[PATCH 4/4] tests: Test virIdentityGetSystem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Test it once with SELinux enabled and once with it disabled.

Signed-off-by: Michael Chapman <mike@xxxxxxxxxxxxxxxxx>
---
 tests/Makefile.am       |  4 +++
 tests/viridentitytest.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 78 insertions(+), 1 deletion(-)

diff --git a/tests/Makefile.am b/tests/Makefile.am
index cd91734..acc9e26 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -779,6 +779,10 @@ virstoragetest_LDADD = $(LDADDS)
 viridentitytest_SOURCES = \
 	viridentitytest.c testutils.h testutils.c
 viridentitytest_LDADD = $(LDADDS)
+if WITH_SELINUX
+viridentitytest_DEPENDENCIES = libsecurityselinuxhelper.la \
+	../src/libvirt.la
+endif WITH_SELINUX
 
 virkeycodetest_SOURCES = \
 	virkeycodetest.c testutils.h testutils.c
diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c
index 814db4f..9fcdcd3 100644
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@@ -22,6 +22,10 @@
 
 #include <stdlib.h>
 
+#if WITH_SELINUX
+# include <selinux/selinux.h>
+#endif
+
 #include "testutils.h"
 
 #include "viridentity.h"
@@ -148,7 +152,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED)
         goto cleanup;
 
     if (virIdentityIsEqual(identa, identb)) {
-        VIR_DEBUG("Mis-atched identities should not be equal");
+        VIR_DEBUG("Mis-matched identities should not be equal");
         goto cleanup;
     }
 
@@ -159,17 +163,86 @@ cleanup:
     return ret;
 }
 
+static int testIdentityGetSystem(const void *data)
+{
+    const char *context = data;
+    int ret = -1;
+    virIdentityPtr ident = NULL;
+    const char *val;
+
+#if !WITH_SELINUX
+    if (context) {
+        VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
+        ret = EXIT_AM_SKIP;
+        goto cleanup;
+    }
+#endif
+
+    if (!(ident = virIdentityGetSystem())) {
+        VIR_DEBUG("Unable to get system identity");
+        goto cleanup;
+    }
+
+    if (virIdentityGetAttr(ident,
+                           VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
+                           &val) < 0)
+        goto cleanup;
+
+    if (STRNEQ_NULLABLE(val, context)) {
+        VIR_DEBUG("Unexpected SELinux context attribute");
+        goto cleanup;
+    }
+
+    ret = 0;
+cleanup:
+    virObjectUnref(ident);
+    return ret;
+}
+
+static int testSetFakeSELinuxContext(const void *data ATTRIBUTE_UNUSED)
+{
+#if WITH_SELINUX
+    return setcon_raw((security_context_t)data);
+#else
+    VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
+    return EXIT_AM_SKIP;
+#endif
+}
+
+static int testDisableFakeSELinux(const void *data ATTRIBUTE_UNUSED)
+{
+#if WITH_SELINUX
+    return security_disable();
+#else
+    VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
+    return EXIT_AM_SKIP;
+#endif
+}
+
 static int
 mymain(void)
 {
+    const char *context = "unconfined_u:unconfined_r:unconfined_t:s0";
     int ret = 0;
 
     if (virtTestRun("Identity attributes ", testIdentityAttrs, NULL) < 0)
         ret = -1;
     if (virtTestRun("Identity equality ", testIdentityEqual, NULL) < 0)
         ret = -1;
+    if (virtTestRun("Setting fake SELinux context ", testSetFakeSELinuxContext, context) < 0)
+        ret = -1;
+    if (virtTestRun("System identity (fake SELinux enabled) ", testIdentityGetSystem, context) < 0)
+        ret = -1;
+    if (virtTestRun("Disabling fake SELinux ", testDisableFakeSELinux, NULL) < 0)
+        ret = -1;
+    if (virtTestRun("System identity (fake SELinux disabled) ", testIdentityGetSystem, NULL) < 0)
+        ret = -1;
 
     return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE;
 }
 
+#if WITH_SELINUX
+VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/libsecurityselinuxhelper.so")
+#else
 VIRT_TEST_MAIN(mymain)
+#endif
-- 
1.8.5.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]