summaryrefslogtreecommitdiffstats
path: root/test/TEST-06-SELINUX (follow)
Commit message (Collapse)AuthorAgeFilesLines
* test: Add cmdline field to configure extra kernel command line argsDaan De Meyer2024-05-141-3/+1
| | | | | Configuring extra cmdline arguments as a list is much nicer than having to pass the --kernel-command-line-extra argument manually.
* TEST-06-SELINUX: Simplify auto-relabelingDaan De Meyer2024-05-141-1/+1
| | | | | Let's ship a .autorelabel file so we can get rid of firstboot-autorelabel.service.
* test: Rename mkosi_args to mkosi-argsDaan De Meyer2024-05-141-1/+1
|
* test: Rename testsuite-XX units to match test nameDaan De Meyer2024-05-142-0/+9
| | | | | | | Having these named differently than the test itself mostly creates unecessary confusion and makes writing logic against the tests harder so let's rename the testsuite-xx units and scripts to just use the test name itself.
* test: Rework integration test definitionsDaan De Meyer2024-05-141-5/+10
| | | | | | | Let's make this behave more like all the rest of the meson stuff. This also is the first step to making it a bit more flexible so we can define integration tests in different ways as will be seen in the next commits.
* test: Default to linux qemu firmwareDaan De Meyer2024-05-061-0/+2
| | | | | | | | | | Direct kernel boot results in much faster boot times so let's use it by default. We disable it for tests that need to reboot because +-50% of the time, doing a reboot when using direct kernel boot causes qemu to hang on reboot. Until we figure that out, let's use UEFI for the tests that need to reboot.
* test: Enable TEST-06-SELINUX testing with mkosiRichard Maw2024-05-031-0/+5
|
* test: make TEST-06-SELINUX work with the refpolicy and beef it up a bitFrantisek Sumsal2023-11-144-103/+19
| | | | | | | Currently the test works only with policy shipped by Fedora, which makes it pretty much useless in most of our CIs. Let's drop the custom module and make the test more generic, so it works with the refpolicy as well, which should allow us to run it on Arch and probably even in Ubuntu CI.
* test: switch SELinux to permissive in the config fileFrantisek Sumsal2023-11-141-1/+4
| | | | | The config file has (unfortunately) precedence over the kernel command line, so let's tweak the config file if necessary.
* test: Check that SELinux policy is available before running SELinux test ↵Johannes Segitz2023-08-171-3/+8
| | | | | | | | | (#28868) * test: Check that SELinux policy is available before running SELinux test --------- Co-authored-by: Frantisek Sumsal <frantisek@sumsal.cz>
* test: a couple of assorted cleanupsFrantisek Sumsal2023-06-051-2/+1
| | | | | - sort binaries - send stdout/stderr of the autorelabel service to console as well
* test: load the SELinux module outside of the VMFrantisek Sumsal2023-06-051-4/+2
| | | | | | | | Turns out we can, apart from just building the module, "shove" it into the SELinux database in a chroot as well. This brings quite significant time savings, as the SELinux db rebuild takes 2 - 5 minutes in a VM without acceleration (and takes currently ~half of the runtime of the test in the C8S job).
* test: build the SELinux test module on the hostFrantisek Sumsal2023-05-191-33/+35
| | | | | | Let's save some time and build the SELinux test module on the host instead of a possibly unaccelerated VM. This brings the runtime of TEST-06-SELINUX from ~12 minutes down to a ~1 minute.
* TEST-06-SELINUX: add the usual spdx license header to policy filesZbigniew Jędrzejewski-Szmek2021-10-183-0/+3
|
* tests: add spdx headers to scripts and MakefilesZbigniew Jędrzejewski-Szmek2021-10-181-0/+1
|
* test: rename `dracut_install` to `image_install`Frantisek Sumsal2021-09-081-5/+5
| | | | | | The `dracut_install` is a misnomer, since the systemd integration test suite is based on the original dracut's test suite, and not all the references to dracut has been edited out. Let's fix that.
