Source code for test_SELINUX
#!/usr/bin/env python2
# Author(s): Milan Falesnik <mfalesni@redhat.com>
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"""
This file contains tests on SElinux
"""
import pytest
import common.selinux
[docs]class TestSelinux(object):
@classmethod
[docs] def setup_class(cls):
"""
This method saves the original enforcing mode for later restoring
"""
cls.original_enforce = common.selinux.getenforce()
@classmethod
[docs] def teardown_class(cls):
"""
This method restores previous enforcing mode.
"""
common.selinux.setenforce(cls.original_enforce.stdout)
@pytest.fixture
[docs] def set_enforcing(self):
"""
Set Enforcing mode.
"""
common.selinux.setenforce("Enforcing")
@pytest.fixture
[docs] def set_permissive(self):
"""
Set Permissive mode.
"""
common.selinux.setenforce("Permissive")
@pytest.fixture
[docs] def is_enabled(self):
""" Detects whether is SElinux enabled or not
:returns: SElinux status
:rtype: ``bool``
"""
try:
assert common.shell.Run.command("selinuxenabled")
return True
except AssertionError:
return False
@pytest.fixture
[docs] def getenforce(self):
""" Returns current enforcing mode of SELinux
:returns: SElinux enforcing status
:rtype: ``str``
"""
return common.selinux.getenforce()
@pytest.fixture
[docs] def getenforce_conf(self):
""" Returns current enforcing mode of SELinux from config file
:returns: SElinux enforcing status
:rtype: ``str``
"""
f = open("/etc/sysconfig/selinux", "r")
lines = []
for line in f.readlines():
if line.startswith("SELINUX="):
lines.append(line)
f.close()
# Check whether is only one
assert len(lines) == 1
return lines[0].split("=")[1].strip()
@pytest.fixture
[docs] def mode(self):
""" Returns current SELINUX type/mode from config file
:returns: SElinux type
:rtype: ``str``
"""
f = open("/etc/sysconfig/selinux", "r")
lines = []
for line in f.readlines():
if line.startswith("SELINUXTYPE="):
lines.append(line)
f.close()
# Check whether is only one
assert len(lines) == 1
return lines[0].split("=")[1].strip()
[docs] def test_enabled(self, is_enabled):
""" Tests whether is SElinux enabled.
:param enabled: Whether is Selinux enabled or not
:type enabled: ``bool``
:raises: AssertionError
"""
assert is_enabled, "SELinux is not enabled"
@pytest.mark.xfail
[docs] def test_enforcing(self, getenforce):
""" Verifies whether SELinux is in 'Enforcing' state.
:param getenforce: Current enforcing status
:type getenforce: ``str``
:raises: AssertionError
"""
assert getenforce.stdout.strip() == "Enforcing", "SELinux is not in Enforcing mode!"
@pytest.mark.xfail
[docs] def test_enforcing_from_config(self, getenforce_conf):
""" Verifies whether SELinux is in 'Enforcing' state.
Checks from config file
:param getenforce_conf: Current enforcing status
:type getenforce_conf: ``str``
:raises: AssertionError
"""
assert getenforce_conf == "enforcing", "SELinux is not in Enforcing mode!"
[docs] def test_is_targeted(self, mode):
""" Verifies whether SELinux is in 'targeted' mode.
:param selinux_type: SELinux mode (targeted)
:type selinux_type: ``str``
:raises: AssertionError
"""
assert mode == "targeted", "SELinux is not in Enforcing mode!"
[docs] def test_permissive_check(self, set_permissive, getenforce):
""" Flips SElinux into permissive mode.
Checks if SElinux is in Permissive mode.
:param selinux_getenforce: Current enforcing status
:type selinux_getenforce: ``str``
:raises: AssertionError
"""
assert getenforce.stdout.strip() == "Permissive", "SELinux is not in Permissive mode"
[docs] def test_enforcing_check(self, set_enforcing, getenforce):
""" Flips SElinux into Enforcing mode.
Checks if SElinux is in Enforcing mode.
:param selinux_getenforce: Current enforcing status
:type selinux_getenforce: ``str``
:raises: AssertionError
"""
assert getenforce.stdout.strip() == "Enforcing", "SELinux is not in Enforcing mode"