From patchwork Tue Sep 8 15:51:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1359805 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bm8r56ty5z9sSP for ; Wed, 9 Sep 2020 01:55:33 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 084522D63B; Tue, 8 Sep 2020 15:55:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wGEpXIljTlUl; Tue, 8 Sep 2020 15:55:19 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id D5E602D9B5; Tue, 8 Sep 2020 15:55:18 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 783F61BF5AE for ; Tue, 8 Sep 2020 15:55:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 7163B27A5D for ; Tue, 8 Sep 2020 15:55:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnCXy63U4mp4 for ; Tue, 8 Sep 2020 15:55:08 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by silver.osuosl.org (Postfix) with ESMTPS id 4C5E027A5C for ; Tue, 8 Sep 2020 15:55:08 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 5AD2FE000C; Tue, 8 Sep 2020 15:55:04 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Tue, 8 Sep 2020 17:51:40 +0200 Message-Id: <20200908155142.1385820-3-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200908155142.1385820-1-antoine.tenart@bootlin.com> References: <20200908155142.1385820-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 2/4] support/testing: add the SELinuxExt4 test X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This adds a test called 'SELinuxExt4'. This test will build an SELinux enabled image using the in-tree qemu_x86_64_selinux_defconfig, boot the image, and perform a few runtime tests to check SELinux related capabilities. Signed-off-by: Antoine Tenart --- support/testing/tests/boot/test_selinux.py | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 support/testing/tests/boot/test_selinux.py diff --git a/support/testing/tests/boot/test_selinux.py b/support/testing/tests/boot/test_selinux.py new file mode 100644 index 000000000000..7b67feed83b5 --- /dev/null +++ b/support/testing/tests/boot/test_selinux.py @@ -0,0 +1,42 @@ +import os + +import infra.basetest + + +class TestSELinux(infra.basetest.BRTest): + # Use the available Qemu x86_64 SELinux defconfig. + with open(infra.filepath("../../configs/qemu_x86_64_selinux_defconfig")) as f: + config = f.read() + + def wait_boot(self): + # The complete boot with systemd takes more time than what the default multipler permits + self.emulator.timeout_multiplier *= 10 + self.emulator.login() + + def run_tests(self): + # Test the reported SELinux mode. + out, ret = self.emulator.run("getenforce") + self.assertEqual(ret, 0) + self.assertEqual(out[0], "Permissive") + + # Check the extended arguments are correctly set. + out, ret = self.emulator.run("ls -dZ /") + self.assertEqual(ret, 0) + self.assertEqual(out[0].split()[0], "system_u:object_r:root_t") + + # Check init's attributes. + out, ret = self.emulator.run("cat /proc/1/attr/current") + self.assertEqual(ret, 0) + self.assertEqual(out[0], "system_u:system_r:init_t\0") + +class TestSELinuxExt4(TestSELinux): + def test_run(self): + kernel = os.path.join(self.builddir, "images", "bzImage") + rootfs = os.path.join(self.builddir, "images", "rootfs.ext2") + + self.emulator.boot(arch="x86_64", kernel=kernel, + kernel_cmdline=["root=/dev/vda", "console=ttyS0", "security=selinux"], + options=["-drive", "file={},if=virtio,format=raw".format(rootfs)]) + + self.wait_boot() + self.run_tests()