* test: reintroduce m4 dependency for TEST-06-SELINUXFrantisek Sumsal2021-05-191-1/+1
| | | | | | | | | | | m4 is required to build the test SELinux module: ``` [ 31.321789] sh[483]: /bin/sh: line 1: m4: command not found [ 31.882668] sh[488]: Compiling targeted systemd_test module [ 32.120862] sh[492]: /bin/sh: line 1: m4: command not found [ 32.159897] sh[458]: make: *** [/usr/share/selinux/devel/include/Makefile:156: tmp/systemd_test.mod] Error 127 ```
* Drop dependency on m4Zbigniew Jędrzejewski-Szmek2021-05-191-1/+1
| | | | | | | | | | | | | | | | m4 was hugely popular in the past, because autotools, automake, flex, bison and many other things used it. But nowadays it much less popular, and might not even be installed in the buildroot. (m4 is small, so it doesn't make a big difference.) (FWIW, Fedora dropped make from the buildroot now, https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. I think it's reasonable to assume that m4 will be dropped at some point too.) The main reason to drop m4 is that the syntax is not very nice, and we should minimize the number of different syntaxes that we use. We still have two (configure_file() with @FOO@ and jinja2 templates with {{foo}} and the pythonesque conditional expressions), but at least we don't need m4 (with m4_dnl and `quotes').
* test: "detect" the test number automagicallyFrantisek Sumsal2021-04-261-1/+1
| | | | | | Specifying the test number manually is tedious and prone to errors (as recently proven). Since we have all the necessary data to work out the test number, let's do it automagically.
* test: make the test entrypoint scripts shellcheck-compliantFrantisek Sumsal2021-04-201-14/+22
|
* test: add a custom SELinux file contextFrantisek Sumsal2021-02-052-0/+2
| | | | | | | | | Since the test suite overhaul, the test units are now under /usr/lib/systemd/tests/testdata/tetsuite-06.units with system_u:object_r:lib_t context. This causes an AVC denial, since the systemd unit files are expected to have the system_u:object_r:systemd_unit_file_t context. Let's fix this by using a custom file context definition.
* tests: build the image once and then copy/extend itLuca Boccassi2021-01-241-16/+9
| | | | | | Building custom images for each test takes a lot of time. Build the default one, and if the test needs incompatible changes just copy it and extend it instead.
* TEST-06-*: also try the installation path for DebianZbigniew Jędrzejewski-Szmek2020-03-311-1/+3
| | | | | | https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/tests/upstream used sed to adjust the path. I think it's better to make our script more flexible.
* test: rework how images are createdZbigniew Jędrzejewski-Szmek2020-03-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before, we'd create a separate image for each test, in /var/tmp/systemd-test.XXXXX/rootdisk.img. Most of the images where very similar, except that each one had some unit files installed specifically for the test. The installation of those custom unit files was removed in previous commits (all the unit files are always installed). The new approach is to only create as few distinct images as possible. We have: default.img: the "normal" image suitable for almost all the tests basic.img: the same as default image but doesn't mask any services cryptsetup.img: p2 is used for encrypted /var badid.img: /etc/machine-id is overwritten with stuff selinux.img: with selinux added for fun and fun and a few others: ls -l build/test/*img lrwxrwxrwx 1 root root 38 Mar 21 21:23 build/test/badid.img -> /var/tmp/systemd-test.PJFFeo/badid.img lrwxrwxrwx 1 root root 38 Mar 21 21:17 build/test/basic.img -> /var/tmp/systemd-test.na0xOI/basic.img lrwxrwxrwx 1 root root 43 Mar 21 21:18 build/test/cryptsetup.img -> /var/tmp/systemd-test.Tzjv06/cryptsetup.img lrwxrwxrwx 1 root root 40 Mar 21 21:19 build/test/default.img -> /var/tmp/systemd-test.EscAsS/default.img lrwxrwxrwx 1 root root 39 Mar 21 21:22 build/test/nspawn.img -> /var/tmp/systemd-test.HSebKo/nspawn.img lrwxrwxrwx 1 root root 40 Mar 21 21:20 build/test/selinux.img -> /var/tmp/systemd-test.daBjbx/selinux.img lrwxrwxrwx 1 root root 39 Mar 21 21:21 build/test/test08.img -> /var/tmp/systemd-test.OgnN8Z/test08.img I considered trying to use the same image everywhere. It would probably be possible, but it would be very brittle. By using separate images where it is necessary we keep various orthogonal modifications independent. The way that images are cached is complicated by the fact that we still want to keep them in /var/tmp. Thus, an image is created on first use and linked to from build/test/ so it can be found by other tests. Tests cannot be run in parallel. I think that is an acceptable limitation. Creation of the images was probably taking more resources then the actual tests, so we should be better off anyway.
* test: drop cargo-cult lineZbigniew Jędrzejewski-Szmek2020-03-281-1/+0
| | | | p2 is only used in the cryptsetup test...
