diff --git a/libselinux/getsebool/runtest.sh b/libselinux/getsebool/runtest.sh index de64a6e..7e35949 100755 --- a/libselinux/getsebool/runtest.sh +++ b/libselinux/getsebool/runtest.sh @@ -46,10 +46,12 @@ rlJournalStart rlPhaseStartTest rlRun "getsebool -a" - rlRun "umount ${SELINUX_FS_MOUNT}" - rlRun "getsebool -a 2>&1 | tee ${OUTPUT_FILE}" - rlAssertGrep "selinux.*disabled" ${OUTPUT_FILE} -i - rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + rlRun "umount --lazy ${SELINUX_FS_MOUNT}" 0,32 + if [ $? -eq 0 ] ; then + rlRun "getsebool -a 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "selinux.*disabled" ${OUTPUT_FILE} -i + rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + fi rlRun "mkdir booleans" rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans" rlRun "getsebool -a 2>&1 | tee ${OUTPUT_FILE}" diff --git a/libselinux/setenforce/runtest.sh b/libselinux/setenforce/runtest.sh index 8b7e3b3..a4140d3 100755 --- a/libselinux/setenforce/runtest.sh +++ b/libselinux/setenforce/runtest.sh @@ -64,12 +64,14 @@ rlJournalStart rlPhaseEnd rlPhaseStartTest "extreme cases" - rlRun "umount ${SELINUX_FS_MOUNT}" - for OPTION in 1 0 Enforcing Permissive ; do - rlRun "setenforce ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" - rlAssertGrep "selinux.*disabled" ${OUTPUT_FILE} -i - done - rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + rlRun "umount --lazy ${SELINUX_FS_MOUNT}" 0,32 + if [ $? -eq 0 ] ; then + for OPTION in 1 0 Enforcing Permissive ; do + rlRun "setenforce ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "selinux.*disabled" ${OUTPUT_FILE} -i + done + rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + fi rlRun "touch ./enforce" rlRun "chattr +i ./enforce" rlRun "mount --bind ./enforce ${SELINUX_FS_MOUNT}/enforce" diff --git a/policycoreutils/load_policy/runtest.sh b/policycoreutils/load_policy/runtest.sh index f71e1e6..2698d94 100755 --- a/policycoreutils/load_policy/runtest.sh +++ b/policycoreutils/load_policy/runtest.sh @@ -72,21 +72,23 @@ rlJournalStart # we assume that audit message has a different format now (does not contain "policy loaded") rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'type=MAC_POLICY_LOAD'" fi - rlRun "umount ${SELINUX_FS_MOUNT}" - rlRun "grep -i selinux /proc/mounts" 1 - START_DATE_TIME=`date "+%m/%d/%Y %T"` - sleep 1 - rlRun "load_policy -i ${BINARY_POLICY}" - rlRun "grep -i selinux /proc/mounts" - sleep 1 - if rlIsRHEL ; then - rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy" - fi - if rlIsRHEL 5 6 7 ; then - rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'" - else - # we assume that audit message has a different format now (does not contain "policy loaded") - rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'type=MAC_POLICY_LOAD'" + rlRun "umount --lazy ${SELINUX_FS_MOUNT}" 0,32 + if [ $? -eq 0 ] ; then + rlRun "grep -i selinux /proc/mounts" 1 + START_DATE_TIME=`date "+%m/%d/%Y %T"` + sleep 1 + rlRun "load_policy -i ${BINARY_POLICY}" + rlRun "grep -i selinux /proc/mounts" + sleep 1 + if rlIsRHEL ; then + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy" + fi + if rlIsRHEL 5 6 7 ; then + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'" + else + # we assume that audit message has a different format now (does not contain "policy loaded") + rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'type=MAC_POLICY_LOAD'" + fi fi rlRun "dmesg | grep -i selinux" rlPhaseEnd diff --git a/policycoreutils/sestatus/runtest.sh b/policycoreutils/sestatus/runtest.sh index b91b948..14ad828 100644 --- a/policycoreutils/sestatus/runtest.sh +++ b/policycoreutils/sestatus/runtest.sh @@ -75,12 +75,14 @@ rlJournalStart done rlFileRestore # pretend that SELinux is disabled - rlRun "umount ${SELINUX_FS_MOUNT}" - for OPTION in "" "-b" "-v" "-bv" ; do - rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" - rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i - done - rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + rlRun "umount --lazy ${SELINUX_FS_MOUNT}" 0,32 + if [ $? -eq 0 ] ; then + for OPTION in "" "-b" "-v" "-bv" ; do + rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i + done + rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}" + fi # pretend that no booleans are defined rlRun "mkdir ./booleans" rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"