From Fedora Project Wiki

(Created page with "{{QA/Test_Case |description=This test case tests semodule basic functionalities (module installation/removal, listing). |setup=Ensure that {{package|policycoreutils}} package ...")
 
No edit summary
Line 3: Line 3:
|setup=Ensure that {{package|policycoreutils}} package is installed.
|setup=Ensure that {{package|policycoreutils}} package is installed.
|actions=
|actions=
#Create file called audittmp.cil containing simple auditallow rule:
#Create file called audittmp.cil containing simple auditallow rule: '''{{command|#echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil}}'''
<pre>cd /tmp
#Install new module '''{{command|#semodule -i audittmp.cil}}'''
echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil
#Check that the module is properly installed '''{{command|#semodule -l | grep audittmp}}'''<pre>audittmp</pre>
</pre>
#Create new file in /tmp: '''{{command|#touch /tmp/new_file}}'''
#Install new module {{command|semodule -i audittmp.cil}}
#Check that the file creation was logged:'''{{command|#ausearch -m avc -ts recent | grep new_file}}'''<pre>type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file</pre>
#Check that the module is properly installed
#Remove new module: '''{{command|#semodule -r audittmp}}'''
<pre>semodule -l | grep audittmp
#Check that the module is no longer listed as installed:'''{{command|#semodule -l | grep audittmp}}'''
audittmp
#Clean up: '''{{command|#rm -rf new_file audittmp.cil}}'''
</pre>
#Create new file in /tmp
{{command|touch /tmp/new_file}}
#Check that the file creation was logged
<pre>ausearch -m avc -ts recent | grep new_file
type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
</pre>
#Remove new module {{command|semodule -r audittmp}}
#Check that the module is no longer listed as installed {{command|semodule -l | grep audittmp}}
#Clean up {{command|rm -rf new_file audittmp.cil}}


|results=
|results=

Revision as of 15:03, 1 August 2016

Description

This test case tests semodule basic functionalities (module installation/removal, listing).

Setup

Ensure that policycoreutils package is installed.

How to test

  1. Create file called audittmp.cil containing simple auditallow rule: #echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil
  2. Install new module #semodule -i audittmp.cil
  3. Check that the module is properly installed #semodule -l 
    audittmp
  4. Create new file in /tmp: #touch /tmp/new_file
  5. Check that the file creation was logged:#ausearch -m avc -ts recent 
    type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
  6. Remove new module: #semodule -r audittmp
  7. Check that the module is no longer listed as installed:#semodule -l
  8. Clean up: #rm -rf new_file audittmp.cil

Expected Results

  1. All commands are executed successfully
  2. AVC message simillar to the one shown above was logged
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_policycoreutils_semodule&oldid=466559"