@@ -17,6 +17,8 @@ class TestSELinuxSystemd(infra.basetest.BRTest):
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"
BR2_PACKAGE_LIBSELINUX=y
BR2_PACKAGE_REFPOLICY=y
+ BR2_REFPOLICY_EXTRA_MODULES_DIRS="package/refpolicy/selinux-modules"
+ BR2_REFPOLICY_EXTRA_MODULES="buildroot"
"""
def wait_boot(self):
@@ -50,6 +52,10 @@ class TestSELinuxSystemd(infra.basetest.BRTest):
self.assertEqual(ret, 0)
self.assertEqual(out[0], "system_u:system_r:init_t\0")
+ # Check no action was denied by the policy while booting.
+ out, ret = self.emulator.run("journalctl -e | grep audit | grep denied | wc -l")
+ self.assertEqual(ret, 0)
+ self.assertEqual(out[0], "0")
class TestSELinuxSystemdExt4(TestSELinuxSystemd):
config = TestSELinuxSystemd.config + \
Now that we have support for the refpolicy in buildroot with the latest pending patches and the buildroot module, we are able to boot a system without any denied actions. Make the test check for the number of denied actions, making sure it's 0. For ow, we don't switch to "Enforcing" mode yet due to some issues still being present, although not reported as denied actions, possibly because of "dontaudit" rules. Suggested-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> --- support/testing/tests/init/test_systemd_selinux.py | 6 ++++++ 1 file changed, 6 insertions(+)