test: testing for networkd NetLabel feature

diff --git a/test/test-network/conf/25-address-static.network b/test/test-network/conf/25-address-static.network
index 2a4c1a60393716ab0ca4712089556e33e7d1a910..6d2baa3972485028083c739fd33ba5d1334510c2 100644 (file)
--- a/test/test-network/conf/25-address-static.network
+++ b/test/test-network/conf/25-address-static.network
@@ -361,3 +361,8 @@ Address=10.3.3.251/16
 Address=10.3.3.252/16
 Address=10.3.3.253/16
 Address=10.3.3.254/16
+
+[Address]
+Address=10.4.3.2/24
+# just a random label which should exist
+NetLabel=system_u:object_r:root_t:s0

diff --git a/test/test-network/conf/25-dhcp-client-ipv4-only.network b/test/test-network/conf/25-dhcp-client-ipv4-only.network
index 23c6f047cea5bac1f8361bbfa168c9f9b992f9c3..bd8843b177847727ea67775e9286e4f94c54587e 100644 (file)
--- a/test/test-network/conf/25-dhcp-client-ipv4-only.network
+++ b/test/test-network/conf/25-dhcp-client-ipv4-only.network
@@ -26,6 +26,8 @@ SendDecline=yes
 # DenyList= will be ignored
 AllowList=192.168.5.0/24 192.168.6.0/24
 DenyList=192.168.5.0/24
+# just a random label which should exist
+NetLabel=system_u:object_r:root_t:s0
 
 [Route]
 Destination=192.168.5.0/24

diff --git a/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network b/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network
index f7e3cbfee47f780711d9f85645c77041fb8f6c0a..2babc4320357b494ca008529060fe5461a746218 100644 (file)
--- a/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network
+++ b/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network
@@ -14,3 +14,5 @@ SubnetId=0
 Announce=no
 Token=eui64
 Token=::1a:2b:3c:4d
+# just a random label which should exist
+NetLabel=system_u:object_r:root_t:s0

diff --git a/test/test-network/conf/25-ipv6-prefix-veth.network b/test/test-network/conf/25-ipv6-prefix-veth.network
index b6724eaf5ea0dfc9779c42f19da66a780dae330e..905e2fd2c86dd978731228bbf5ed93fe8f306cbe 100644 (file)
--- a/test/test-network/conf/25-ipv6-prefix-veth.network
+++ b/test/test-network/conf/25-ipv6-prefix-veth.network
@@ -7,3 +7,5 @@ IPv6AcceptRA=true
 
 [IPv6AcceptRA]
 UseDomains=yes
+# just a random label which should exist
+NetLabel=system_u:object_r:root_t:s0

diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index 6e8c8e58eaece93373a2a8a31292b3600d770d43..2f638d158a6e602cea1b7be2bd761eeb93248607 100755 (executable)
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -889,6 +889,18 @@ class Utilities():
 
         self.assertNotRegex(output, address_regex)
 
+    def check_netlabel(self, interface, address, label='system_u:object_r:root_t:s0'):
+        if not shutil.which('selinuxenabled'):
+            print(f'## Checking NetLabel skipped: selinuxenabled command not found.')
+        elif call_quiet('selinuxenabled') != 0:
+            print(f'## Checking NetLabel skipped: SELinux disabled.')
+        elif not shutil.which('netlabelctl'): # not packaged by all distros
+            print(f'## Checking NetLabel skipped: netlabelctl command not found.')
+        else:
+            output = check_output('netlabelctl unlbl list')
+            print(output)
+            self.assertRegex(output, f'interface:{interface},address:{address},label:"{label}"')
+
 class NetworkctlTests(unittest.TestCase, Utilities):
 
     def setUp(self):
@@ -2209,6 +2221,8 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         self.assertIn('inet6 2001:db8:1:f101::1/64 scope global deprecated', output)
         self.assertRegex(output, r'inet6 fd[0-9a-f:]*1/64 scope global')
 
+        self.check_netlabel('dummy98', '10\.4\.3\.0/24')
+
         # Tests for #20891.
         # 1. set preferred lifetime forever to drop the deprecated flag for testing #20891.
         check_output('ip address change 10.7.8.9/16 dev dummy98 preferred_lft forever')
@@ -4267,6 +4281,9 @@ class NetworkdRATests(unittest.TestCase, Utilities):
         print(output)
         self.assertRegex(output, '2002:da8:1:0')
 
+        self.check_netlabel('veth99', '2002:da8:1::/64')
+        self.check_netlabel('veth99', '2002:da8:2::/64')
+
     def test_ipv6_token_static(self):
         copy_network_unit('25-veth.netdev', '25-ipv6-prefix.network', '25-ipv6-prefix-veth-token-static.network')
         start_networkd()
@@ -4560,6 +4577,8 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
         self.assertIn('client provides name: test-hostname', output)
         self.assertIn('26:mtu', output)
 
+        self.check_netlabel('veth99', '192\.168\.5\.0/24')
+
     def test_dhcp_client_ipv4_use_routes_gateway(self):
         first = True
         for (routes, gateway, dns_and_ntp_routes, classless) in itertools.product([True, False], repeat=4):
@@ -5117,6 +5136,8 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
         print(output)
         self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto dhcp metric [0-9]* expires')
 
+        self.check_netlabel('dummy98', '3ffe:501:ffff:[2-9a-f]00::/64')
+
     def verify_dhcp4_6rd(self, tunnel_name):
         print('### ip -4 address show dev veth-peer scope global')
         output = check_output('ip -4 address show dev veth-peer scope global')