packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0006-test-adapt-to-the-enabled-selinux-host-environment.patch
haozi007 f60fbbd3e3 sync from upstream openEuler/iSulad 
Signed-off-by: haozi007 <liuhao27@huawei.com>
2022-05-16 03:50:05 +01:00

112 lines
5.2 KiB
Diff
Raw Blame History

From a5c3e6064b583477de8564a20799a630474d556d Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Tue, 29 Mar 2022 20:07:31 +0800
Subject: [PATCH 06/16] test: adapt to the enabled selinux host environment
Signed-off-by: wujing <wujing50@huawei.com>
---
test/services/execution/spec/CMakeLists.txt | 2 +
.../execution/spec/selinux_label_ut.cc | 48 ++++++++++++++++---
2 files changed, 43 insertions(+), 7 deletions(-)
diff --git a/test/services/execution/spec/CMakeLists.txt b/test/services/execution/spec/CMakeLists.txt
index 9ce30219..e1aa680e 100644
--- a/test/services/execution/spec/CMakeLists.txt
+++ b/test/services/execution/spec/CMakeLists.txt
@@ -15,6 +15,7 @@ add_executable(${EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/path.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map/map.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cpputils/cxxutils.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/err_msg.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../mocks/namespace_mock.cc
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common/selinux_label.c
@@ -46,6 +47,7 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/common
${CMAKE_CURRENT_SOURCE_DIR}/../../../include
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cpputils
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/sha256
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/utils/cutils/map
${CMAKE_CURRENT_SOURCE_DIR}/../../../../src/daemon/services/execution/manager
diff --git a/test/services/execution/spec/selinux_label_ut.cc b/test/services/execution/spec/selinux_label_ut.cc
index ea3c480c..c0e9ab1c 100644
--- a/test/services/execution/spec/selinux_label_ut.cc
+++ b/test/services/execution/spec/selinux_label_ut.cc
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include "namespace_mock.h"
#include "utils.h"
+#include "cxxutils.h"
using namespace std;
@@ -40,6 +41,34 @@ protected:
}
};
+std::string get_lxc_context_filed(const std::string &filed)
+{
+ ifstream in("/etc/selinux/targeted/contexts/lxc_contexts");
+ string line;
+ while (getline(in, line)) {
+ stringstream ss(line);
+ string tmp;
+ while (getline(ss, tmp)) {
+ auto configs = CXXUtils::Split(tmp, '=');
+ if (configs.size() != 2) {
+ return "";
+ }
+ if (configs.at(0).substr(0, filed.size()) != filed) {
+ continue;
+ }
+
+ auto elements = CXXUtils::Split(configs.at(1), ':');
+ if (elements.size() < 3) {
+ return "";
+ }
+
+ return elements.at(2);
+ }
+ }
+
+ return "";
+}
+
TEST_F(SELinuxLabelUnitTest, test_init_label_normal)
{
const char *disable_label[] = { "disable" };
@@ -48,17 +77,22 @@ TEST_F(SELinuxLabelUnitTest, test_init_label_normal)
const char *type_label[] = { "type:faketype" };
const char *level_label[] = { "level:s0:c1,c2" };
const char *full_label[] = { "user:fakeuser", "level:s0:c1,c2", "type:faketype", "role:fakerole" };
+ std::string process_context = get_lxc_context_filed("process");
+ std::string file_context = get_lxc_context_filed("file");
std::vector<std::tuple<const char **, size_t, int, std::string, std::string>> normal {
std::make_tuple(disable_label, 1, 0, "", ""),
- std::make_tuple(user_label, 1, 0, "fakeuser:system_r:container_t:s0", "fakeuser:object_r:container_file_t:s0"),
- std::make_tuple(role_label, 1, 0, "system_u:fakerole:container_t:s0", "system_u:object_r:container_file_t:s0"),
- std::make_tuple(type_label, 1, 0, "system_u:system_r:faketype:s0", "system_u:object_r:container_file_t:s0"),
- std::make_tuple(level_label, 1, 0, "system_u:system_r:container_t:s0:c1,c2",
- "system_u:object_r:container_file_t:s0:c1,c2"),
+ std::make_tuple(user_label, 1, 0, "fakeuser:system_r:" + process_context + ":s0",
+ "fakeuser:object_r:" + file_context + ":s0"),
+ std::make_tuple(role_label, 1, 0, "system_u:fakerole:" + process_context + ":s0",
+ "system_u:object_r:" + file_context + ":s0"),
+ std::make_tuple(type_label, 1, 0, "system_u:system_r:faketype:s0", "system_u:object_r:" + file_context + ":s0"),
+ std::make_tuple(level_label, 1, 0, "system_u:system_r:" + process_context + ":s0:c1,c2",
+ "system_u:object_r:" + file_context + ":s0:c1,c2"),
std::make_tuple(full_label, 4, 0, "fakeuser:fakerole:faketype:s0:c1,c2",
- "fakeuser:object_r:container_file_t:s0:c1,c2"),
- std::make_tuple(nullptr, 0, 0, "system_u:system_r:container_t:s0", "system_u:object_r:container_file_t:s0"),
+ "fakeuser:object_r:" + file_context + ":s0:c1,c2"),
+ std::make_tuple(nullptr, 0, 0, "system_u:system_r:" + process_context + ":s0",
+ "system_u:object_r:" + file_context + ":s0"),
};
if (!is_selinux_enabled()) {
--
2.20.1
Reference in New Issue View Git Blame Copy Permalink