mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-21 04:50:44 +00:00
789d0ebbf9
When trying to get policycoreutils working in python3, I kept running
into TabErrors:
Traceback (most recent call last):
File "/usr/lib/python-exec/python3.3/semanage", line 27, in <module>
import seobject
File "/usr/lib64/python3.3/site-packages/seobject.py", line 154
context = "%s%s" % (filler, raw)
^
TabError: inconsistent use of tabs and spaces in indentation
Python3 is a lot stricter than python2 regarding whitespace and looks like
previous commits mixed the two. When fixing this, I took the chance to fix
other PEP8 style issues at the same time.
This commit was made using:
$ file $(find . -type f) | grep -i python | sed 's/:.*$//' > pyfiles
$ autopep8 --in-place --ignore=E501,E265 $(cat pyfiles)
The ignore E501 is long lines since there are many that would be wrapped
otherwise, and E265 is block comments that start with ## instead of just #.
Signed-off-by: Jason Zaman <jason@perfinion.com>
104 lines
3.7 KiB
Python
104 lines
3.7 KiB
Python
import unittest
|
|
import os
|
|
import shutil
|
|
from tempfile import mkdtemp
|
|
from subprocess import Popen, PIPE
|
|
|
|
|
|
class SandboxTests(unittest.TestCase):
|
|
|
|
def assertDenied(self, err):
|
|
self.assertTrue(b'Permission denied' in err,
|
|
'"Permission denied" not found in %r' % err)
|
|
|
|
def assertNotFound(self, err):
|
|
self.assertTrue(b'not found' in err,
|
|
'"not found" not found in %r' % err)
|
|
|
|
def assertFailure(self, status):
|
|
self.assertTrue(status != 0,
|
|
'"Succeeded when it should have failed')
|
|
|
|
def assertSuccess(self, status, err):
|
|
self.assertTrue(status == 0,
|
|
'"Sandbox should have succeeded for this test %r' % err)
|
|
|
|
def test_simple_success(self):
|
|
"Verify that we can read file descriptors handed to sandbox"
|
|
p1 = Popen(['cat', '/etc/passwd'], stdout=PIPE)
|
|
p2 = Popen(['sandbox', 'grep', 'root'], stdin=p1.stdout, stdout=PIPE)
|
|
out, err = p2.communicate()
|
|
self.assertTrue(b'root' in out)
|
|
|
|
def test_cant_kill(self):
|
|
"Verify that we cannot send kill signal in the sandbox"
|
|
pid = os.getpid()
|
|
p = Popen(['sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertDenied(err)
|
|
|
|
def test_cant_ping(self):
|
|
"Verify that we can't ping within the sandbox"
|
|
p = Popen(['sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertDenied(err)
|
|
|
|
def test_cant_mkdir(self):
|
|
"Verify that we can't mkdir within the sandbox"
|
|
p = Popen(['sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertFailure(p.returncode)
|
|
|
|
def test_cant_list_homedir(self):
|
|
"Verify that we can't list homedir within the sandbox"
|
|
p = Popen(['sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertFailure(p.returncode)
|
|
|
|
def test_cant_send_mail(self):
|
|
"Verify that we can't send mail within the sandbox"
|
|
p = Popen(['sandbox', 'mail'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertDenied(err)
|
|
|
|
def test_cant_sudo(self):
|
|
"Verify that we can't run sudo within the sandbox"
|
|
p = Popen(['sandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertFailure(p.returncode)
|
|
|
|
def test_mount(self):
|
|
"Verify that we mount a file system"
|
|
p = Popen(['sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertSuccess(p.returncode, err)
|
|
|
|
def test_set_level(self):
|
|
"Verify that we set level a file system"
|
|
p = Popen(['sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
self.assertSuccess(p.returncode, err)
|
|
|
|
def test_homedir(self):
|
|
"Verify that we set homedir a file system"
|
|
homedir = mkdtemp(dir=".", prefix=".sandbox_test")
|
|
p = Popen(['sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
shutil.rmtree(homedir)
|
|
self.assertSuccess(p.returncode, err)
|
|
|
|
def test_tmpdir(self):
|
|
"Verify that we set tmpdir a file system"
|
|
tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_test")
|
|
p = Popen(['sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
|
|
out, err = p.communicate()
|
|
shutil.rmtree(tmpdir)
|
|
self.assertSuccess(p.returncode, err)
|
|
|
|
if __name__ == "__main__":
|
|
import selinux
|
|
if selinux.security_getenforce() == 1:
|
|
unittest.main()
|
|
else:
|
|
print("SELinux must be in enforcing mode for this test")
|