[libvirt] [PATCHv2 2/2] tests: add test for a selinux label without a range
Ján Tomko
jtomko at redhat.com
Tue Jun 4 11:24:00 UTC 2013
---
tests/securityselinuxtest.c | 44 +++++++++++++++++++++++++++++++++++++++++---
1 file changed, 41 insertions(+), 3 deletions(-)
diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c
index bdf248b..a53b4ee 100644
--- a/tests/securityselinuxtest.c
+++ b/tests/securityselinuxtest.c
@@ -58,6 +58,8 @@ struct testSELinuxGenLabelData {
int sensMax;
int catMin;
int catMax;
+
+ bool shouldFail;
};
static virDomainDefPtr
@@ -230,10 +232,18 @@ testSELinuxGenLabel(const void *opaque)
goto cleanup;
if (virSecurityManagerGenLabel(data->mgr, def) < 0) {
+ if (data->shouldFail) {
+ ret = 0;
+ goto cleanup;
+ }
virErrorPtr err = virGetLastError();
fprintf(stderr, "Cannot generate label: %s\n", err->message);
goto cleanup;
}
+ if (data->shouldFail) {
+ fprintf(stderr, "Label generation was expected to fail but didn't");
+ goto cleanup;
+ }
VIR_DEBUG("label=%s imagelabel=%s",
def->seclabels[0]->label, def->seclabels[0]->imagelabel);
@@ -282,21 +292,43 @@ mymain(void)
return EXIT_FAILURE;
}
-#define DO_TEST_GEN_LABEL(desc, pidcon, \
+#define DO_TEST_GEN_LABEL_FULL(desc, pidcon, \
dynamic, label, baselabel, \
user, role, imageRole, \
type, imageType, \
- sensMin, sensMax, catMin, catMax) \
+ sensMin, sensMax, catMin, catMax, shouldFail) \
do { \
struct testSELinuxGenLabelData data = { \
mgr, pidcon, dynamic, label, baselabel, \
user, role, imageRole, type, imageType, \
- sensMin, sensMax, catMin, catMax \
+ sensMin, sensMax, catMin, catMax, shouldFail \
}; \
if (virtTestRun("GenLabel " # desc, 1, testSELinuxGenLabel, &data) < 0) \
ret = -1; \
} while (0)
+#define DO_TEST_GEN_LABEL(desc, pidcon, \
+ dynamic, label, baselabel, \
+ user, role, imageRole, \
+ type, imageType, \
+ sensMin, sensMax, catMin, catMax) \
+ DO_TEST_GEN_LABEL_FULL(desc, pidcon, \
+ dynamic, label, baselabel, \
+ user, role, imageRole, \
+ type, imageType, \
+ sensMin, sensMax, catMin, catMax, false)
+
+#define DO_TEST_GEN_LABEL_FAIL(desc, pidcon, \
+ dynamic, label, baselabel, \
+ user, role, imageRole, \
+ type, imageType, \
+ sensMin, sensMax, catMin, catMax) \
+ DO_TEST_GEN_LABEL_FULL(desc, pidcon, \
+ dynamic, label, baselabel, \
+ user, role, imageRole, \
+ type, imageType, \
+ sensMin, sensMax, catMin, catMax, true)
+
DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
"unconfined_u:unconfined_r:unconfined_t:s0",
true, NULL, NULL,
@@ -333,6 +365,12 @@ mymain(void)
"system_u", "system_r", "object_r",
"svirt_t", "svirt_image_t",
2, 3, 0, 1023);
+ DO_TEST_GEN_LABEL_FAIL("dynamic virtd, missing range",
+ "system_u:system_r:virtd_t",
+ true, NULL, NULL,
+ "system_u", "system_r", "object_r",
+ "svirt_t", "svirt_image_t",
+ 0, 0, 0, 0);
return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
1.8.1.5
More information about the libvir-list
mailing list