test/TEST-06-SELINUX/test.sh

   1 #!/bin/bash
   2 set -e
   3 TEST_DESCRIPTION="SELinux tests"
   4 TEST_NO_NSPAWN=1
   5
   6 # Requirements:
   7 # Fedora 23
   8 # selinux-policy-targeted
   9 # selinux-policy-devel
  10
  11 # Check if selinux-policy-devel is installed, and if it isn't bail out early instead of failing
  12 test -f /usr/share/selinux/devel/include/system/systemd.if || exit 0
  13
  14 . $TEST_BASE_DIR/test-functions
  15 SETUP_SELINUX=yes
  16 KERNEL_APPEND="$KERNEL_APPEND selinux=1 security=selinux"
  17
  18 test_setup() {
  19     create_empty_image
  20     mkdir -p $TESTDIR/root
  21     mount ${LOOPDEV}p1 $TESTDIR/root
  22
  23     # Create what will eventually be our root filesystem onto an overlay
  24     (
  25         LOG_LEVEL=5
  26         eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
  27
  28         setup_basic_environment
  29
  30         # setup the testsuite service
  31         cat <<EOF >$initdir/etc/systemd/system/testsuite.service
  32 [Unit]
  33 Description=Testsuite service
  34
  35 [Service]
  36 ExecStart=/test-selinux-checks.sh
  37 Type=oneshot
  38 EOF
  39
  40         cat <<EOF >$initdir/etc/systemd/system/hola.service
  41 [Service]
  42 Type=oneshot
  43 ExecStart=/bin/echo Start Hola
  44 ExecReload=/bin/echo Reload Hola
  45 ExecStop=/bin/echo Stop Hola
  46 RemainAfterExit=yes
  47 EOF
  48
  49         setup_testsuite
  50
  51         cat <<EOF >$initdir/etc/systemd/system/load-systemd-test-module.service
  52 [Unit]
  53 Description=Load systemd-test module
  54 DefaultDependencies=no
  55 Requires=local-fs.target
  56 Conflicts=shutdown.target
  57 After=local-fs.target
  58 Before=sysinit.target shutdown.target autorelabel.service
  59 ConditionSecurity=selinux
  60 ConditionPathExists=|/.load-systemd-test-module
  61
  62 [Service]
  63 ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && cd /systemd-test-module && make -f /usr/share/selinux/devel/Makefile load  && rm /.load-systemd-test-module'
  64 Type=oneshot
  65 TimeoutSec=0
  66 RemainAfterExit=yes
  67 EOF
  68
  69         touch $initdir/.load-systemd-test-module
  70         mkdir -p $initdir/etc/systemd/system/basic.target.wants
  71         ln -fs load-systemd-test-module.service $initdir/etc/systemd/system/basic.target.wants/load-systemd-test-module.service
  72
  73         local _modules_dir=/var/lib/selinux
  74         rm -rf $initdir/$_modules_dir
  75         if ! cp -ar $_modules_dir $initdir/$_modules_dir; then
  76             dfatal "Failed to copy $_modules_dir"
  77             exit 1
  78         fi
  79
  80         local _policy_headers_dir=/usr/share/selinux/devel
  81         rm -rf $initdir/$_policy_headers_dir
  82         inst_dir /usr/share/selinux
  83         if ! cp -ar $_policy_headers_dir $initdir/$_policy_headers_dir; then
  84             dfatal "Failed to copy $_policy_headers_dir"
  85             exit 1
  86         fi
  87
  88         mkdir $initdir/systemd-test-module
  89         cp systemd_test.te $initdir/systemd-test-module
  90         cp systemd_test.if $initdir/systemd-test-module
  91         cp test-selinux-checks.sh $initdir
  92         dracut_install -o sesearch
  93         dracut_install runcon
  94         dracut_install checkmodule semodule semodule_package m4 make /usr/libexec/selinux/hll/pp load_policy sefcontext_compile
  95     ) || return 1
  96
  97     # mask some services that we do not want to run in these tests
  98     ln -s /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
  99     ln -s /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
 100     ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.service
 101     ln -s /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
 102     ln -s /dev/null $initdir/etc/systemd/system/systemd-resolved.service
 103
 104     ddebug "umount $TESTDIR/root"
 105     umount $TESTDIR/root
 106 }
 107
 108 do_test "$@"