From Fedora Project Wiki

(Created page with "{{QA/Test_Case |description=This test case tests semodule basic functionalities (module installation/removal, listing). |setup=Ensure that {{package|policycoreutils}} package ...")
 
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
 
|setup=Ensure that {{package|policycoreutils}} package is installed.
 
|setup=Ensure that {{package|policycoreutils}} package is installed.
 
|actions=
 
|actions=
#Create file called audittmp.cil containing simple auditallow rule:
+
<ol>
<pre>cd /tmp
+
<li>Create file called audittmp.cil containing simple auditallow rule: <pre>#echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil</pre> </li>  
echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil
+
<li>Install new module: <pre>#semodule -i audittmp.cil</pre></li>
</pre>
+
<li>Check that the module is properly installed: <pre>
#Install new module {{command|semodule -i audittmp.cil}}
+
#semodule -l | grep audittmp
#Check that the module is properly installed
 
<pre>semodule -l | grep audittmp
 
 
audittmp
 
audittmp
 
</pre>
 
</pre>
#Create new file in /tmp
+
</li>
{{command|touch /tmp/new_file}}
+
<li>Create new file in /tmp: <pre>#touch /tmp/new_file</pre></li>
#Check that the file creation was logged
+
<li>Check that the file creation was logged:<pre>#ausearch -m avc -ts recent | grep new_file
<pre>ausearch -m avc -ts recent | grep new_file
+
type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file</pre></li>
type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
+
<li>Remove new module: <pre>#semodule -r audittmp</pre></li>
</pre>
+
<li>Check that the module is no longer listed as installed:<pre>#semodule -l | grep audittmp
#Remove new module {{command|semodule -r audittmp}}
+
-</pre></li>
#Check that the module is no longer listed as installed {{command|semodule -l | grep audittmp}}
+
<li>Clean up: <pre>#rm -rf new_file audittmp.cil</pre></li>
#Clean up {{command|rm -rf new_file audittmp.cil}}
+
</ol>
 
 
 
|results=
 
|results=
  

Latest revision as of 13:21, 4 August 2016

Description

This test case tests semodule basic functionalities (module installation/removal, listing).

Setup

Ensure that Package-x-generic-16.pngpolicycoreutils package is installed.

How to test

  1. Create file called audittmp.cil containing simple auditallow rule:
    #echo "(auditallow unconfined_t user_tmp_t (file (create)))" > audittmp.cil
  2. Install new module:
    #semodule -i audittmp.cil
  3. Check that the module is properly installed:
    #semodule -l | grep audittmp
    audittmp
    
  4. Create new file in /tmp:
    #touch /tmp/new_file
  5. Check that the file creation was logged:
    #ausearch -m avc -ts recent | grep new_file
    type=AVC msg=audit(1470058493.388:6693): avc:  granted  { create } for  pid=7410 comm="touch" name="new_file" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
  6. Remove new module:
    #semodule -r audittmp
  7. Check that the module is no longer listed as installed:
    #semodule -l | grep audittmp
    -
  8. Clean up:
    #rm -rf new_file audittmp.cil

Expected Results

  1. All commands are executed successfully
  2. AVC message simillar to the one shown above was logged