From patchwork Mon Sep 28 14:54:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372696 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QYb6PbGz9s0b for ; Tue, 29 Sep 2020 00:55:31 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B955E203F4; Mon, 28 Sep 2020 14:55:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VITfOCMoqA3r; Mon, 28 Sep 2020 14:55:20 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 3F96C204CE; Mon, 28 Sep 2020 14:54:59 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 1D9201BF3A9 for ; Mon, 28 Sep 2020 14:54:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 1934486F61 for ; Mon, 28 Sep 2020 14:54:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2zuX0XNOw0x3 for ; Mon, 28 Sep 2020 14:54:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by hemlock.osuosl.org (Postfix) with ESMTPS id B2B5F86EC8 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 0E1A54000B; Mon, 28 Sep 2020 14:54:47 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:19 +0200 Message-Id: <20200928145425.2109095-2-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/7] support/testing: add an SELinuxSystemdExt4 test X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This adds a test called 'SELinuxSystemdExt4'. This test will build an SELinux enabled image with systemd, boot it, and perform a few runtime tests to check SELinux related capabilities. Signed-off-by: Antoine Tenart --- support/testing/tests/boot/test_selinux.py | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 support/testing/tests/boot/test_selinux.py diff --git a/support/testing/tests/boot/test_selinux.py b/support/testing/tests/boot/test_selinux.py new file mode 100644 index 000000000000..b7e15655e7eb --- /dev/null +++ b/support/testing/tests/boot/test_selinux.py @@ -0,0 +1,59 @@ +import os + +import infra.basetest + + +class TestSELinuxSystemd(infra.basetest.BRTest): + config = """ + BR2_x86_64=y + BR2_TOOLCHAIN_BUILDROOT_GLIBC=y + BR2_INIT_SYSTEMD=y + BR2_LINUX_KERNEL=y + BR2_LINUX_KERNEL_CUSTOM_VERSION=y + BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.8.12" + BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y + BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config" + BR2_PACKAGE_LIBSELINUX=y + BR2_PACKAGE_REFPOLICY=y + """ + + def wait_boot(self): + # The complete boot with systemd takes more time than what the default multipler permits + self.emulator.timeout_multiplier *= 10 + self.emulator.login() + + def run_tests(self, fstype): + kernel = os.path.join(self.builddir, "images", "bzImage") + rootfs = os.path.join(self.builddir, "images", "rootfs.{}".format(fstype)) + + self.emulator.boot(arch="x86_64", kernel=kernel, + kernel_cmdline=["root=/dev/vda", "rootfstype={}".format(fstype), + "console=ttyS0", "security=selinux"], + options=["-drive", "file={},if=virtio,format=raw".format(rootfs)]) + self.wait_boot() + + # Test the reported SELinux mode. + out, ret = self.emulator.run("getenforce") + self.assertEqual(ret, 0) + self.assertEqual(out[0], "Permissive") + + # Check the extended arguments are correctly set. + out, ret = self.emulator.run("ls -dZ /") + self.assertEqual(ret, 0) + self.assertEqual(out[0].split()[0], "system_u:object_r:root_t") + + # Check init's attributes. + out, ret = self.emulator.run("cat /proc/1/attr/current") + self.assertEqual(ret, 0) + self.assertEqual(out[0], "system_u:system_r:init_t\0") + +class TestSELinuxSystemdExt4(TestSELinuxSystemd): + config = TestSELinuxSystemd.config + \ + """ + BR2_TARGET_ROOTFS_EXT2=y + BR2_TARGET_ROOTFS_EXT2_4=y + BR2_TARGET_ROOTFS_EXT2_SIZE="100M" + """ + + def test_run(self): + self.run_tests("ext4") From patchwork Mon Sep 28 14:54:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372692 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QXy3dvdz9sSJ for ; Tue, 29 Sep 2020 00:54:58 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id BFBB986FD3; Mon, 28 Sep 2020 14:54:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TfCR+6hJRZkv; Mon, 28 Sep 2020 14:54:52 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 67D2786F61; Mon, 28 Sep 2020 14:54:52 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 292621BF3A9 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 15E992049C for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id teRpMfNGI1le for ; Mon, 28 Sep 2020 