diff options
| author | Luca Boccassi <bluca@debian.org> | 2024-05-04 20:48:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-04 20:48:55 +0200 |
| commit | 72007bbc9b32513c90aa7f1f6ec6d1f6d479d288 (patch) | |
| tree | 3452767d247c5e680926eb0b0fc151573c926a52 /test | |
| parent | man/run0: Describe environment variables set (#32622) (diff) | |
| parent | test: Enable TEST-06-SELINUX testing with mkosi (diff) | |
| download | systemd-72007bbc9b32513c90aa7f1f6ec6d1f6d479d288.tar.xz systemd-72007bbc9b32513c90aa7f1f6ec6d1f6d479d288.zip | |
Merge pull request #32588 from CodethinkLabs/mkosi-selinux
Add TEST-06-SELINUX to mkosi integration tests
Diffstat (limited to 'test')
| -rw-r--r-- | test/TEST-06-SELINUX/meson.build | 5 | ||||
| -rw-r--r-- | test/meson.build | 2 | ||||
| -rw-r--r-- | test/units/autorelabel.service | 11 | ||||
| -rw-r--r-- | test/units/firstboot-autorelabel.service | 20 | ||||
| -rwxr-xr-x | test/units/testsuite-06.sh | 6 |
5 files changed, 40 insertions, 4 deletions
diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build new file mode 100644 index 0000000000..50247d3e47 --- /dev/null +++ b/test/TEST-06-SELINUX/meson.build @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +test_params += { + 'mkosi_args' : ['--kernel-command-line-extra=apparmor=0 selinux=1 enforcing=0 lsm=selinux systemd.wants=autorelabel.service systemd.wants=firstboot-autorelabel.service'], +} diff --git a/test/meson.build b/test/meson.build index 705762d533..95136c7e02 100644 --- a/test/meson.build +++ b/test/meson.build @@ -341,7 +341,7 @@ integration_tests = { '03': 'TEST-03-JOBS', # '04': 'TEST-04-JOURNAL', # Extremely flaky '05': 'TEST-05-RLIMITS', - # '06': 'TEST-06-SELINUX', + '06': 'TEST-06-SELINUX', # '07': 'TEST-07-PID1', # '08': 'TEST-08-INITRD', '09': 'TEST-09-REBOOT', diff --git a/test/units/autorelabel.service b/test/units/autorelabel.service index 7e5f9a2b89..fd652225d9 100644 --- a/test/units/autorelabel.service +++ b/test/units/autorelabel.service @@ -3,9 +3,14 @@ Description=Relabel all filesystems DefaultDependencies=no Requires=local-fs.target -Conflicts=shutdown.target After=local-fs.target -Before=sysinit.target shutdown.target +Conflicts=shutdown.target +Before=shutdown.target +Before=multi-user.target +# Needs to access /var, which may not have been populated yet +After=systemd-tmpfiles-setup.service +# Must wait for systemd-machine-id-commit or firstboot-autorelabel will reactivate autorelabel +After=systemd-machine-id-commit.service ConditionSecurity=selinux ConditionPathExists=|/.autorelabel @@ -16,4 +21,4 @@ TimeoutSec=infinity RemainAfterExit=yes [Install] -WantedBy=basic.target +WantedBy=multi-user.target diff --git a/test/units/firstboot-autorelabel.service b/test/units/firstboot-autorelabel.service new file mode 100644 index 0000000000..b69dcf72a3 --- /dev/null +++ b/test/units/firstboot-autorelabel.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Activate relabelling on firstboot only +DefaultDependencies=no +Wants=first-boot-complete.target +Requires=local-fs.target +After=local-fs.target +Conflicts=shutdown.target +Before=shutdown.target +Before=first-boot-complete.target sysinit.target autorelabel.service +ConditionPathIsReadWrite=/etc +ConditionFirstBoot=yes + +[Service] +ExecStart=touch /.autorelabel +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/test/units/testsuite-06.sh b/test/units/testsuite-06.sh index 7fc3c379e5..937a04005a 100755 --- a/test/units/testsuite-06.sh +++ b/test/units/testsuite-06.sh @@ -3,6 +3,12 @@ set -eux set -o pipefail +. /etc/os-release +if ! [[ "$ID" =~ centos|fedora ]]; then + echo "Skipping because only CentOS and Fedora support SELinux tests" >>/skipped + exit 77 +fi + # Note: ATTOW the following checks should work with both Fedora and upstream reference policy # (with or without MCS/MLS) |