* test: move most of TEST-06-* setup to static filesZbigniew Jędrzejewski-Szmek2020-03-282-56/+1
|
* treewide: more portable bash shebangsJörg Thalheim2020-03-052-2/+2
| | | | | | | | | | | | | | | | As in 2a5fcfae024ffc370bb780572279f45a1da3f946 and in 3e67e5c9928f8b1e1c5a63def88d53ed1fed12eb using /usr/bin/env allows bash to be looked up in PATH rather than being hard-coded. As with the previous changes the same arguments apply - distributions have scripts to rewrite shebangs on installation and they know what locations to rely on. - For tests/compilation we should rather rely on the user to have setup there PATH correctly. In particular this makes testing from git easier on NixOS where do not provide /bin/bash to improve compose-ability.
* test: add function to reduce copied setup boilerplateZbigniew Jędrzejewski-Szmek2019-10-081-7/+1
| | | | | | Many tests were also masking systemd-machined.service. But machined should only start when activated, so having it not masked shouldn't be noticable. TEST-25-IMPORT needs it.
* test: use "ln -fs"Zbigniew Jędrzejewski-Szmek2019-07-301-5/+5
| | | | | Without this, repeated runs of "make -C TEST/... setup" fail when trying to create the symlink.
* test: add create_empty_image_rootdir() to simplify testcase setupDan Streetman2019-07-171-6/+1
| | | | | | | | | Almost all tests were manually mounting/unmounting $TESTDIR/root from the loopback image; this moves all that into test-functions so the test setup functions are simplier. Also add test_setup_cleanup() function, to cleanup what is mounted by create_empty_image_rootdir()
* test: drop || return 1 expression which is incompatible with set -eFrantisek Sumsal2019-07-081-1/+1
| | | | | | The `set -e` option is incompatible with a subshell/compound command, which is followed by || <EXPR>. In such case, the -e option is ignored in all affected subshells/functions (see man bash(1) for command `set`).
* scripts: use 4 space indentationZbigniew Jędrzejewski-Szmek2019-04-122-3/+0
| | | | | | | | | | | | | | | | | | We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed. 4 sp was the most common, in particular the majority of scripts under test/ used that. Let's standarize on 4 sp, because many commandlines are long and there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp also seems to be the default indentation, so this will make it less likely that people will mess up if they don't load the editor config. (I think people often use vi, and vi has no support to load project-wide configuration automatically. We distribute a .vimrc file, but it is not loaded by default, and even the instructions in it seem to discourage its use for security reasons.) Also remove the few vim config lines that were left. We should either have them on all files, or none. Also remove some strange stuff like '#!/bin/env bash', yikes.
* test: drop 'After=multi-user.target' from most of testsuite.serviceYu Watanabe2018-11-031-1/+0
|
* tests: tighten check for TEST-06-SELINUX dependencies a bitLennart Poettering2018-06-061-1/+1
| | | | | | | | As it turns out /usr/share/selinux/devel/ is now included in more RPMs than just selinux-policy-devel (specifically container-selinux, which is pulled in by various container related RPMs). Let's hence tighten the dependency check a bit and look for systemd's .if file, which is what we actually care about.
* test: bypass selinux integration test if selinux policy devel package is not ↵Lennart Poettering2018-03-231-0/+3
| | | | | | | | installed With this "sudo ./run-integration-tests.sh" should work fully without exception, even on systems lacking SELinux (in which case that test will just be skipped)
* test: Run qemu/nspawn tests with "set -e"Martin Pitt2017-08-101-0/+1
| | | | | | | | This catches errors like "ninja not found", missing programs etc. early, instead of silently ignoring them and trying to boot a broken VM. In install_config_files(), allow some distro specific files to be absent (such as /etc/sysconfig/init).
* test: Factorize common integration test functions (#6540)Martin Pitt2017-08-041-29/+1
| | | | | | | | | | | All test/TEST* but TEST-02-CRYPTSETUP share the same check_result_qemu() and test_cleanup(), so move them into test_functions and only override them in TEST-02-CRYPTSETUP. Also provide a common test_run() which by default assumes that both QEMU and nspawn tests are run. Particular tests which don't support either need to explicitly opt out by setting $TEST_NO_{QEMU,NSPAWN}. Do it this way around to avoid accidentally forgetting to opt in, and to encourage test authors to at least always support nspawn.
* tests: force booting the kernel with SELinuxMartin Pitt2016-06-241-1/+1
| | | | | selinux=1 is not sufficient when running on a kernel which also has another LSM (such as AppArmor) enabled and defaults to that.
* tests: use symlink to MakefileEvgeny Vereshchagin2016-05-011-10/+1
|
* test: remove exit 0 at the endPhillip Sz2016-02-051-1/+0
| | | | | We don't need that at the end, as it will always exit with 0 if everything is okey.
* tests: add test-selinux-checksEvgeny Vereshchagin2016-01-315-0/+216
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 04:11:23 +0100