github.com/blixtra/rkt@v0.8.1-0.20160204105720-ab0d1add1a43/pkg/selinux/selinux_test.go (about)

     1  // Copyright 2014,2015 Red Hat, Inc
     2  // Copyright 2014,2015 Docker, Inc
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  
    16  // +build linux
    17  
    18  package selinux_test
    19  
    20  import (
    21  	"os"
    22  	"testing"
    23  
    24  	"github.com/coreos/rkt/pkg/selinux"
    25  )
    26  
    27  func testSetfilecon(t *testing.T) {
    28  	if selinux.SelinuxEnabled() {
    29  		tmp := "selinux_test"
    30  		out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
    31  		out.Close()
    32  		err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
    33  		if err != nil {
    34  			t.Log("Setfilecon failed")
    35  			t.Fatal(err)
    36  		}
    37  		os.Remove(tmp)
    38  	}
    39  }
    40  
    41  func TestSELinux(t *testing.T) {
    42  	var (
    43  		err            error
    44  		plabel, flabel string
    45  	)
    46  
    47  	if selinux.SelinuxEnabled() {
    48  		t.Log("Enabled")
    49  		plabel, flabel = selinux.GetLxcContexts()
    50  		if plabel == "" {
    51  			t.Log("No lxc contexts, skipping tests")
    52  			return
    53  		}
    54  		t.Log(plabel)
    55  		t.Log(flabel)
    56  		selinux.FreeLxcContexts(plabel)
    57  		plabel, flabel = selinux.GetLxcContexts()
    58  		t.Log(plabel)
    59  		t.Log(flabel)
    60  		selinux.FreeLxcContexts(plabel)
    61  		t.Log("getenforce ", selinux.SelinuxGetEnforce())
    62  		t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode())
    63  		pid := os.Getpid()
    64  		t.Logf("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
    65  		err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
    66  		if err == nil {
    67  			t.Log(selinux.Getfscreatecon())
    68  		} else {
    69  			t.Log("setfscreatecon failed", err)
    70  			t.Fatal(err)
    71  		}
    72  		err = selinux.Setfscreatecon("")
    73  		if err == nil {
    74  			t.Log(selinux.Getfscreatecon())
    75  		} else {
    76  			t.Log("setfscreatecon failed", err)
    77  			t.Fatal(err)
    78  		}
    79  		t.Log(selinux.Getpidcon(1))
    80  	} else {
    81  		t.Log("Disabled")
    82  	}
    83  }