From Fedora Project Wiki

(Created page with "{{QA/Test_Case |description=This test case tests semodule basic functionalities (module installation/removal, listing). |setup=Ensure that {{package|policycoreutils}} package ...")
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
|setup=Ensure that {{package|policycoreutils}} package is installed.
|setup=Ensure that {{package|policycoreutils}} package is installed.
|actions=
|actions=
#Create file called audittmp.cil containing simple auditallow rule:
<ol>
<pre>cd /tmp
<li>Create file called audittmp.cil containing simple auditallow rule: <pre>#echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil</pre> </li>  
echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil
<li>Install new module: <pre>#semodule -i audittmp.cil</pre></li>
</pre>
<li>Check that the module is properly installed: <pre>
#Install new module {{command|semodule -i audittmp.cil}}
#semodule -l | grep audittmp
#Check that the module is properly installed
<pre>semodule -l | grep audittmp
audittmp
audittmp
</pre>
</pre>
#Create new file in /tmp
</li>
{{command|touch /tmp/new_file}}
<li>Create new file in /tmp: <pre>#touch /tmp/new_file</pre></li>
#Check that the file creation was logged
<li>Check that the file creation was logged:<pre>#ausearch -m avc -ts recent | grep new_file
<pre>ausearch -m avc -ts recent | grep new_file
type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file</pre></li>
type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
<li>Remove new module: <pre>#semodule -r audittmp</pre></li>
</pre>
<li>Check that the module is no longer listed as installed:<pre>#semodule -l | grep audittmp
#Remove new module {{command|semodule -r audittmp}}
-</pre></li>
#Check that the module is no longer listed as installed {{command|semodule -l | grep audittmp}}
<li>Clean up: <pre>#rm -rf new_file audittmp.cil</pre></li>
#Clean up {{command|rm -rf new_file audittmp.cil}}
</ol>
 
|results=
|results=


Latest revision as of 13:21, 4 August 2016

Description

This test case tests semodule basic functionalities (module installation/removal, listing).

Setup

Ensure that policycoreutils package is installed.

How to test

  1. Create file called audittmp.cil containing simple auditallow rule: 
    #echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil
  2. Install new module: 
    #semodule -i audittmp.cil
  3. Check that the module is properly installed: 
    #semodule -l | grep audittmp
audittmp
  4. Create new file in /tmp: 
    #touch /tmp/new_file
  5. Check that the file creation was logged:
    #ausearch -m avc -ts recent | grep new_file
type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
  6. Remove new module: 
    #semodule -r audittmp
  7. Check that the module is no longer listed as installed:
    #semodule -l | grep audittmp
-
  8. Clean up: 
    #rm -rf new_file audittmp.cil

Expected Results

  1. All commands are executed successfully
  2. AVC message simillar to the one shown above was logged
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_policycoreutils_semodule&oldid=466754"