14:54:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by silver.osuosl.org (Postfix) with ESMTPS id AF79520014 for ; Mon, 28 Sep 2020 14:54:45 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 948464000B; Mon, 28 Sep 2020 14:54:41 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:20 +0200 Message-Id: <20200928145425.2109095-3-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 2/7] support/testing: add an SELinuxSystemdSquashfs test X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add a test called 'SELinuxSystemdSquashfs' which will perform the same tests as the Ext4 version, but using a Squashfs filesystem. Thanks to this, we'll have a test on a real only filesystem. Signed-off-by: Antoine Tenart --- support/testing/tests/boot/test_selinux.py | 12 ++++++++++++ .../tests/boot/test_selinux/linux-squashfs.fragment | 1 + 2 files changed, 13 insertions(+) create mode 100644 support/testing/tests/boot/test_selinux/linux-squashfs.fragment diff --git a/support/testing/tests/boot/test_selinux.py b/support/testing/tests/boot/test_selinux.py index b7e15655e7eb..d4e314a646ef 100644 --- a/support/testing/tests/boot/test_selinux.py +++ b/support/testing/tests/boot/test_selinux.py @@ -57,3 +57,15 @@ class TestSELinuxSystemdExt4(TestSELinuxSystemd): def test_run(self): self.run_tests("ext4") + +class TestSELinuxSystemdSquashfs(TestSELinuxSystemd): + config = TestSELinuxSystemd.config + \ + """ + BR2_TARGET_ROOTFS_SQUASHFS=y + BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="{}" + """.format( + infra.filepath("tests/boot/test_selinux/linux-squashfs.fragment"), + ) + + def test_run(self): + self.run_tests("squashfs") diff --git a/support/testing/tests/boot/test_selinux/linux-squashfs.fragment b/support/testing/tests/boot/test_selinux/linux-squashfs.fragment new file mode 100644 index 000000000000..7a89d006fa26 --- /dev/null +++ b/support/testing/tests/boot/test_selinux/linux-squashfs.fragment @@ -0,0 +1 @@ +CONFIG_SQUASHFS=y From patchwork Mon Sep 28 14:54:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372690 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QXx3w8rz9sS8 for ; Tue, 29 Sep 2020 00:54:55 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 1D3C58560C; Mon, 28 Sep 2020 14:54:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m737VaQSZnYc; Mon, 28 Sep 2020 14:54:51 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 7208684961; Mon, 28 Sep 2020 14:54:51 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 856571BF3A9 for ; Mon, 28 Sep 2020 14:54:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 7CF0386F61 for ; Mon, 28 Sep 2020 14:54:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZxK+cM6WM-01 for ; Mon, 28 Sep 2020 14:54:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by hemlock.osuosl.org (Postfix) with ESMTPS id EEA7C86EC8 for ; Mon, 28 Sep 2020 14:54:45 +0000 (UTC) Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 187C0100006; Mon, 28 Sep 2020 14:54:43 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:21 +0200 Message-Id: <20200928145425.2109095-4-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 3/7] support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This patch adds a test for the BR2_REFPOLICY_EXTRA_MODULES functionality (which allows to select extra modules within the SELinux refpolicy using Kconfig). Signed-off-by: Antoine Tenart --- support/testing/tests/core/test_selinux.py | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 support/testing/tests/core/test_selinux.py diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py new file mode 100644 index 000000000000..10be30d7913d --- /dev/null +++ b/support/testing/tests/core/test_selinux.py @@ -0,0 +1,36 @@ +import os + +import infra.basetest + + +class TestSELinuxInfra(infra.basetest.BRTest): + config = infra.basetest.BASIC_TOOLCHAIN_CONFIG +\ + """ + BR2_PACKAGE_REFPOLICY=y + BR2_PACKAGE_PYTHON3=y + BR2_PACKAGE_SETOOLS=y + BR2_TARGET_ROOTFS_CPIO=y + """ + + def base_test_run(self): + cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio") + self.emulator.boot(arch="armv5", kernel="builtin", + options=["-initrd", cpio_file]) + self.emulator.login() + +class TestSELinuxExtraModules(TestSELinuxInfra): + config = TestSELinuxInfra.config + \ + """ + BR2_REFPOLICY_EXTRA_MODULES="ntp tor" + """ + + def test_run(self): + TestSELinuxInfra.base_test_run(self) + + out, ret = self.emulator.run("seinfo -t ntpd_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "ntpd_t") + + out, ret = self.emulator.run("seinfo -t tor_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "tor_t") From patchwork Mon Sep 28 14:54:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372695 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QYT1Mgbz9s0b for ; Tue, 29 Sep 2020 00:55:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 52C7D204A7; Mon, 28 Sep 2020 14:55:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xhyUO4LFZVq; Mon, 28 Sep 2020 14:55:14 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 57100204BB; Mon, 28 Sep 2020 14:54:55 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 099D11BF3A9 for ; Mon, 28 Sep 2020 14:54:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id DFFA82049C for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bsa8W5eZwm4o for ; Mon, 28 Sep 2020 14:54:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by silver.osuosl.org (Postfix) with ESMTPS id F2AA42033E for ; Mon, 28 Sep 2020 14:54:45 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 4B4E740015; Mon, 28 Sep 2020 14:54:44 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:22 +0200 Message-Id: <20200928145425.2109095-5-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 4/7] support/testing: add a test for BR2_REFPOLICY_EXTRA_MODULES_DIRS X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add a test for the BR2_REFPOLICY_EXTRA_MODULES_DIRS functionality (which allows to provide custom SELinux modules). Signed-off-by: Antoine Tenart --- support/testing/tests/core/test_selinux.py | 13 +++++++++++++ .../core/test_selinux/extra_modules/buildroot.fc | 0 .../core/test_selinux/extra_modules/buildroot.if | 1 + .../core/test_selinux/extra_modules/buildroot.te | 3 +++ 4 files changed, 17 insertions(+) create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.fc create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.if create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.te diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py index 10be30d7913d..9e189d6114df 100644 --- a/support/testing/tests/core/test_selinux.py +++ b/support/testing/tests/core/test_selinux.py @@ -34,3 +34,16 @@ class TestSELinuxExtraModules(TestSELinuxInfra): out, ret = self.emulator.run("seinfo -t tor_t", 15) self.assertEqual(ret, 0) self.assertEqual(out[2].strip(), "tor_t") + +class TestSELinuxExtraModulesDirs(TestSELinuxInfra): + config = TestSELinuxInfra.config + \ + """ + BR2_REFPOLICY_EXTRA_MODULES_DIRS="{}" + """.format(infra.filepath("tests/core/test_selinux/extra_modules")) + + def test_run(self): + TestSELinuxInfra.base_test_run(self) + + out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "buildroot_test_t") diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.fc b/support/testing/tests/core/test_selinux/extra_modules/buildroot.fc new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.if b/support/testing/tests/core/test_selinux/extra_modules/buildroot.if new file mode 100644 index 000000000000..acf797e6044b --- /dev/null +++ b/support/testing/tests/core/test_selinux/extra_modules/buildroot.if @@ -0,0 +1 @@ +## Buildroot rules diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.te b/support/testing/tests/core/test_selinux/extra_modules/buildroot.te new file mode 100644 index 000000000000..266bc03be013 --- /dev/null +++ b/support/testing/tests/core/test_selinux/extra_modules/buildroot.te @@ -0,0 +1,3 @@ +policy_module(buildroot, 1.0.0) + +type buildroot_test_t; From patchwork Mon Sep 28 14:54:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372693 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QY70MLBz9s0b for ; Tue, 29 Sep 2020 00:55:07 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 76F9B85BDF; Mon, 28 Sep 2020 14:55:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfmPh6uPj9db; Mon, 28 Sep 2020 14:55:04 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 9190C85C88; Mon, 28 Sep 2020 14:55:04 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 824E11BF3A9 for ; Mon, 28 Sep 2020 14:54:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 738762049C for ; Mon, 28 Sep 2020 14:54:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FvdMfJiTmZ38 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by silver.osuosl.org (Postfix) with ESMTPS id E03AB2044B