psss / tests / selinux

Forked from tests/selinux 6 years ago
Clone
Source Code
GIT

Files

  1.   b453e3422c1424149a40d598aee1203025b3b744
  2.   selinux-policy
  3.   rrdcached-service-and-related
  4.   runtest.sh
Blob Blame History Raw 
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/selinux-policy/Regression/rrdcached-service-and-related
#   Description: Basic test for rrdcached service
#   Author: Patrik Koncity <pkoncity@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2019 Red Hat, Inc.
#
#   This program is free software: you can redistribute it and/or
#   modify it under the terms of the GNU General Public License as
#   published by the Free Software Foundation, either version 2 of
#   the License, or (at your option) any later version.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE.  See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGE="selinux-policy"
SERVICE_NAME="rrdcached"
SERVICE_PACKAGE="rrdtool"
PROCESS_NAME="rrdcached"
PROCESS_CONTEXT="rrdcached_t"
VAR_RUN_CONTEXT="rrdcached_var_run_t"
TMP_CONTEXT="rrdcached_tmp_t"

rlJournalStart
    rlPhaseStartSetup
        rlRun "rlImport 'selinux-policy/common'"
        rlAssertRpm $PACKAGE
        rlAssertRpm $SERVICE_PACKAGE
        rlSESetEnforce
        rlSEStatus
        rlSESetTimestamp
    rlPhaseEnd

    rlPhaseStartTest "bz#1726255"
        rlSEMatchPathCon "/usr/bin/rrdcached" "rrdcached_exec_t"
        rlSEMatchPathCon "/var/run/rrdcached.*" "rrdcached_var_run_t"
        rlSESearchRule "type_transition init_t rrdcached_exec_t : process ${PROCESS_CONTEXT}"
        rlSESearchRule "allow ${PROCESS_CONTEXT} self:capability { chown setgid setuid }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} self:fifo_file { append create getattr ioctl link lock open read rename setattr unlink write } "
        rlSESearchRule "allow ${PROCESS_CONTEXT} self:unix_stream_socket { accept append bind connect create getattr getopt ioctl listen lock read setattr setopt shutdown write } "
        rlSESearchRule "allow ${PROCESS_CONTEXT} ${VAR_RUN_CONTEXT}:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink write } "
        rlSESearchRule "allow ${PROCESS_CONTEXT} ${VAR_RUN_CONTEXT}:file { append create getattr ioctl link lock open read rename setattr unlink write }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} ${VAR_RUN_CONTEXT}:lnk_file { append create getattr ioctl link lock read rename setattr unlink write }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} var_t:dir { getattr open search }"
        rlSESearchRule "type_transition rrdcached_t var_run_t:dir rrdcached_var_run_t "
        rlSESearchRule "type_transition rrdcached_t var_run_t:file rrdcached_var_run_t "
        rlSESearchRule "type_transition rrdcached_t var_run_t:lnk_file rrdcached_var_run_t "
        rlSESearchRule "allow ${PROCESS_CONTEXT} ${TMP_CONTEXT}:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink write }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} ${TMP_CONTEXT}:file { append create getattr ioctl link lock open read rename setattr unlink write }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} ${TMP_CONTEXT}:sock_file { append create getattr ioctl link lock open read rename setattr unlink write }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} tmp_t:dir { add_name getattr ioctl lock open read remove_name search write }"
        rlSESearchRule "type_transition rrdcached_t tmp_t:dir ${TMP_CONTEXT} "
        rlSESearchRule "type_transition rrdcached_t tmp_t:file ${TMP_CONTEXT} "
        rlSESearchRule "type_transition rrdcached_t tmp_t:sock_file ${TMP_CONTEXT} "
        rlSESearchRule "typeattribute ${PROCESS_CONTEXT} nsswitch_domain"
        rlSESearchRule "typeattribute ${PROCESS_CONTEXT} netlabel_peer_type"
        rlSESearchRule "allow ${PROCESS_CONTEXT} privfd:fd use "
        rlSESearchRule "allow ${PROCESS_CONTEXT} etc_t:dir { getattr ioctl lock open read search }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} etc_t:file { getattr ioctl lock open read }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} etc_t:lnk_file { getattr read }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} etc_runtime_t:file { getattr ioctl lock open read }"
        rlSESearchRule "allow ${PROCESS_CONTEXT} etc_runtime_t:lnk_file { getattr read }"
        rlSESearchRule "typeattribute ${PROCESS_CONTEXT} syslog_client_type"
    rlPhaseEnd

    rlPhaseStartTest "real scenario"
        rlSEService - ${SERVICE_NAME} ${PROCESS_NAME} ${PROCESS_CONTEXT} "start status" 2
        rlRun "restorecon -Rv /run /var"
        rlSEService - ${SERVICE_NAME} ${PROCESS_NAME} ${PROCESS_CONTEXT} "restart status stop status" 2
    rlPhaseEnd

    # TODO: add test scenario for rrdcached.socket

    rlPhaseStartCleanup
        sleep 2
        rlSECheckAVC
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.