|
Packit Service |
863627 |
#
|
|
Packit Service |
863627 |
# Tests for the 'osbuild.util.selinux' module.
|
|
Packit Service |
863627 |
#
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
import io
|
|
Packit Service |
863627 |
import unittest
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
from osbuild.util import selinux
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
class TestObjectStore(unittest.TestCase):
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
def test_selinux_config(self):
|
|
Packit Service |
863627 |
f = io.StringIO()
|
|
Packit Service |
863627 |
cfg = selinux.parse_config(f)
|
|
Packit Service |
863627 |
self.assertIsNotNone(cfg)
|
|
Packit Service |
863627 |
policy = selinux.config_get_policy(cfg)
|
|
Packit Service |
863627 |
self.assertIsNone(policy)
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
example_good = """
|
|
Packit Service |
863627 |
# This file controls the state of SELinux on the system.
|
|
Packit Service |
863627 |
# SELINUX= can take one of these three values:
|
|
Packit Service |
863627 |
# enforcing - SELinux security policy is enforced.
|
|
Packit Service |
863627 |
# permissive - SELinux prints warnings instead of enforcing.
|
|
Packit Service |
863627 |
# disabled - No SELinux policy is loaded.
|
|
Packit Service |
863627 |
SELINUX=enforcing
|
|
Packit Service |
863627 |
# SELINUXTYPE= can take one of these three values:
|
|
Packit Service |
863627 |
# targeted - Targeted processes are protected,
|
|
Packit Service |
863627 |
# minimum - Modification of targeted policy.
|
|
Packit Service |
863627 |
# mls - Multi Level Security protection.
|
|
Packit Service |
863627 |
SELINUXTYPE=targeted
|
|
Packit Service |
863627 |
"""
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
f = io.StringIO(example_good)
|
|
Packit Service |
863627 |
cfg = selinux.parse_config(f)
|
|
Packit Service |
863627 |
self.assertIn('SELINUX', cfg)
|
|
Packit Service |
863627 |
self.assertIn('SELINUXTYPE', cfg)
|
|
Packit Service |
863627 |
self.assertEqual(cfg['SELINUX'], 'enforcing')
|
|
Packit Service |
863627 |
self.assertEqual(cfg['SELINUXTYPE'], 'targeted')
|
|
Packit Service |
863627 |
|
|
Packit Service |
863627 |
policy = selinux.config_get_policy(cfg)
|
|
Packit Service |
863627 |
self.assertEqual(policy, 'targeted')
|