diff options
Diffstat (limited to 'testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py')
-rw-r--r-- | testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py | 54 |
1 files changed, 38 insertions, 16 deletions
diff --git a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py index ea4ca3f5f..b137b0f0c 100644 --- a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py +++ b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py @@ -194,11 +194,11 @@ class TestPOSIXTool(TestTool): mock_lstat.assert_called_with(entry.get('name')) ptool._remove.assert_called_with(entry) - @patch("os.chown") + @patch("os.lchown") @patch("os.chmod") @patch("os.utime") @patch("os.geteuid") - def test_set_perms(self, mock_geteuid, mock_utime, mock_chmod, mock_chown): + def test_set_perms(self, mock_geteuid, mock_utime, mock_chmod, mock_lchown): ptool = self.get_obj() ptool._norm_entry_uid = Mock() ptool._norm_entry_gid = Mock() @@ -210,7 +210,7 @@ class TestPOSIXTool(TestTool): ptool._norm_entry_gid.reset_mock() ptool._norm_entry_uid.reset_mock() mock_chmod.reset_mock() - mock_chown.reset_mock() + mock_lchown.reset_mock() mock_utime.reset_mock() mock_geteuid.reset_mock() @@ -235,7 +235,7 @@ class TestPOSIXTool(TestTool): self.assertTrue(ptool._set_perms(entry)) ptool._norm_entry_uid.assert_called_with(entry) ptool._norm_entry_gid.assert_called_with(entry) - mock_chown.assert_called_with(entry.get("name"), 10, 100) + mock_lchown.assert_called_with(entry.get("name"), 10, 100) mock_chmod.assert_called_with(entry.get("name"), int(entry.get("mode"), 8)) self.assertFalse(mock_utime.called) @@ -250,7 +250,7 @@ class TestPOSIXTool(TestTool): self.assertTrue(ptool._set_perms(entry)) self.assertFalse(ptool._norm_entry_uid.called) self.assertFalse(ptool._norm_entry_gid.called) - self.assertFalse(mock_chown.called) + self.assertFalse(mock_lchown.called) mock_chmod.assert_called_with(entry.get("name"), int(entry.get("mode"), 8)) self.assertFalse(mock_utime.called) @@ -265,7 +265,7 @@ class TestPOSIXTool(TestTool): self.assertTrue(ptool._set_perms(entry)) ptool._norm_entry_uid.assert_called_with(entry) ptool._norm_entry_gid.assert_called_with(entry) - mock_chown.assert_called_with(entry.get("name"), 10, 100) + mock_lchown.assert_called_with(entry.get("name"), 10, 100) mock_chmod.assert_called_with(entry.get("name"), int(entry.get("mode"), 8)) mock_utime.assert_called_with(entry.get("name"), (mtime, mtime)) @@ -276,26 +276,26 @@ class TestPOSIXTool(TestTool): self.assertTrue(ptool._set_perms(entry, path='/etc/bar')) ptool._norm_entry_uid.assert_called_with(entry) ptool._norm_entry_gid.assert_called_with(entry) - mock_chown.assert_called_with('/etc/bar', 10, 100) + mock_lchown.assert_called_with('/etc/bar', 10, 100) mock_chmod.assert_called_with('/etc/bar', int(entry.get("mode"), 8)) mock_utime.assert_called_with(entry.get("name"), (mtime, mtime)) ptool._set_secontext.assert_called_with(entry, path='/etc/bar') ptool._set_acls.assert_called_with(entry, path='/etc/bar') - # test dev_type modification of perms, failure of chown + # test dev_type modification of perms, failure of lchown reset() def chown_rv(path, owner, group): if owner == 0 and group == 0: return True else: raise KeyError - os.chown.side_effect = chown_rv + os.lchown.side_effect = chown_rv entry.set("type", "device") entry.set("dev_type", list(device_map.keys())[0]) self.assertFalse(ptool._set_perms(entry)) ptool._norm_entry_uid.assert_called_with(entry) ptool._norm_entry_gid.assert_called_with(entry) - mock_chown.assert_called_with(entry.get("name"), 0, 0) + mock_lchown.assert_called_with(entry.get("name"), 0, 0) mock_chmod.assert_called_with(entry.get("name"), int(entry.get("mode"), 8) | list(device_map.values())[0]) mock_utime.assert_called_with(entry.get("name"), (mtime, mtime)) @@ -304,14 +304,14 @@ class TestPOSIXTool(TestTool): # test failure of chmod reset() - os.chown.side_effect = None + os.lchown.side_effect = None os.chmod.side_effect = OSError