From a4640bed744015f8788355cbf0a0c03980ff77cb Mon Sep 17 00:00:00 2001 From: Topi Miettinen Date: Sat, 20 Aug 2022 20:57:06 +0300 Subject: [PATCH] test: testing for networkd NetLabel feature --- .../conf/25-address-static.network | 5 +++++ .../conf/25-dhcp-client-ipv4-only.network | 2 ++ .../25-dhcp-pd-downstream-dummy98.network | 2 ++ .../conf/25-ipv6-prefix-veth.network | 2 ++ test/test-network/systemd-networkd-tests.py | 21 +++++++++++++++++++ 5 files changed, 32 insertions(+) diff --git a/test/test-network/conf/25-address-static.network b/test/test-network/conf/25-address-static.network index 2a4c1a60393..6d2baa39724 100644 --- a/test/test-network/conf/25-address-static.network +++ b/test/test-network/conf/25-address-static.network @@ -361,3 +361,8 @@ Address=10.3.3.251/16 Address=10.3.3.252/16 Address=10.3.3.253/16 Address=10.3.3.254/16 + +[Address] +Address=10.4.3.2/24 +# just a random label which should exist +NetLabel=system_u:object_r:root_t:s0 diff --git a/test/test-network/conf/25-dhcp-client-ipv4-only.network b/test/test-network/conf/25-dhcp-client-ipv4-only.network index 23c6f047cea..bd8843b1778 100644 --- a/test/test-network/conf/25-dhcp-client-ipv4-only.network +++ b/test/test-network/conf/25-dhcp-client-ipv4-only.network @@ -26,6 +26,8 @@ SendDecline=yes # DenyList= will be ignored AllowList=192.168.5.0/24 192.168.6.0/24 DenyList=192.168.5.0/24 +# just a random label which should exist +NetLabel=system_u:object_r:root_t:s0 [Route] Destination=192.168.5.0/24 diff --git a/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network b/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network index f7e3cbfee47..2babc432035 100644 --- a/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network +++ b/test/test-network/conf/25-dhcp-pd-downstream-dummy98.network @@ -14,3 +14,5 @@ SubnetId=0 Announce=no Token=eui64 Token=::1a:2b:3c:4d +# just a random label which should exist +NetLabel=system_u:object_r:root_t:s0 diff --git a/test/test-network/conf/25-ipv6-prefix-veth.network b/test/test-network/conf/25-ipv6-prefix-veth.network index b6724eaf5ea..905e2fd2c86 100644 --- a/test/test-network/conf/25-ipv6-prefix-veth.network +++ b/test/test-network/conf/25-ipv6-prefix-veth.network @@ -7,3 +7,5 @@ IPv6AcceptRA=true [IPv6AcceptRA] UseDomains=yes +# just a random label which should exist +NetLabel=system_u:object_r:root_t:s0 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 6e8c8e58eae..2f638d158a6 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -889,6 +889,18 @@ class Utilities(): self.assertNotRegex(output, address_regex) + def check_netlabel(self, interface, address, label='system_u:object_r:root_t:s0'): + if not shutil.which('selinuxenabled'): + print(f'## Checking NetLabel skipped: selinuxenabled command not found.') + elif call_quiet('selinuxenabled') != 0: + print(f'## Checking NetLabel skipped: SELinux disabled.') + elif not shutil.which('netlabelctl'): # not packaged by all distros + print(f'## Checking NetLabel skipped: netlabelctl command not found.') + else: + output = check_output('netlabelctl unlbl list') + print(output) + self.assertRegex(output, f'interface:{interface},address:{address},label:"{label}"') + class NetworkctlTests(unittest.TestCase, Utilities): def setUp(self): @@ -2209,6 +2221,8 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities): self.assertIn('inet6 2001:db8:1:f101::1/64 scope global deprecated', output) self.assertRegex(output, r'inet6 fd[0-9a-f:]*1/64 scope global') + self.check_netlabel('dummy98', '10\.4\.3\.0/24') + # Tests for #20891. # 1. set preferred lifetime forever to drop the deprecated flag for testing #20891. check_output('ip address change 10.7.8.9/16 dev dummy98 preferred_lft forever') @@ -4267,6 +4281,9 @@ class NetworkdRATests(unittest.TestCase, Utilities): print(output) self.assertRegex(output, '2002:da8:1:0') + self.check_netlabel('veth99', '2002:da8:1::/64') + self.check_netlabel('veth99', '2002:da8:2::/64') + def test_ipv6_token_static(self): copy_network_unit('25-veth.netdev', '25-ipv6-prefix.network', '25-ipv6-prefix-veth-token-static.network') start_networkd() @@ -4560,6 +4577,8 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities): self.assertIn('client provides name: test-hostname', output) self.assertIn('26:mtu', output) + self.check_netlabel('veth99', '192\.168\.5\.0/24') + def test_dhcp_client_ipv4_use_routes_gateway(self): first = True for (routes, gateway, dns_and_ntp_routes, classless) in itertools.product([True, False], repeat=4): @@ -5117,6 +5136,8 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): print(output) self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]02::/64 proto dhcp metric [0-9]* expires') + self.check_netlabel('dummy98', '3ffe:501:ffff:[2-9a-f]00::/64') + def verify_dhcp4_6rd(self, tunnel_name): print('### ip -4 address show dev veth-peer scope global') output = check_output('ip -4 address show dev veth-peer scope global') -- 2.47.3