Merge pull request #2435 from evverx/tests-setup-selinux

tests: add setup_selinux
author: Daniel Mack <github@zonque.org> 2016-01-26 09:12:38 +0100
committer: Daniel Mack <github@zonque.org> 2016-01-26 09:12:38 +0100
commit: 709a7eb803f8e24eed35d6f5a0d9e6de0c753510 (patch)
tree: 388526fea34c733f5f31116219582ce1d16a53b3
parent: f49ce89edf37a20abed923782dd8176d6c0e7166 (diff)
parent: d5172c79136fceaac6324fd1896efe1e576fd71d (diff)
1 files changed, 48 insertions, 0 deletions
diff --git a/test/test-functions b/test/test-functions
index 961a6254d8..59167b009b 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -115,11 +115,55 @@ setup_basic_environment() {
     install_plymouth
     install_debug_tools
     install_ld_so_conf
+    setup_selinux
     strip_binaries
     install_depmod_files
     generate_module_dependencies
 }
 
+setup_selinux() {
+    # don't forget KERNEL_APPEND='... selinux=1 ...'
+    if [[ "$SETUP_SELINUX" != "yes" ]]; then
+        ddebug "Don't setup SELinux"
+        return 0
+    fi
+    ddebug "Setup SELinux"
+    local _conf_dir=/etc/selinux
+    local _fixfiles_tools="bash uname cat sort uniq awk grep egrep head expr find rm secon setfiles"
+
+    rm -rf $initdir/$_conf_dir
+    if ! cp -ar $_conf_dir $initdir/$_conf_dir; then
+        dfatal "Failed to copy $_conf_dir"
+        exit 1
+    fi
+
+    cat <<EOF >$initdir/etc/systemd/system/autorelabel.service
+[Unit]
+Description=Relabel all filesystems
+DefaultDependencies=no
+Requires=local-fs.target
+Conflicts=shutdown.target
+After=local-fs.target
+Before=sysinit.target shutdown.target
+ConditionSecurity=selinux
+ConditionPathExists=|/.autorelabel
+
+[Service]
+ExecStart=/bin/sh -x -c 'echo 0 >/sys/fs/selinux/enforce && fixfiles -f -F relabel && rm /.autorelabel && systemctl --force reboot'
+Type=oneshot
+TimeoutSec=0
+RemainAfterExit=yes
+EOF
+
+    touch $initdir/.autorelabel
+    mkdir -p $initdir/etc/systemd/system/basic.target.wants
+    ln -fs autorelabel.service $initdir/etc/systemd/system/basic.target.wants/autorelabel.service
+
+    dracut_install $_fixfiles_tools
+    dracut_install fixfiles
+    dracut_install sestatus
+}
+
 install_valgrind() {
     if ! type -p valgrind; then
         dfatal "Failed to install valgrind"
@@ -335,6 +379,10 @@ install_pam() {
         inst $file
     done
 
+    # pam_unix depends on unix_chkpwd.
+    # see http://www.linux-pam.org/Linux-PAM-html/sag-pam_unix.html
+    dracut_install -o unix_chkpwd
+
     [[ "$LOOKS_LIKE_DEBIAN" ]] &&
         cp /etc/pam.d/systemd-user $initdir/etc/pam.d/
 }
author	Daniel Mack <github@zonque.org>	2016-01-26 09:12:38 +0100
committer	Daniel Mack <github@zonque.org>	2016-01-26 09:12:38 +0100
commit	709a7eb803f8e24eed35d6f5a0d9e6de0c753510 (patch)
tree	388526fea34c733f5f31116219582ce1d16a53b3
parent	f49ce89edf37a20abed923782dd8176d6c0e7166 (diff)
parent	d5172c79136fceaac6324fd1896efe1e576fd71d (diff)