[libvirt] [test-API][PATCH] Add connection_security_model test case

hongming honzhang at redhat.com
Wed Mar 18 09:11:11 UTC 2015


On 03/17/2015 11:49 AM, lcheng wrote:
> The connection_security_model.py uses getSecurityModel() to validate new API virNodeGetSecurityModel of libvirt.
> ---
>   cases/linux_domain.conf                    |   4 ++
>   repos/virconn/connection_security_model.py | 101 +++++++++++++++++++++++++++++
>   2 files changed, 105 insertions(+)
>   create mode 100644 repos/virconn/connection_security_model.py
>
> diff --git a/cases/linux_domain.conf b/cases/linux_domain.conf
> index 903fdb5..a7015f0 100644
> --- a/cases/linux_domain.conf
> +++ b/cases/linux_domain.conf
> @@ -233,6 +233,10 @@ domain:domain_fsthaw
>       guestname
>           $defaultname
>   
> +virconn:connection_security_model
> +    guestname
> +        $defaultname
> +
>   domain:destroy
>       guestname
>           $defaultname
> diff --git a/repos/virconn/connection_security_model.py b/repos/virconn/connection_security_model.py
> new file mode 100644
> index 0000000..b44d78c
> --- /dev/null
> +++ b/repos/virconn/connection_security_model.py
> @@ -0,0 +1,101 @@
> +#!/usr/bin/env python
> +# To test "getSecurityModel"
> +
> +import libvirt
> +
> +from xml.dom import minidom
> +from libvirt import libvirtError
> +from src import sharedmod
> +from utils import utils
> +
> +required_params = ('guestname',)
> +optional_params = {}
> +
> +def get_security_driver(logger):
> +    """get security driver from /etc/libvirt/qemu.conf"""
> +
> +    cmds = "grep \"^security_driver\" /etc/libvirt/qemu.conf"
> +    (ret, conf) = utils.exec_cmd(cmds, shell=True)
> +    if ret:
> +        cmds = "getenforce"
> +        (ret, policy) = utils.exec_cmd(cmds, shell=True)
> +
> +        if policy[0] == "Disabled":
> +            return "none"
> +        else:
> +            return "selinux"
> +
> +    tmp = conf[0].split(' = ')
> +    if len(tmp[1].split(', ')) > 1:
> +        driver = tmp[1].split(', ')
> +        return (filter(str.isalpha, driver[0]))
> +    else:
> +        cmds = "echo '%s' | awk -F '\"' '{print $2}'" % conf[0]
> +        (ret, driver) = utils.exec_cmd(cmds, shell=True)
> +
> +        if driver[0] == "selinux":
> +            return "selinux"
> +        elif driver[0] == "none":
> +            return "none"
> +        elif driver[0] == "apparmor":
> +            return "apparmor"
> +        elif driver[0] == "stack":
> +            return "stack"
> +        else:
> +            return ""
> +
> +def get_security_model(logger, domname):
> +    """get security model from process"""
> +
> +    PID = "ps aux | grep -v grep | grep %s | awk '{print $2}'" % domname
> +    ret, pid = utils.exec_cmd(PID, shell=True)
> +    if ret:
> +        logger.error("get domain pid failed.")
> +        return ""
> +
> +    LABEL = "ls -nZd /proc/%s" % pid[0]
> +    ret, label = utils.exec_cmd(LABEL, shell=True)
> +    if ret:
> +        logger.error("get domain process's label failed.")
> +        return ""
> +
> +    if "system_u:system_r:svirt_t:s0" in label[0]:
> +        return "selinux"
> +    else:
> +        return "none"
> +
> +def check_security_model(logger, domname, model):
> +    """ check security model"""
> +
> +    dommodel = get_security_model(logger, domname)
> +    driver = get_security_driver(logger)
> +
> +    logger.info("domain security model is %s." % dommodel)
> +    logger.info("get security driver is %s." % driver)
> +    logger.info("get security model is %s." % model)
> +
> +    if driver == dommodel and dommodel == model:
> +        return True
> +    else:
> +        return False
> +
> +def connection_security_model(params):
> +    """test API for getSecurityModel"""
> +
> +    logger = params['logger']
> +    domname = params['guestname']
> +    conn = sharedmod.libvirtobj['conn']
> +
> +    try:
> +        model = conn.getSecurityModel()
> +
> +        if not check_security_model(logger, domname, model[0]):
> +            logger.error("Fail : get a error security model.")
> +            return 1
> +        else:
> +            logger.info("Pass : get security model successful.")
> +            return 0
> +    except libvirtError, e:
> +        logger.error("API error message: %s" % e.message)
> +        return 1
> +
ACK and Pushed
NOTE: don't add blank line at EOF next time




More information about the libvir-list mailing list