh $initdir
95	dracut_install -o sesearch
96	dracut_install runcon
97	dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
98	) \|\| return 1
99
100	# mask some services that we do not want to run in these tests
101	ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
102	ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
103	ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
104	ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
105	ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service
106
107	ddebug "umount $TESTDIR/root"
108	umount $TESTDIR/root
109	}
110
5c7290b1	111	do_test "$@"