From d466b9c0ffb3e6167ac9ec2fae7c59efdc09f79f Mon Sep 17 00:00:00 2001 From: Antoine Tenart Date: Mon, 28 Sep 2020 16:54:19 +0200 Subject: [PATCH] support/testing/tests/init/test_systemd_selinux: new SELinuxSystemdExt4 test This adds a test called 'SELinuxSystemdExt4'. This test will build an SELinux enabled image with systemd, boot it, and perform a few runtime tests to check SELinux related capabilities. Signed-off-by: Antoine Tenart Signed-off-by: Thomas Petazzoni --- DEVELOPERS | 1 + .../tests/init/test_systemd_selinux.py | 62 +++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 support/testing/tests/init/test_systemd_selinux.py diff --git a/DEVELOPERS b/DEVELOPERS index 95942cbeee..f147088996 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -255,6 +255,7 @@ F: package/gnuplot/ N: Antoine Ténart F: package/wf111/ +F: support/testing/tests/init/test_systemd_selinux.py N: Antony Pavlov F: package/lsscsi/ diff --git a/support/testing/tests/init/test_systemd_selinux.py b/support/testing/tests/init/test_systemd_selinux.py new file mode 100644 index 0000000000..527dbf10ac --- /dev/null +++ b/support/testing/tests/init/test_systemd_selinux.py @@ -0,0 +1,62 @@ +import os + +import infra.basetest + + +class TestSELinuxSystemd(infra.basetest.BRTest): + config = \ + """ + BR2_x86_64=y + BR2_x86_corei7=y + BR2_TOOLCHAIN_EXTERNAL=y + BR2_INIT_SYSTEMD=y + BR2_LINUX_KERNEL=y + BR2_LINUX_KERNEL_CUSTOM_VERSION=y + BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.8.12" + BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y + BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config" + BR2_PACKAGE_LIBSELINUX=y + BR2_PACKAGE_REFPOLICY=y + """ + + def wait_boot(self): + # The complete boot with systemd takes more time than what the default multipler permits + self.emulator.timeout_multiplier *= 10 + self.emulator.login() + + def run_tests(self, fstype): + kernel = os.path.join(self.builddir, "images", "bzImage") + rootfs = os.path.join(self.builddir, "images", "rootfs.{}".format(fstype)) + + self.emulator.boot(arch="x86_64", kernel=kernel, + kernel_cmdline=["root=/dev/vda", "rootfstype={}".format(fstype), + "console=ttyS0", "security=selinux"], + options=["-cpu", "Nehalem", + "-drive", "file={},if=virtio,format=raw".format(rootfs)]) + self.wait_boot() + + # Test the reported SELinux mode. + out, ret = self.emulator.run("getenforce") + self.assertEqual(ret, 0) + self.assertEqual(out[0], "Permissive") + + # Check the extended arguments are correctly set. + out, ret = self.emulator.run("ls -dZ /") + self.assertEqual(ret, 0) + self.assertEqual(out[0].split()[0], "system_u:object_r:root_t") + + # Check init's attributes. + out, ret = self.emulator.run("cat /proc/1/attr/current") + self.assertEqual(ret, 0) + self.assertEqual(out[0], "system_u:system_r:init_t\0") + +class TestSELinuxSystemdExt4(TestSELinuxSystemd): + config = TestSELinuxSystemd.config + \ + """ + BR2_TARGET_ROOTFS_EXT2=y + BR2_TARGET_ROOTFS_EXT2_4=y + BR2_TARGET_ROOTFS_EXT2_SIZE="100M" + """ + + def test_run(self): + self.run_tests("ext4") -- 2.30.2