[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tests: initial SMACK tests
|
From: |
Bernhard Voelker |
|
Subject: |
Re: [PATCH] tests: initial SMACK tests |
|
Date: |
Wed, 30 Apr 2014 17:02:10 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 |
On 04/30/2014 01:23 PM, Pádraig Brady wrote:
So the patch amends to:
> From d33e0889472eeb57d0b92ddfc224c122ee294ec9 Mon Sep 17 00:00:00 2001
> From: Jarkko Sakkinen <address@hidden>
> Date: Wed, 30 Apr 2014 16:30:39 +0200
> Subject: [PATCH] tests: initial SMACK tests
>
> init.cfg: require_smack_
> local.mk: added new tests
> tests/id/smack.sh: SMACK tests (new file)
> tests/mkdir/smack-no-root.sh: SMACK tests (new file)
> tests/mkdir/smack-root.sh: SMACK tests (new file)
> ---
> init.cfg | 9 +++++++++
> tests/id/smack.sh | 36 ++++++++++++++++++++++++++++++++++++
> tests/local.mk | 4 ++++
> tests/mkdir/smack-no-root.sh | 39 +++++++++++++++++++++++++++++++++++++++
> tests/mkdir/smack-root.sh | 35 +++++++++++++++++++++++++++++++++++
> 5 files changed, 123 insertions(+)
> create mode 100755 tests/id/smack.sh
> create mode 100755 tests/mkdir/smack-no-root.sh
> create mode 100755 tests/mkdir/smack-root.sh
>
> diff --git a/init.cfg b/init.cfg
> index 6a9b004..be7773a 100644
> --- a/init.cfg
> +++ b/init.cfg
> @@ -350,6 +350,15 @@ skip_if_()
> esac
> }
>
> +require_smack_()
> +{
> + grep 'smackfs$' /proc/filesystems > /dev/null \
> + || skip_ "this system lacks SMACK support"
Wouldn't it be better to let the grep output go into the
test's log file? It wouldn't hurt ... and avoid /dev/null
problems.
> +
> + test "$(ls -Zd .)" != '? .' \
> + || skip_ "this file system lacks SMACK support"
> +}
> +
> very_expensive_()
> {
> if test "$RUN_VERY_EXPENSIVE_TESTS" != yes; then
> diff --git a/tests/id/smack.sh b/tests/id/smack.sh
> new file mode 100755
> index 0000000..5b60e7e
> --- /dev/null
> +++ b/tests/id/smack.sh
> @@ -0,0 +1,36 @@
> +#!/bin/sh
> +# SMACK test for the id-command.
> +# Derived from tests/id/context.sh and tests/id/no-context.sh.
> +# Copyright (C) 2014 Free Software Foundation, Inc.
> +
> +# This program is free software: you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +
> +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> +print_ver_ id
> +
> +require_smack_
> +
> +# Check the string "context=" presence without specified user.
> +id | grep context= >/dev/null || fail=1
Likewise: there's no need to suppress the output.
It may even better to redirect id's output to a file
and 'cat' its content if fail=1.
> +
> +# Check context=" is absent without specified user in conforming mode.
> +POSIXLY_CORRECT=1 id > out || fail=1
> +grep context= out && fail=1
Similar here: replace "fail=1" by "{ cat out; fail=1; }".
> +
> +# Check the string "context=" absence with specified user.
> +# But if the current user is nameless, skip this part.
> +id -nu > /dev/null \
> + && id $(id -nu) | grep context= >/dev/null && fail=1
... and here.
> +
> +Exit $fail
> diff --git a/tests/local.mk b/tests/local.mk
> index d58b603..6d44144 100644
> --- a/tests/local.mk
> +++ b/tests/local.mk
> @@ -125,6 +125,7 @@ all_root_tests = \
> tests/misc/selinux.sh \
> tests/misc/truncate-owned-by-other.sh \
> tests/mkdir/writable-under-readonly.sh \
> + tests/mkdir/smack-root.sh \
> tests/mv/sticky-to-xpart.sh \
> tests/rm/fail-2eperm.sh \
> tests/rm/no-give-up.sh \
> @@ -517,6 +518,7 @@ all_tests = \
> tests/id/uid.sh \
> tests/id/setgid.sh \
> tests/id/zero.sh \
> + tests/id/smack.sh \
> tests/install/basic-1.sh \
> tests/install/create-leading.sh \
> tests/install/d-slashdot.sh \
> @@ -576,6 +578,8 @@ all_tests = \
> tests/mkdir/restorecon.sh \
> tests/mkdir/special-1.sh \
> tests/mkdir/t-slash.sh \
> + tests/mkdir/smack-no-root.sh \
> + tests/mkdir/smack-root.sh \
> tests/mv/acl.sh \
> tests/mv/atomic.sh \
> tests/mv/atomic2.sh \
> diff --git a/tests/mkdir/smack-no-root.sh b/tests/mkdir/smack-no-root.sh
> new file mode 100755
> index 0000000..09157a8
> --- /dev/null
> +++ b/tests/mkdir/smack-no-root.sh
> @@ -0,0 +1,39 @@
> +#!/bin/sh
> +# SMACK test for the mkdir,mknod, mkfifo commands.
> +# Derived from tests/mkdir/selinux.sh.
> +# Ensure that an invalid SMACK label doesn't cause a segfault.
> +
> +# Copyright (C) 2014 Free Software Foundation, Inc.
> +
> +# This program is free software: you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +
> +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> +print_ver_ mkdir mkfifo mknod
> +
> +require_smack_
> +
> +c=arbitrary-smack-label
> +msg="failed to set default file creation context to '$c':"
> +
> +for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
> + $cmd --context="$c" 2> out && fail=1
> + set $cmd
> + echo "$1: $msg" > exp || fail=1
> +
> + sed -e 's/ Operation not permitted$//' out > k || fail=1
> + mv k out || fail=1
> + compare exp out || fail=1
> +done
> +
> +Exit $fail
> diff --git a/tests/mkdir/smack-root.sh b/tests/mkdir/smack-root.sh
> new file mode 100755
> index 0000000..96b75ea
> --- /dev/null
> +++ b/tests/mkdir/smack-root.sh
> @@ -0,0 +1,35 @@
> +#!/bin/sh
> +# SMACK test for the mkdir,mknod, mkfifo commands.
> +# Derived from tests/mkdir/selinux.sh.
> +# Ensure that SMACK label gets set.
> +
> +# Copyright (C) 2014 Free Software Foundation, Inc.
> +
> +# This program is free software: you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +
> +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> +print_ver_ mkdir mkfifo mknod
> +
> +require_smack_
> +require_root_
> +
> +c=arbitrary-smack-label
> +
> +for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
> + $cmd --context="$c" || fail=1
> + set $cmd
> + test "$(ls -dZ $2 | cut -f1 -d' ')" = "$c" || fail=1
Likewise here, i.e. make debugging easier by redirecting
to a file, and printing its content upon failure.
> +done
> +
> +Exit $fail
> --
> 1.8.4.2
I must add that I don't have a SMACK-enabled system,
so my tests didn't run past "require_smack_" here.
Thanks & have a nice day,
Berny