File: task.yaml

package info (click to toggle)
snapd 2.72-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 80,412 kB
  • sloc: sh: 16,506; ansic: 16,211; python: 11,213; makefile: 1,919; exp: 190; awk: 58; xml: 22
file content (82 lines) | stat: -rw-r--r-- 4,501 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
summary: Check that SELinux file context transitions work

details: |
    Verify that automatic file context transitions work and cover typical use cases

# Only distros that support SELinux
systems:
    - fedora-*
    - centos-*
    - opensuse-*-selinux-*

prepare: |
    rm -rf /root/snap
    rm -rf /home/test/snap
    tests.session -u test prepare

restore: |
    snap remove --purge test-snapd-service-writer || true
    snap remove --purge socket-activation || true
    tests.session -u test restore

execute: |
    # verify that we're actually running on a SELinux system
    selinuxenabled

    snap install test-snapd-sh

    test-snapd-sh.sh -c 'id -Z' | MATCH ':unconfined_t:'
    test-snapd-sh.sh -c "mkdir -p \$SNAP_USER_DATA/foo && echo hello world > \$SNAP_USER_DATA/foo/bar"

    expected_label="unconfined_t"
    tests.session -u test exec sh -c 'test-snapd-sh.sh -c "id -Z"' | MATCH ":${expected_label}:"
    tests.session -u test exec sh -c "test-snapd-sh.sh -c 'mkdir -p \$SNAP_USER_DATA/foo && echo hello world > \$SNAP_USER_DATA/foo/bar'"

    ls -Zd /root/snap /root/snap/test-snapd-sh/current/foo /root/snap/test-snapd-sh/current/foo/bar > root-labels
    MATCH '^.*:snappy_home_t:.*/root/snap$'                                  < root-labels
    MATCH '^.*:snappy_home_t:.*/root/snap/test-snapd-sh/current/foo$'     < root-labels
    MATCH '^.*:snappy_home_t:.*/root/snap/test-snapd-sh/current/foo/bar$' < root-labels

    ls -Zd /home/test/snap /home/test/snap/test-snapd-sh/current/foo /home/test/snap/test-snapd-sh/current/foo/bar > test-labels
    MATCH '^.*:snappy_home_t:.*/home/test/snap$'                                  < test-labels
    MATCH '^.*:snappy_home_t:.*/home/test/snap/test-snapd-sh/current/foo$'     < test-labels
    MATCH '^.*:snappy_home_t:.*/home/test/snap/test-snapd-sh/current/foo/bar$' < test-labels

    #shellcheck disable=SC2012
    ls -Zd /run/snapd | MATCH ':snappy_var_run_t:'

    # install a snap that does some file manipulation
    "$TESTSTOOLS"/snaps-state install-local test-snapd-service-writer

    ls -Zd /var/snap/test-snapd-service-writer/common \
           /var/snap/test-snapd-service-writer/common/by-hook \
           /var/snap/test-snapd-service-writer/common/by-hook/foo \
           /var/snap/test-snapd-service-writer/current \
           /var/snap/test-snapd-service-writer/current/by-hook \
           /var/snap/test-snapd-service-writer/current/by-hook/foo > hook-labels

    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/common$'              < hook-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/common/by-hook$'      < hook-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/common/by-hook/foo$'  < hook-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/current( -> x1)?$'    < hook-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/current/by-hook$'     < hook-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/current/by-hook/foo$' < hook-labels

    ls -Zd /var/snap/test-snapd-service-writer/common \
           /var/snap/test-snapd-service-writer/common/foo \
           /var/snap/test-snapd-service-writer/common/foo/bar \
           /var/snap/test-snapd-service-writer/current \
           /var/snap/test-snapd-service-writer/current/foo \
           /var/snap/test-snapd-service-writer/current/foo/bar > service-labels

    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/common$'           < service-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/common/foo$'       < service-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/common/foo/bar$'   < service-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/current( -> x1)?$' < service-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/current/foo$'      < service-labels
    MATCH '^.*system_u:object_r:snappy_var_t:s0 /var/snap/test-snapd-service-writer/current/foo/bar$'  < service-labels

    "$TESTSTOOLS"/snaps-state install-local socket-activation
    [ -S /var/snap/socket-activation/common/socket ]
    #shellcheck disable=SC2012
    ls -Zd /var/snap/socket-activation/common/socket | MATCH ':snappy_var_t:'