diff options
author | Sol Jerome <sol.jerome@gmail.com> | 2016-01-20 10:45:21 -0600 |
---|---|---|
committer | Sol Jerome <sol.jerome@gmail.com> | 2016-01-20 10:45:21 -0600 |
commit | b3254347f4815d8534d0cc629bd08aadb1cad034 (patch) | |
tree | 5923e98ef4aeebc2f0002f42fa8267cf5c7f604d | |
parent | 2d2a3905ca48622e0e974176e0a5bbd739c7c8fa (diff) | |
parent | 09da95213441569103749a2759cc7ed445edc66d (diff) | |
download | bcfg2-b3254347f4815d8534d0cc629bd08aadb1cad034.tar.gz bcfg2-b3254347f4815d8534d0cc629bd08aadb1cad034.tar.bz2 bcfg2-b3254347f4815d8534d0cc629bd08aadb1cad034.zip |
Merge branch 'tests-secontext' of https://github.com/gordonmessmer/bcfg2
-rw-r--r-- | src/lib/Bcfg2/Client/Tools/POSIX/__init__.py | 2 | ||||
-rw-r--r-- | src/lib/Bcfg2/Client/Tools/POSIX/base.py | 2 | ||||
-rw-r--r-- | testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py | 26 |
3 files changed, 26 insertions, 4 deletions
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py index c27c7559d..41bff751d 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py +++ b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py @@ -14,7 +14,7 @@ from Bcfg2.Client.Tools.POSIX.base import POSIXTool class POSIX(Bcfg2.Client.Tools.Tool): """POSIX File support code.""" - options = Bcfg2.Client.Tools.Tool.options + [ + options = Bcfg2.Client.Tools.Tool.options + POSIXTool.options + [ Bcfg2.Options.PathOption( cf=('paranoid', 'path'), default='/var/cache/bcfg2', dest='paranoid_path', diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py index 488920989..b1e754408 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py +++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py @@ -303,7 +303,7 @@ class POSIXTool(Bcfg2.Client.Tools.Tool): # no context listed return True secontext = selinux.lgetfilecon(path)[1].split(":")[2] - if secontext in Bcfg2.Options.setup.posix_secontext_ignore: + if secontext in Bcfg2.Options.setup.secontext_ignore: return True try: if context == '__default__': diff --git a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py index ea4ca3f5f..bbe04a1a3 100644 --- a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py +++ b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py @@ -481,11 +481,16 @@ class TestPOSIXTool(TestTool): @skipUnless(HAS_SELINUX, "SELinux not found, skipping") @patchIf(HAS_SELINUX, "selinux.restorecon") + @patchIf(HAS_SELINUX, "selinux.lgetfilecon") @patchIf(HAS_SELINUX, "selinux.lsetfilecon") - def test_set_secontext(self, mock_lsetfilecon, mock_restorecon): + def test_set_secontext(self, mock_lsetfilecon, mock_lgetfilecon, + mock_restorecon): + Bcfg2.Options.setup.secontext_ignore = ['dosfs_t'] ptool = self.get_obj() entry = lxml.etree.Element("Path", name="/etc/foo", type="file") + mock_lgetfilecon.return_value = (0, "system_u:object_r:foo_t") + # disable selinux for the initial test Bcfg2.Client.Tools.POSIX.base.HAS_SELINUX = False self.assertTrue(ptool._set_secontext(entry)) @@ -495,29 +500,46 @@ class TestPOSIXTool(TestTool): self.assertTrue(ptool._set_secontext(entry)) self.assertFalse(mock_restorecon.called) self.assertFalse(mock_lsetfilecon.called) + self.assertFalse(mock_lgetfilecon.called) mock_restorecon.reset_mock() mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() entry.set("secontext", "__default__") self.assertTrue(ptool._set_secontext(entry)) mock_restorecon.assert_called_with(entry.get("name")) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) self.assertFalse(mock_lsetfilecon.called) mock_restorecon.reset_mock() mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() mock_lsetfilecon.return_value = 0 entry.set("secontext", "foo_t") self.assertTrue(ptool._set_secontext(entry)) self.assertFalse(mock_restorecon.called) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) mock_lsetfilecon.assert_called_with(entry.get("name"), "foo_t") mock_restorecon.reset_mock() mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() mock_lsetfilecon.return_value = 1 self.assertFalse(ptool._set_secontext(entry)) self.assertFalse(mock_restorecon.called) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) mock_lsetfilecon.assert_called_with(entry.get("name"), "foo_t") + # ignored filesystem + mock_restorecon.reset_mock() + mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() + mock_lgetfilecon.return_value = (0, "system_u:object_r:dosfs_t") + self.assertTrue(ptool._set_secontext(entry)) + self.assertFalse(mock_restorecon.called) + self.assertFalse(mock_lsetfilecon.called) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) + @patch("grp.getgrnam") def test_norm_gid(self, mock_getgrnam): ptool = self.get_obj() @@ -686,7 +708,7 @@ class TestPOSIXTool(TestTool): ptool._gather_data = Mock() entry = lxml.etree.Element("Path", name="/test", type="file", group="group", owner="user", mode="664", - secontext='etc_t') + secontext='unconfined_u:object_r:etc_t:s0') # _verify_metadata() mutates the entry, so we keep a backup so we # can start fresh every time orig_entry = copy.deepcopy(entry) |