summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Mack <github@zonque.org>2016-01-26 09:12:38 +0100
committerDaniel Mack <github@zonque.org>2016-01-26 09:12:38 +0100
commit709a7eb803f8e24eed35d6f5a0d9e6de0c753510 (patch)
tree388526fea34c733f5f31116219582ce1d16a53b3
parentf49ce89edf37a20abed923782dd8176d6c0e7166 (diff)
parentd5172c79136fceaac6324fd1896efe1e576fd71d (diff)
Merge pull request #2435 from evverx/tests-setup-selinux
tests: add setup_selinux
-rw-r--r--test/test-functions48
1 files changed, 48 insertions, 0 deletions
diff --git a/test/test-functions b/test/test-functions
index 961a6254d8..59167b009b 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -115,11 +115,55 @@ setup_basic_environment() {
install_plymouth
install_debug_tools
install_ld_so_conf
+ setup_selinux
strip_binaries
install_depmod_files
generate_module_dependencies
}
+setup_selinux() {
+ # don't forget KERNEL_APPEND='... selinux=1 ...'
+ if [[ "$SETUP_SELINUX" != "yes" ]]; then
+ ddebug "Don't setup SELinux"
+ return 0
+ fi
+ ddebug "Setup SELinux"
+ local _conf_dir=/etc/selinux
+ local _fixfiles_tools="bash uname cat sort uniq awk grep egrep head expr find rm secon setfiles"
+
+ rm -rf $initdir/$_conf_dir
+ if ! cp -ar $_conf_dir $initdir/$_conf_dir; then
+ dfatal "Failed to copy $_conf_dir"
+ exit 1
+ fi
+
+ cat <<EOF >$initdir/etc/systemd/system/autorelabel.service
+[Unit]
+Description=Relabel all filesystems
+DefaultDependencies=no
+Requires=local-fs.target
+Conflicts=shutdown.target
+After=local-fs.target
+Before=sysinit.target shutdown.target
+ConditionSecurity=selinux
+ConditionPathExists=|/.autorelabel
+
+[Service]
+ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && fixfiles -f -F relabel && rm /.autorelabel && systemctl --force reboot'
+Type=oneshot
+TimeoutSec=0
+RemainAfterExit=yes
+EOF
+
+ touch $initdir/.autorelabel
+ mkdir -p $initdir/etc/systemd/system/basic.target.wants
+ ln -fs autorelabel.service $initdir/etc/systemd/system/basic.target.wants/autorelabel.service
+
+ dracut_install $_fixfiles_tools
+ dracut_install fixfiles
+ dracut_install sestatus
+}
+
install_valgrind() {
if ! type -p valgrind; then
dfatal "Failed to install valgrind"
@@ -335,6 +379,10 @@ install_pam() {
inst $file
done
+ # pam_unix depends on unix_chkpwd.
+ # see http://www.linux-pam.org/Linux-PAM-html/sag-pam_unix.html
+ dracut_install -o unix_chkpwd
+
[[ "$LOOKS_LIKE_DEBIAN" ]] &&
cp /etc/pam.d/systemd-user $initdir/etc/pam.d/
}