projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 5c7290b1 | 1 | #!/bin/bash |
| 818567fc | 2 | set -e |
| 5c7290b1 | 3 | TEST_DESCRIPTION="SELinux tests" |
| 054ee249 | 4 | TEST_NO_NSPAWN=1 |
| 5c7290b1 EV |
5 | |
| 6 | # Requirements: | |
| 7 | # Fedora 23 | |
| 8 | # selinux-policy-targeted | |
| 9 | # selinux-policy-devel | |
| 10 | ||
| 67321fdf | 11 | # Check if selinux-policy-devel is installed, and if it isn't bail out early instead of failing |
| cc4338e4 | 12 | test -f /usr/share/selinux/devel/include/system/systemd.if || exit 0 |
| 67321fdf | 13 | |
| 5c7290b1 EV |
14 | . $TEST_BASE_DIR/test-functions |
| 15 | SETUP_SELINUX=yes | |
| a415d436 | 16 | KERNEL_APPEND="$KERNEL_APPEND selinux=1 security=selinux" |
| 5c7290b1 | 17 | |
| 5c7290b1 | 18 | test_setup() { |
| ec4cab49 | 19 | create_empty_image_rootdir |
| 5c7290b1 EV |
20 | |
| 21 | # Create what will eventually be our root filesystem onto an overlay | |
| 22 | ( | |
| 23 | LOG_LEVEL=5 | |
| 24 | eval $(udevadm info --export --query=env --name=${LOOPDEV}p2) | |
| 25 | ||
| 26 | setup_basic_environment | |
| 51fa8591 | 27 | mask_supporting_services |
| 5c7290b1 EV |
28 | |
| 29 | # setup the testsuite service | |
| 30 | cat <<EOF >$initdir/etc/systemd/system/testsuite.service | |
| 31 | [Unit] | |
| 32 | Description=Testsuite service | |
| 5c7290b1 EV |
33 | |
| 34 | [Service] | |
| 35 | ExecStart=/test-selinux-checks.sh | |
| 36 | Type=oneshot | |
| 37 | EOF | |
| 38 | ||
| 39 | cat <<EOF >$initdir/etc/systemd/system/hola.service | |
| 40 | [Service] | |
| 41 | Type=oneshot | |
| 42 | ExecStart=/bin/echo Start Hola | |
| 43 | ExecReload=/bin/echo Reload Hola | |
| 44 | ExecStop=/bin/echo Stop Hola | |
| 45 | RemainAfterExit=yes | |
| 46 | EOF | |
| 47 | ||
| 48 | setup_testsuite | |
| 49 | ||
| 50 | cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service | |
| 51 | [Unit] | |
| 52 | Description=Load systemd-test module | |
| 53 | DefaultDependencies=no | |
| 54 | Requires=local-fs.target | |
| 55 | Conflicts=shutdown.target | |
| 56 | After=local-fs.target | |
| 57 | Before=sysinit.target shutdown.target autorelabel.service | |
| 58 | ConditionSecurity=selinux | |
| 59 | ConditionPathExists=|/.load-systemd-test-module | |
| 60 | ||
| 61 | [Service] | |
| 62 | ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load && rm /.load-systemd-test-module' | |
| 63 | Type=oneshot | |
| 64 | TimeoutSec=0 | |
| 65 | RemainAfterExit=yes | |
| 66 | EOF | |
| 67 | ||
| 68 | touch $initdir/.load-systemd-test-module | |
| 69 | mkdir -p $initdir/etc/systemd/system/basic.target.wants | |
| 70 | ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service | |
| 71 | ||
| 72 | local _modules_dir=/var/lib/selinux | |
| 73 | rm -rf $initdir/$_modules_dir | |
| 74 | if ! cp -ar $_modules_dir $initdir/$_modules_dir; then | |
| 75 | dfatal "Failed to copy $_modules_dir" | |
| 76 | exit 1 | |
| 77 | fi | |
| 78 | ||
| 79 | local _policy_headers_dir=/usr/share/selinux/devel | |
| 80 | rm -rf $initdir/$_policy_headers_dir | |
| 81 | inst_dir /usr/share/selinux | |
| 82 | if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then | |
| 83 | dfatal "Failed to copy $_policy_headers_dir" | |
| 84 | exit 1 | |
| 85 | fi | |
| 86 | ||
| 87 | mkdir $initdir/systemd-test-module | |
| 88 | cp systemd_test.te $initdir/systemd-test-module | |
| 89 | cp systemd_test.if $initdir/systemd-test-module | |
| 90 | cp test-selinux-checks.sh $initdir | |
| 91 | dracut_install -o sesearch | |
| 92 | dracut_install runcon | |
| 93 | dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile | |
| cc469c3d | 94 | ) |
| 5c7290b1 EV |
95 | } |
| 96 | ||
| 5c7290b1 | 97 | do_test "$@" |