mirror of
https://github.com/systemd/systemd
synced 2024-09-06 16:56:43 +00:00
5ef964f88c
Currently the test works only with policy shipped by Fedora, which makes it pretty much useless in most of our CIs. Let's drop the custom module and make the test more generic, so it works with the refpolicy as well, which should allow us to run it on Arch and probably even in Ubuntu CI.
44 lines
1.2 KiB
Bash
Executable file
44 lines
1.2 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
set -e
|
|
|
|
TEST_DESCRIPTION="SELinux tests"
|
|
IMAGE_NAME="selinux"
|
|
TEST_NO_NSPAWN=1
|
|
|
|
if [[ -e /etc/selinux/config ]]; then
|
|
SEPOLICY="$(awk -F= '/^SELINUXTYPE=/ {print $2; exit}' /etc/selinux/config)"
|
|
|
|
# C8S doesn't set SELINUXTYPE in /etc/selinux/config, so default to 'targeted'
|
|
if [[ -z "$SEPOLICY" ]]; then
|
|
echo "Failed to parse SELinux policy from /etc/selinux/config, falling back to 'targeted'"
|
|
SEPOLICY="targeted"
|
|
fi
|
|
|
|
if [[ ! -d "/etc/selinux/$SEPOLICY" ]]; then
|
|
echo "Missing policy directory /etc/selinux/$SEPOLICY, skipping the test"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Using SELinux policy '$SEPOLICY'"
|
|
else
|
|
echo "/etc/selinux/config is missing, skipping the test"
|
|
exit 0
|
|
fi
|
|
|
|
# shellcheck source=test/test-functions
|
|
. "${TEST_BASE_DIR:?}/test-functions"
|
|
|
|
SETUP_SELINUX=yes
|
|
KERNEL_APPEND="${KERNEL_APPEND:-} selinux=1 enforcing=0 lsm=selinux"
|
|
|
|
test_append_files() {
|
|
local workspace="${1:?}"
|
|
|
|
setup_selinux
|
|
# Config file has (unfortunately) always precedence, so let's switch it there as well
|
|
sed -i '/^SELINUX=disabled$/s/disabled/permissive/' "$workspace/etc/selinux/config"
|
|
}
|
|
|
|
do_test "$@"
|