[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tests: initial SMACK tests
|
From: |
Pádraig Brady |
|
Subject: |
Re: [PATCH] tests: initial SMACK tests |
|
Date: |
Wed, 30 Apr 2014 12:23:04 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 12/31/2013 04:09 PM, address@hidden wrote:
> From: Jarkko Sakkinen <address@hidden>
>
> init.cfg: require_smack_
> local.mk: added new tests
> tests/id/smack.sh: SMACK tests (new file)
> tests/mkdir/smack-no-root.sh: SMACK tests (new file)
> tests/mkdir/smack-root.sh: SMACK tests (new file)
> ---
> init.cfg | 9 +++++++++
> tests/id/smack.sh | 37 +++++++++++++++++++++++++++++++++++++
> tests/local.mk | 4 ++++
> tests/mkdir/smack-no-root.sh | 39 +++++++++++++++++++++++++++++++++++++++
> tests/mkdir/smack-root.sh | 36 ++++++++++++++++++++++++++++++++++++
> 5 files changed, 125 insertions(+)
> create mode 100755 tests/id/smack.sh
> create mode 100755 tests/mkdir/smack-no-root.sh
> create mode 100755 tests/mkdir/smack-root.sh
>
> diff --git a/init.cfg b/init.cfg
> index c48607c..2c4ecb6 100644
> --- a/init.cfg
> +++ b/init.cfg
> @@ -316,6 +316,15 @@ require_selinux_()
> esac
> }
>
> +require_smack_()
> +{
> + grep 'smackfs$' /proc/filesystems > /dev/null \
> + || skip_ "this system lacks SMACK support"
> +
> + test "$(ls -Zd .)" != '? .' \
> + || skip_ "this file system lacks SMACK support"
> +}
> +
> very_expensive_()
> {
> if test "$RUN_VERY_EXPENSIVE_TESTS" != yes; then
> diff --git a/tests/id/smack.sh b/tests/id/smack.sh
> new file mode 100755
> index 0000000..30b19da
> --- /dev/null
> +++ b/tests/id/smack.sh
> @@ -0,0 +1,37 @@
> +#!/bin/sh
> +# SMACK test for the id-command.
> +# Derived from tests/id/context.sh and tests/id/no-context.sh.
> +# Copyright (C) 2008-2013 Free Software Foundation, Inc.
> +
> +# This program is free software: you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +
> +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> +print_ver_ id
> +
> +require_smack_
> +
> +# Check the string "context=" presence without specified user.
> +id | grep context= >/dev/null || fail=1
> +
> +# Check the string "context=" absence without specificied user in conforming
> +# mode.
> +POSIXLY_CORRECT=1 id > out || fail=1
> +grep context= out && fail=1
> +
> +# Check the string "context=" absencea with specified user.
> +# But if the current user is nameless, skip this part.
> +id -nu > /dev/null \
> + && id $(id -nu) | grep context= >/dev/null && fail=1
> +
> +Exit $fail
> diff --git a/tests/local.mk b/tests/local.mk
> index e18deac..7040c2c 100644
> --- a/tests/local.mk
> +++ b/tests/local.mk
> @@ -125,6 +125,7 @@ all_root_tests = \
> tests/misc/selinux.sh \
> tests/misc/truncate-owned-by-other.sh \
> tests/mkdir/writable-under-readonly.sh \
> + tests/mkdir/smack-root.sh \
> tests/mv/sticky-to-xpart.sh \
> tests/rm/fail-2eperm.sh \
> tests/rm/no-give-up.sh \
> @@ -510,6 +511,7 @@ all_tests = \
> tests/id/uid.sh \
> tests/id/setgid.sh \
> tests/id/zero.sh \
> + tests/id/smack.sh \
> tests/install/basic-1.sh \
> tests/install/create-leading.sh \
> tests/install/d-slashdot.sh \
> @@ -567,6 +569,8 @@ all_tests = \
> tests/mkdir/selinux.sh \
> tests/mkdir/special-1.sh \
> tests/mkdir/t-slash.sh \
> + tests/mkdir/smack-no-root.sh \
> + tests/mkdir/smack-root.sh \
> tests/mv/acl.sh \
> tests/mv/atomic.sh \
> tests/mv/atomic2.sh \
> diff --git a/tests/mkdir/smack-no-root.sh b/tests/mkdir/smack-no-root.sh
> new file mode 100755
> index 0000000..2b52d18
> --- /dev/null
> +++ b/tests/mkdir/smack-no-root.sh
> @@ -0,0 +1,39 @@
> +#!/bin/sh
> +# SMACK test for the mkdir,mknod, mkfifo commands.
> +# Derived from tests/mkdir/selinux.sh.
> +# Ensure that an invalid SMACK label doesn't cause a segfault.
