From fbd85d5a6698d9b5b05190e719eca4ee3eaa3fad Mon Sep 17 00:00:00 2001 From: Leela Venkaiah G Date: Mon, 20 Apr 2020 17:26:30 +0530 Subject: [Test] Add TC to check SEL context on glusterfs.xml file Test Steps: 1. Check the existence of '/usr/lib/firewalld/services/glusterfs.xml' 2. Validate the owner of this file as 'glusterfs-server' 3. Validate SELinux label context as 'system_u:object_r:lib_t:s0' Change-Id: I55bfb3b51a9188e2088459eaf5304b8b73f2834a Signed-off-by: Leela Venkaiah G --- tests/functional/glusterd/test_glusterd_selinux.py | 75 ++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 tests/functional/glusterd/test_glusterd_selinux.py (limited to 'tests/functional/glusterd') diff --git a/tests/functional/glusterd/test_glusterd_selinux.py b/tests/functional/glusterd/test_glusterd_selinux.py new file mode 100644 index 000000000..1790780bc --- /dev/null +++ b/tests/functional/glusterd/test_glusterd_selinux.py @@ -0,0 +1,75 @@ +# Copyright (C) 2020 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +""" + Description: + Test Cases in this module tests Gluster against SELinux Labels and Policies +""" + +import pytest +from glusto.core import Glusto as g +from glustolibs.gluster.gluster_base_class import GlusterBaseClass +from glustolibs.gluster.glusterfile import file_exists + + +class TestGlusterAgainstSELinux(GlusterBaseClass): + """Glusterd checks against SELinux Labels and Policies + """ + + @staticmethod + def run_cmd(host, cmd, opts='', operate_on=''): + if opts: + opts = '-'+opts + command = "{} {} {}".format(cmd, opts, operate_on) + rcode, rout, rerr = g.run(host, command) + if not rcode: + return True, rout + + g.log.error("On '%s', '%s' returned '%s'", host, command, rerr) + return False, rout + + @pytest.mark.test_selinux_label + def test_selinux_label(self): + """ + TestCase: + 1. Check the existence of '/usr/lib/firewalld/services/glusterfs.xml' + 2. Validate the owner of this file as 'glusterfs-server' + 3. Validate SELinux label context as 'system_u:object_r:lib_t:s0' + """ + + fqpath = '/usr/lib/firewalld/services/glusterfs.xml' + + for server in self.all_servers_info: + # Check existence of xml file + self.assertTrue(file_exists(server, fqpath), "Failed to verify " + "existence of '{}' in {} ".format(fqpath, server)) + g.log.info("Validated the existence of required xml file") + + # Check owner of xml file + status, result = self.run_cmd(server, 'rpm', 'qf', fqpath) + self.assertTrue(status, "Fail: Not able to find owner for {} on " + "{}".format(fqpath, server)) + exp_str = 'glusterfs-server' + self.assertIn(exp_str, result, "Fail: Owner of {} should be " + "{} on {}".format(fqpath, exp_str, server)) + + # Validate SELinux label + status, result = self.run_cmd(server, 'ls', 'lZ', fqpath) + self.assertTrue(status, "Fail: Not able to find SELinux label " + "for {} on {}".format(fqpath, server)) + exp_str = 'system_u:object_r:lib_t:s0' + self.assertIn(exp_str, result, "Fail: SELinux label on {}" + "should be {} on {}".format(fqpath, exp_str, server)) -- cgit