From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=This test case tests semodule basic functionalities (module installation/removal, listing). |setup=Ensure that {{package|policycoreutils}} package ...") |
|||
| Line 3: | Line 3: | ||
|setup=Ensure that {{package|policycoreutils}} package is installed. | |setup=Ensure that {{package|policycoreutils}} package is installed. | ||
|actions= | |actions= | ||
| − | #Create file called audittmp.cil containing simple auditallow rule: | + | #Create file called audittmp.cil containing simple auditallow rule: '''{{command|#echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil}}''' |
| − | + | #Install new module '''{{command|#semodule -i audittmp.cil}}''' | |
| − | echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil | + | #Check that the module is properly installed '''{{command|#semodule -l | grep audittmp}}'''<pre>audittmp</pre> |
| − | + | #Create new file in /tmp: '''{{command|#touch /tmp/new_file}}''' | |
| − | #Install new module {{command|semodule -i audittmp.cil}} | + | #Check that the file creation was logged:'''{{command|#ausearch -m avc -ts recent | grep new_file}}'''<pre>type=AVC msg=audit(1470058493.388:6693): avc: granted { create } for pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file</pre> |
| − | #Check that the module is properly installed | + | #Remove new module: '''{{command|#semodule -r audittmp}}''' |
| − | + | #Check that the module is no longer listed as installed:'''{{command|#semodule -l | grep audittmp}}''' | |
| − | audittmp | + | #Clean up: '''{{command|#rm -rf new_file audittmp.cil}}''' |
| − | </pre> | ||
| − | #Create new file in /tmp | ||
| − | {{command|touch /tmp/new_file}} | ||
| − | #Check that the file creation was logged | ||
| − | |||
| − | type=AVC msg=audit(1470058493.388:6693): avc: granted { create } for pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file | ||
| − | </pre> | ||
| − | #Remove new module {{command|semodule -r audittmp}} | ||
| − | #Check that the module is no longer listed as installed {{command|semodule -l | grep audittmp}} | ||
| − | #Clean up {{command|rm -rf new_file audittmp.cil}} | ||
|results= | |results= | ||
Revision as of 15:03, 1 August 2016
Description
This test case tests semodule basic functionalities (module installation/removal, listing).
Setup
Ensure that 
policycoreutils
How to test
- Create file called audittmp.cil containing simple auditallow rule:
#echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil - Install new module
#semodule -i audittmp.cil - Check that the module is properly installed
#semodule -laudittmp
- Create new file in /tmp:
#touch /tmp/new_file - Check that the file creation was logged:
#ausearch -m avc -ts recenttype=AVC msg=audit(1470058493.388:6693): avc: granted { create } for pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file - Remove new module:
#semodule -r audittmp - Check that the module is no longer listed as installed:
#semodule -l - Clean up:
#rm -rf new_file audittmp.cil
Expected Results
- All commands are executed successfully
- AVC message simillar to the one shown above was logged