> +
> +# Copyright (C) 2008-2013 Free Software Foundation, Inc.
> +
> +# This program is free software: you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +
> +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> +print_ver_ mkdir mkfifo mknod
> +
> +require_smack_
> +
> +c=arbitrary-smack-label
> +msg="failed to set default file creation context to '$c':"
> +
> +for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
> + $cmd -Z $c 2> out && fail=1
> + set $cmd
> + echo "$1: $msg" > exp || fail=1
> +
> + sed -e 's/ Operation not permitted$//' out > k || fail=1
> + mv k out || fail=1
> + compare exp out || fail=1
> +done
> +
> +Exit $fail
> diff --git a/tests/mkdir/smack-root.sh b/tests/mkdir/smack-root.sh
> new file mode 100755
> index 0000000..ccca8cb
> --- /dev/null
> +++ b/tests/mkdir/smack-root.sh
> @@ -0,0 +1,36 @@
> +#!/bin/sh
> +# SMACK test for the mkdir,mknod, mkfifo commands.
> +# Derived from tests/mkdir/selinux.sh.
> +# Ensure that SMACK label gets set.
> +
> +# Copyright (C) 2008-2013 Free Software Foundation, Inc.
> +
> +# This program is free software: you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +
> +# You should have received a copy of the GNU General Public License
> +# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +
> +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
> +print_ver_ mkdir mkfifo mknod
> +
> +require_smack_
> +require_root_
> +
> +c=arbitrary-smack-label
> +msg="failed to set default file creation context to '$c':"
> +
> +for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
> + $cmd -Z $c || fail=1
> + set $cmd
> + test "$(ls -dZ $2 | cut -f1 -d' ')" = "$c" || fail=1
> +done
> +
> +Exit $fail
>
Going to apply with these changes.
I have a query about an apparent inconsistency between
tests/mkdir/smack-root.sh and tests/mkdir/smack-no-root.sh
The latter mentions that 'arbitrary-smack-label' is an
"invalid SMACK label", while the former expects that to work as root?
thanks,
Pádraig.
diff --git a/tests/id/smack.sh b/tests/id/smack.sh
index 30b19da..5b60e7e 100755
--- a/tests/id/smack.sh
+++ b/tests/id/smack.sh
@@ -1,7 +1,7 @@
#!/bin/sh
# SMACK test for the id-command.
# Derived from tests/id/context.sh and tests/id/no-context.sh.
-# Copyright (C) 2008-2013 Free Software Foundation, Inc.
+# Copyright (C) 2014 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -24,12 +24,11 @@ require_smack_
# Check the string "context=" presence without specified user.
id | grep context= >/dev/null || fail=1
-# Check the string "context=" absence without specificied user in conforming
-# mode.
+# Check context=" is absent without specified user in conforming mode.
POSIXLY_CORRECT=1 id > out || fail=1
grep context= out && fail=1
-# Check the string "context=" absencea with specified user.
+# Check the string "context=" absence with specified user.
# But if the current user is nameless, skip this part.
id -nu > /dev/null \
&& id $(id -nu) | grep context= >/dev/null && fail=1
diff --git a/tests/mkdir/smack-no-root.sh b/tests/mkdir/smack-no-root.sh
index 2b52d18..09157a8 100755
--- a/tests/mkdir/smack-no-root.sh
+++ b/tests/mkdir/smack-no-root.sh
@@ -3,7 +3,7 @@
# Derived from tests/mkdir/selinux.sh.
# Ensure that an invalid SMACK label doesn't cause a segfault.
-# Copyright (C) 2008-2013 Free Software Foundation, Inc.
+# Copyright (C) 2014 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,7 +27,7 @@ c=arbitrary-smack-label
msg="failed to set default file creation context to '$c':"
for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
- $cmd -Z $c 2> out && fail=1
+ $cmd --context="$c" 2> out && fail=1
set $cmd
echo "$1: $msg" > exp || fail=1
diff --git a/tests/mkdir/smack-root.sh b/tests/mkdir/smack-root.sh
index ccca8cb..96b75ea 100755
--- a/tests/mkdir/smack-root.sh
+++ b/tests/mkdir/smack-root.sh
@@ -3,7 +3,7 @@
# Derived from tests/mkdir/selinux.sh.
# Ensure that SMACK label gets set.
-# Copyright (C) 2008-2013 Free Software Foundation, Inc.
+# Copyright (C) 2014 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -25,10 +25,9 @@ require_smack_
require_root_
c=arbitrary-smack-label
-msg="failed to set default file creation context to '$c':"
for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
- $cmd -Z $c || fail=1
+ $cmd --context="$c" || fail=1
set $cmd
test "$(ls -dZ $2 | cut -f1 -d' ')" = "$c" || fail=1
done
- Re: [PATCH] tests: initial SMACK tests,
Pádraig Brady <=