test: add selinux stage test

Add a simple check for the selinux check by building the f32-base image with an added selinux stage. Use the options from a test json file and verify the labels against a set of labels given in the aforementioned test file.
2020-06-13 19:38:18 +02:00 · 2020-06-13 19:38:18 +02:00 · 15986d9297
commit 15986d9297
parent 0cf581a9a4
2 changed files with 46 additions and 0 deletions
--- a/test/data/stages/selinux/test_basic.json
+++ b/test/data/stages/selinux/test_basic.json
@ -0,0 +1,15 @@
+{
+  "options": {
+    "file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
+  },
+  "labels": {
+    "/bin": "system_u:object_r:bin_t:s0",
+    "/boot": "system_u:object_r:boot_t:s0",
+    "/dev": "system_u:object_r:device_t:s0",
+    "/etc": "system_u:object_r:etc_t:s0",
+    "/home": "system_u:object_r:home_root_t:s0",
+    "/lib": "system_u:object_r:lib_t:s0",
+    "/usr": "system_u:object_r:usr_t:s0",
+    "/usr/bin/cp": "system_u:object_r:bin_t:s0"
+  }
+}
--- a/test/run/test_stages.py
+++ b/test/run/test_stages.py
@ -10,6 +10,7 @@ import pprint
 import tempfile
 import unittest

+from osbuild.util import selinux
 from .. import test


@ -127,3 +128,33 @@ class TestStages(test.TestBase):
            test_name = os.path.basename(test_path)
            with self.subTest(stage=test_name):
                self.run_stage_diff_test(test_path)
+
+    def test_selinux(self):
+        datadir = self.locate_test_data()
+        testdir = os.path.join(datadir, "stages", "selinux")
+
+        def load_manifest(manifest_name):
+            with open(os.path.join(datadir, f"manifests/{manifest_name}")) as f:
+                manifest = json.load(f)
+                return manifest
+
+        with self.osbuild as osb:
+
+            for t in glob.glob(f"{testdir}/test_*.json"):
+                manifest = load_manifest("f32-base.json")
+                with open(t) as f:
+                    check = json.load(f)
+                manifest["pipeline"]["stages"].append({
+                    "name": "org.osbuild.selinux",
+                    "options": check["options"]
+                })
+
+                jsdata = json.dumps(manifest)
+                treeid = osb.treeid_from_manifest(jsdata)
+                osb.compile(jsdata, checkpoints=[treeid])
+                ctx = osb.map_object(treeid)
+
+                with ctx as tree:
+                    for path, want in check["labels"].items():
+                        have = selinux.getfilecon(f"{tree}/{path}")
+                        self.assertEqual(have, want)