Changeset 68 for trunk/test/testrun_1.sh

Timestamp:

Oct 30, 2006, 12:03:44 AM (18 years ago)

Author:

rainer

Message:

Update trunk to samhain 2.3

File:

• trunk/test/testrun_1.sh (modified) (10 diffs)

trunk/test/testrun_1.sh

@@ -41 +41 @@
 testrun1_setup=0
 
-MAXTEST=11; export MAXTEST
+MAXTEST=13; export MAXTEST
 
 test_dirs () {
@@ -70 +70 @@
 # combine file check schedule with one-shot mode 
 # 
-TESTPOLICY_11="
+TESTPOLICY_13="
 [ReadOnly]
 dir=99${BASE}
 "
 
-mod_testdata_11 () {
+mod_testdata_13 () {
     one_sec_sleep 
     echo "foobar" >"${BASE}/c/x"; # bad
@@ -87 +87 @@
 }
 
-chk_testdata_11 () {
+chk_testdata_13 () {
     # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
     tmp=`grep CRIT $LOGFILE | wc -l`
@@ -110 +110 @@
 }
 
-TESTPOLICY_10="
+TESTPOLICY_12="
 [ReadOnly]
 dir=99${BASE}
@@ -119 +119 @@
 "
 
-mod_testdata_10 () {
+mod_testdata_12 () {
     one_sec_sleep
     echo "foobar" >"${BASE}/b/x"; # ok
@@ -129 +129 @@
 }
 
+chk_testdata_12 () {
+    # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    tmp=`grep CRIT $LOGFILE | wc -l`
+    if [ $tmp -ne 3 ]; then
+        [ -z "$verbose" ] || log_msg_fail "policy count";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";
+        return 1
+    fi
+    CDIRS="a a/a a/b a/c c";
+    NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    test_dirs;
+    return $?
+}
+
+#
+# --- ACL/SELinux test case
+#
+TESTPOLICY_11="
+[ReadOnly]
+dir=99${BASE}
+[IgnoreAll]
+dir=-1${BASE}/b
+[Attributes]
+dir=1${BASE}/a
+[Misc]
+UseSelinuxCheck = no
+UseAclCheck = no
+"
+
+mod_testdata_11 () {
+    one_sec_sleep
+    setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
+    setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
+    setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y";    # ok (ign)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x";    # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y";    # bad
+}
+
+chk_testdata_11 () {
+    # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    tmp=`grep CRIT $LOGFILE | wc -l`
+    if [ $tmp -ne 1 ]; then
+        [ -z "$verbose" ] || log_msg_fail "policy count";
+        return 1
+    fi
+    egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
+        return 1
+    fi
+    CDIRS="a a/a a/b a/c c";
+    NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
+    test_dirs;
+    return $?
+}
+
+TESTPOLICY_10="
+[ReadOnly]
+dir=99${BASE}
+[IgnoreAll]
+dir=-1${BASE}/b
+[Attributes]
+dir=1${BASE}/a
+"
+
+mod_testdata_10 () {
+    one_sec_sleep
+    setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign)
+    setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad
+    setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y";    # ok (ign)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth)
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x";    # bad
+    setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y";    # bad
+}
+
 chk_testdata_10 () {
     # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";
@@ -136 +228 @@
         return 1
     fi
-    egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
+    egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";
         return 1
     fi
-    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x";
+    egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x";
         return 1
     fi
@@ -825 +917 @@
 run_check ()
 {
-    ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
-
+     ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind
+ 
     if test x$? = x0; then
+
         ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}"
+
         if [ $? -ne 0 ]; then
             [ -z "$quiet" ]   && log_msg_fail  "mv logfile...";
@@ -927 +1021 @@
 {
     if [ $1 -ne 0 ]; then
-        [ -z "$quiet" ] && log_fail ${2} ${MAXTEST};
+        log_fail ${2} ${MAXTEST};
         return 1
     fi
@@ -1012 +1106 @@
               [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST};
           fi
+          #
           let "tcount = tcount + 1" >/dev/null
+          #
+          if [ -z "$doall" -a $tcount -eq 10 ]; then
+              log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+              let "tcount = tcount + 1" >/dev/null
+          fi
+          #
+          if [ -z "$doall" -a $tcount -eq 11 ]; then
+              log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)'
+              let "tcount = tcount + 1" >/dev/null
+          fi
+          #
           POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'`
         done