for ; Mon, 28 Sep 2020 14:54:48 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 3859D60007; Mon, 28 Sep 2020 14:54:44 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:23 +0200 Message-Id: <20200928145425.2109095-6-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 5/7] support/testing: add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT (which allows to select a custom location for the SELinux refpolicy). The test uses the official refpolicy as a test (we only want to test the functionality is working, not that another refpolicy is correctly building; that is an user problematic). Signed-off-by: Antoine Tenart --- support/testing/tests/core/test_selinux.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py index 9e189d6114df..bb6604590ab5 100644 --- a/support/testing/tests/core/test_selinux.py +++ b/support/testing/tests/core/test_selinux.py @@ -47,3 +47,14 @@ class TestSELinuxExtraModulesDirs(TestSELinuxInfra): out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15) self.assertEqual(ret, 0) self.assertEqual(out[2].strip(), "buildroot_test_t") + +class TestSELinuxCustomGit(TestSELinuxInfra): + config = TestSELinuxInfra.config + \ + """ + BR2_PACKAGE_REFPOLICY_CUSTOM_GIT=y + BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL="https://github.com/SELinuxProject/refpolicy.git" + BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION="RELEASE_2_20200818" + """ + + def test_run(self): + pass From patchwork Mon Sep 28 14:54:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372694 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QYJ4zwjz9s0b for ; Tue, 29 Sep 2020 00:55:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id DF480203F4; Mon, 28 Sep 2020 14:55:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFpSaN8+ETvV; Mon, 28 Sep 2020 14:54:59 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id B6E1A2049C; Mon, 28 Sep 2020 14:54:53 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id C2AA91BF3A9 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id BFC4784961 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9oQFTxei9uVD for ; Mon, 28 Sep 2020 14:54:48 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 32BD1847E5 for ; Mon, 28 Sep 2020 14:54:48 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 212D84000F; Mon, 28 Sep 2020 14:54:46 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:24 +0200 Message-Id: <20200928145425.2109095-7-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 6/7] support/testing: add tests for the packages SELinux functionalities X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add tests to ensure the packages SELinux functionalities (being able to select an extra SELinux module in the refpolicy, and being able to provide a custom SELinux module) are working as expected. We use a BR2_EXTERNAL folder, provided in the tests, to use a custom SELinux enabled package. Signed-off-by: Antoine Tenart --- support/testing/tests/core/test_selinux.py | 22 +++++++++++++++++++ .../core/test_selinux/br2_external/Config.in | 1 + .../test_selinux/br2_external/external.desc | 1 + .../test_selinux/br2_external/external.mk | 1 + .../package/selinux-test/Config.in | 6 +++++ .../package/selinux-test/selinux-test.mk | 9 ++++++++ .../package/selinux-test/selinux/buildroot.fc | 0 .../package/selinux-test/selinux/buildroot.if | 1 + .../package/selinux-test/selinux/buildroot.te | 3 +++ 9 files changed, 44 insertions(+) create mode 100644 support/testing/tests/core/test_selinux/br2_external/Config.in create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.desc create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.mk create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py index bb6604590ab5..28d99d3a6912 100644 --- a/support/testing/tests/core/test_selinux.py +++ b/support/testing/tests/core/test_selinux.py @@ -58,3 +58,25 @@ class TestSELinuxCustomGit(TestSELinuxInfra): def test_run(self): pass + +class TestSELinuxPackage(TestSELinuxInfra): + br2_external = [infra.filepath("tests/core/test_selinux/br2_external")] + config = TestSELinuxInfra.config + \ + """ + BR2_PACKAGE_SELINUX_TEST=y + """ + + def test_run(self): + TestSELinuxInfra.base_test_run(self) + + out, ret = self.emulator.run("seinfo -t ntpd_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "ntpd_t") + + out, ret = self.emulator.run("seinfo -t