entry.set("type", "file") del entry.attrib["dev_type"] self.assertFalse(ptool._set_perms(entry)) ptool._norm_entry_uid.assert_called_with(entry) ptool._norm_entry_gid.assert_called_with(entry) - mock_chown.assert_called_with(entry.get("name"), 10, 100) + mock_lchown.assert_called_with(entry.get("name"), 10, 100) mock_chmod.assert_called_with(entry.get("name"), int(entry.get("mode"), 8)) mock_utime.assert_called_with(entry.get("name"), (mtime, mtime)) @@ -322,14 +322,14 @@ class TestPOSIXTool(TestTool): # e.g., when chmod fails, we still try to apply acls, set # selinux context, etc. reset() - os.chown.side_effect = OSError + os.lchown.side_effect = OSError os.utime.side_effect = OSError ptool._set_acls.return_value = False ptool._set_secontext.return_value = False self.assertFalse(ptool._set_perms(entry)) ptool._norm_entry_uid.assert_called_with(entry) ptool._norm_entry_gid.assert_called_with(entry) - mock_chown.assert_called_with(entry.get("name"), 10, 100) + mock_lchown.assert_called_with(entry.get("name"), 10, 100) mock_chmod.assert_called_with(entry.get("name"), int(entry.get("mode"), 8)) mock_utime.assert_called_with(entry.get("name"), (mtime, mtime)) @@ -481,11 +481,16 @@ class TestPOSIXTool(TestTool): @skipUnless(HAS_SELINUX, "SELinux not found, skipping") @patchIf(HAS_SELINUX, "selinux.restorecon") + @patchIf(HAS_SELINUX, "selinux.lgetfilecon") @patchIf(HAS_SELINUX, "selinux.lsetfilecon") - def test_set_secontext(self, mock_lsetfilecon, mock_restorecon): + def test_set_secontext(self, mock_lsetfilecon, mock_lgetfilecon, + mock_restorecon): + Bcfg2.Options.setup.secontext_ignore = ['dosfs_t'] ptool = self.get_obj() entry = lxml.etree.Element("Path", name="/etc/foo", type="file") + mock_lgetfilecon.return_value = (0, "system_u:object_r:foo_t") + # disable selinux for the initial test Bcfg2.Client.Tools.POSIX.base.HAS_SELINUX = False self.assertTrue(ptool._set_secontext(entry)) @@ -495,29 +500,46 @@ class TestPOSIXTool(TestTool): self.assertTrue(ptool._set_secontext(entry)) self.assertFalse(mock_restorecon.called) self.assertFalse(mock_lsetfilecon.called) + self.assertFalse(mock_lgetfilecon.called) mock_restorecon.reset_mock() mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() entry.set("secontext", "__default__") self.assertTrue(ptool._set_secontext(entry)) mock_restorecon.assert_called_with(entry.get("name")) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) self.assertFalse(mock_lsetfilecon.called) mock_restorecon.reset_mock() mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() mock_lsetfilecon.return_value = 0 entry.set("secontext", "foo_t") self.assertTrue(ptool._set_secontext(entry)) self.assertFalse(mock_restorecon.called) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) mock_lsetfilecon.assert_called_with(entry.get("name"), "foo_t") mock_restorecon.reset_mock() mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() mock_lsetfilecon.return_value = 1 self.assertFalse(ptool._set_secontext(entry)) self.assertFalse(mock_restorecon.called) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) mock_lsetfilecon.assert_called_with(entry.get("name"), "foo_t") + # ignored filesystem + mock_restorecon.reset_mock() + mock_lsetfilecon.reset_mock() + mock_lgetfilecon.reset_mock() + mock_lgetfilecon.return_value = (0, "system_u:object_r:dosfs_t") + self.assertTrue(ptool._set_secontext(entry)) + self.assertFalse(mock_restorecon.called) + self.assertFalse(mock_lsetfilecon.called) + mock_lgetfilecon.assert_called_once_with(entry.get("name")) + @patch("grp.getgrnam") def test_norm_gid(self, mock_getgrnam): ptool = self.get_obj() @@ -686,7 +708,7 @@ class TestPOSIXTool(TestTool): ptool._gather_data = Mock() entry = lxml.etree.Element("Path", name="/test", type="file", group="group", owner="user", mode="664", - secontext='etc_t') + secontext='unconfined_u:object_r:etc_t:s0') # _verify_metadata() mutates the entry, so we keep a backup so we # can start fresh every time orig_entry = copy.deepcopy(entry) |