Includes --permissive, --enforcing and --disabled switches.
Signed-off-by: Karel Valek kvalek@redhat.com
From: Karel Valek kvalek@redhat.com
Includes --permissive, --enforcing and --disabled switches.
Signed-off-by: Karel Valek kvalek@redhat.com --- tests/kickstart_tests/selinux-disabled.ks | 35 +++++++++++++++++++++++++++++ tests/kickstart_tests/selinux-disabled.sh | 20 +++++++++++++++++ tests/kickstart_tests/selinux-enforcing.ks | 35 +++++++++++++++++++++++++++++ tests/kickstart_tests/selinux-enforcing.sh | 20 +++++++++++++++++ tests/kickstart_tests/selinux-permissive.ks | 35 +++++++++++++++++++++++++++++ tests/kickstart_tests/selinux-permissive.sh | 20 +++++++++++++++++ 6 files changed, 165 insertions(+) create mode 100644 tests/kickstart_tests/selinux-disabled.ks create mode 100755 tests/kickstart_tests/selinux-disabled.sh create mode 100644 tests/kickstart_tests/selinux-enforcing.ks create mode 100755 tests/kickstart_tests/selinux-enforcing.sh create mode 100644 tests/kickstart_tests/selinux-permissive.ks create mode 100755 tests/kickstart_tests/selinux-permissive.sh
diff --git a/tests/kickstart_tests/selinux-disabled.ks b/tests/kickstart_tests/selinux-disabled.ks new file mode 100644 index 0000000..ce9dda8 --- /dev/null +++ b/tests/kickstart_tests/selinux-disabled.ks @@ -0,0 +1,35 @@ +#version=DEVEL +url --url="http://dl.fedoraproject.org/pub/fedora/linux/development/$releasever/$basear..." +install +network --bootproto=dhcp + +bootloader --timeout=1 +zerombr +clearpart --all --initlabel +autopart + +keyboard --vckeymap cz --xlayouts=cz +lang cs_CZ.UTF-8 +timezone America/New_York --utc +rootpw testcase + +# SeLinux test +selinux --disabled + +shutdown + +%packages +%end + +%post + +# Test disabled +cat /etc/selinux/config | grep SELINUX=disabled +if [[ $? -ne 0 ]]; then + echo "*** SELinux not disabled" >> /root/RESULT +fi + +if [[ ! -e /root/RESULT ]]; then + echo SUCCESS > /root/RESULT +fi +%end diff --git a/tests/kickstart_tests/selinux-disabled.sh b/tests/kickstart_tests/selinux-disabled.sh new file mode 100755 index 0000000..7b2f4f0 --- /dev/null +++ b/tests/kickstart_tests/selinux-disabled.sh @@ -0,0 +1,20 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# the GNU General Public License v.2, or (at your option) any later version. +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY expressed or implied, including the implied warranties of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. You should have received a copy of the +# GNU General Public License along with this program; if not, write to the +# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the +# source code or documentation are not subject to the GNU General Public +# License and may only be used or replicated with the express permission of +# Red Hat, Inc. +# +# Red Hat Author(s): Chris Lumens clumens@redhat.com + +. ${KSTESTDIR}/functions.sh diff --git a/tests/kickstart_tests/selinux-enforcing.ks b/tests/kickstart_tests/selinux-enforcing.ks new file mode 100644 index 0000000..09c4940 --- /dev/null +++ b/tests/kickstart_tests/selinux-enforcing.ks @@ -0,0 +1,35 @@ +#version=DEVEL +url --url="http://dl.fedoraproject.org/pub/fedora/linux/development/$releasever/$basear..." +install +network --bootproto=dhcp + +bootloader --timeout=1 +zerombr +clearpart --all --initlabel +autopart + +keyboard --vckeymap cz --xlayouts=cz +lang cs_CZ.UTF-8 +timezone America/New_York --utc +rootpw testcase + +# SeLinux test +selinux --enforcing + +shutdown + +%packages +%end + +%post + +# Test enforcing +cat /etc/selinux/config | grep SELINUX=enforcing +if [[ $? -ne 0 ]]; then + echo "*** SELinux not in enforcing mode" >> /root/RESULT +fi + +if [[ ! -e /root/RESULT ]]; then + echo SUCCESS > /root/RESULT +fi +%end diff --git a/tests/kickstart_tests/selinux-enforcing.sh b/tests/kickstart_tests/selinux-enforcing.sh new file mode 100755 index 0000000..7b2f4f0 --- /dev/null +++ b/tests/kickstart_tests/selinux-enforcing.sh @@ -0,0 +1,20 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# the GNU General Public License v.2, or (at your option) any later version. +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY expressed or implied, including the implied warranties of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. You should have received a copy of the +# GNU General Public License along with this program; if not, write to the +# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the +# source code or documentation are not subject to the GNU General Public +# License and may only be used or replicated with the express permission of +# Red Hat, Inc. +# +# Red Hat Author(s): Chris Lumens clumens@redhat.com + +. ${KSTESTDIR}/functions.sh diff --git a/tests/kickstart_tests/selinux-permissive.ks b/tests/kickstart_tests/selinux-permissive.ks new file mode 100644 index 0000000..3ee3115 --- /dev/null +++ b/tests/kickstart_tests/selinux-permissive.ks @@ -0,0 +1,35 @@ +#version=DEVEL +url --url="http://dl.fedoraproject.org/pub/fedora/linux/development/$releasever/$basear..." +install +network --bootproto=dhcp + +bootloader --timeout=1 +zerombr +clearpart --all --initlabel +autopart + +keyboard --vckeymap cz --xlayouts=cz +lang cs_CZ.UTF-8 +timezone America/New_York --utc +rootpw testcase + +# SeLinux test +selinux --permissive + +shutdown + +%packages +%end + +%post + +# Test permissive +cat /etc/selinux/config | grep SELINUX=permissive +if [[ $? -ne 0 ]]; then + echo "*** SELinux not in permissive mode" >> /root/RESULT +fi + +if [[ ! -e /root/RESULT ]]; then + echo SUCCESS > /root/RESULT +fi +%end diff --git a/tests/kickstart_tests/selinux-permissive.sh b/tests/kickstart_tests/selinux-permissive.sh new file mode 100755 index 0000000..7b2f4f0 --- /dev/null +++ b/tests/kickstart_tests/selinux-permissive.sh @@ -0,0 +1,20 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# the GNU General Public License v.2, or (at your option) any later version. +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY expressed or implied, including the implied warranties of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. You should have received a copy of the +# GNU General Public License along with this program; if not, write to the +# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the +# source code or documentation are not subject to the GNU General Public +# License and may only be used or replicated with the express permission of +# Red Hat, Inc. +# +# Red Hat Author(s): Chris Lumens clumens@redhat.com + +. ${KSTESTDIR}/functions.sh
Added label: ACK.
I think you can just use an existing test case (like any of the ones with "default" or "basic" in their name) to test that selinux --enforcing works. That's the default, so it can easily get tested at the same time as something else. That'll keep the number of VMs we have to spawn down just a little bit and make sure things run a little faster.
SELinux test was merged to services test to save resources.
Closed.
anaconda-patches@lists.fedorahosted.org
-
dashea