tor_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "tor_t") + + out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "buildroot_test_t") diff --git a/support/testing/tests/core/test_selinux/br2_external/Config.in b/support/testing/tests/core/test_selinux/br2_external/Config.in new file mode 100644 index 000000000000..9d9c84ee3cfe --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/Config.in @@ -0,0 +1 @@ +source "$BR2_EXTERNAL_SELINUX_PATH/package/selinux-test/Config.in" diff --git a/support/testing/tests/core/test_selinux/br2_external/external.desc b/support/testing/tests/core/test_selinux/br2_external/external.desc new file mode 100644 index 000000000000..44b5b95f5b4e --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/external.desc @@ -0,0 +1 @@ +name: SELINUX diff --git a/support/testing/tests/core/test_selinux/br2_external/external.mk b/support/testing/tests/core/test_selinux/br2_external/external.mk new file mode 100644 index 000000000000..54d2402d52e3 --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/external.mk @@ -0,0 +1 @@ +include $(sort $(wildcard $(BR2_EXTERNAL_SELINUX_PATH)/package/*/*.mk)) diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in new file mode 100644 index 000000000000..c50631bd3a5b --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in @@ -0,0 +1,6 @@ +config BR2_PACKAGE_SELINUX_TEST + bool "SELinux test package" + depends on BR2_PACKAGE_LIBSELINUX + depends on BR2_PACKAGE_REFPOLICY + help + Test package for SELinux Buildroot helpers. diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk new file mode 100644 index 000000000000..0100b718be3f --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk @@ -0,0 +1,9 @@ +################################################################################ +# +# SELinux test package +# +################################################################################ + +SELINUX_TEST_SELINUX_MODULES = ntp tor + +$(eval $(generic-package)) diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if new file mode 100644 index 000000000000..acf797e6044b --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if @@ -0,0 +1 @@ +## Buildroot rules diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te new file mode 100644 index 000000000000..266bc03be013 --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te @@ -0,0 +1,3 @@ +policy_module(buildroot, 1.0.0) + +type buildroot_test_t; From patchwork Mon Sep 28 14:54:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372697 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QYm5wD7z9s0b for ; Tue, 29 Sep 2020 00:55:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 41955204BB; Mon, 28 Sep 2020 14:55:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7gacSaGB3Y4; Mon, 28 Sep 2020 14:55:30 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id B2752204F4; Mon, 28 Sep 2020 14:55:09 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id EDA591BF3A9 for ; Mon, 28 Sep 2020 14:55:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id CC797204F4 for ; Mon, 28 Sep 2020 14:55:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 408rn-A2mId1 for ; Mon, 28 Sep 2020 14:54:57 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230]) by silver.osuosl.org (Postfix) with ESMTPS id 45CDD2033E for ; Mon, 28 Sep 2020 14:54:51 +0000 (UTC) Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay10.mail.gandi.net (Postfix) with ESMTPSA id EDBE5240004; Mon, 28 Sep 2020 14:54:46 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:25 +0200 Message-Id: <20200928145425.2109095-8-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 7/7] DEVELOPERS: update my watchlist X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Update my watchlist with SELinux related files. Signed-off-by: Antoine Tenart --- DEVELOPERS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/DEVELOPERS b/DEVELOPERS index 9352d891d35d..904b35984b0e 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -254,7 +254,14 @@ N: Anthony Viallard F: package/gnuplot/ N: Antoine Ténart +F: configs/qemu_x86_64_selinux_defconfig +F: package/libselinux/ +F: package/refpolicy/ F: package/wf111/ +F: support/testing/tests/boot/test_selinux/ +F: support/testing/tests/boot/test_selinux.py +F: support/testing/tests/core/test_selinux/ +F: support/testing/tests/core/test_selinux.py N: Antony Pavlov F: package/lsscsi/