diff options
| author | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-11-14 12:53:51 +0100 |
|---|---|---|
| committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-11-14 18:54:16 +0100 |
| commit | 5ef964f88c9702656e848d5757c48dd7ddd03f11 (patch) | |
| tree | 796bf82e14135338d225af4def98ac658599add6 /test/test-functions | |
| parent | test: switch SELinux to permissive in the config file (diff) | |
| download | systemd-5ef964f88c9702656e848d5757c48dd7ddd03f11.tar.xz systemd-5ef964f88c9702656e848d5757c48dd7ddd03f11.zip | |
test: make TEST-06-SELINUX work with the refpolicy and beef it up a bit
Currently the test works only with policy shipped by Fedora, which makes
it pretty much useless in most of our CIs. Let's drop the custom module
and make the test more generic, so it works with the refpolicy as well,
which should allow us to run it on Arch and probably even in Ubuntu CI.
Diffstat (limited to 'test/test-functions')
| -rw-r--r-- | test/test-functions | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/test/test-functions b/test/test-functions index 3cb08fb47a..7375d3465c 100644 --- a/test/test-functions +++ b/test/test-functions @@ -924,16 +924,13 @@ setup_selinux() { return 0 fi - local conf_dir=/etc/selinux - local fixfiles_tools=(awk bash cat chcon expr egrep find grep head secon setfiles rm sort uname uniq) - - # Make sure the following statement can't expand to "/" to prevent - # a potential where-are-my-backups situation - rm -rf "${initdir:?}/$conf_dir" - if ! cp -ar "$conf_dir" "$initdir/$conf_dir"; then - dfatal "Failed to copy $conf_dir" - exit 1 - fi + for dir in /etc/selinux /usr/share/selinux; do + rm -rf "${initdir:?}/$dir" + if ! cp -ar "$dir" "$initdir/$dir"; then + dfatal "Failed to copy $dir" + exit 1 + fi + done # We use a custom autorelabel service instead of the SELinux provided set # of units & a generator, since the generator overrides the default target @@ -944,13 +941,13 @@ setup_selinux() { # and does the relabeling unconditionally which always ends with a reboot, so # we end up in a reboot loop (and it also spews quite a lot of errors as it # wants /etc/fstab and dracut-initramfs-restore). - touch "$initdir/.autorelabel" mkdir -p "$initdir/usr/lib/systemd/tests/testdata/units/basic.target.wants" ln -sf ../autorelabel.service "$initdir/usr/lib/systemd/tests/testdata/units/basic.target.wants/" - image_install "${fixfiles_tools[@]}" - image_install fixfiles sestatus + # Tools requires by fixfiles + image_install awk bash cat chcon expr egrep find grep head secon setfiles rm sort uname uniq + image_install fixfiles getenforce load_policy selinuxenabled sestatus } install_valgrind() { |