예제 #1
0
def test_not_supported_minor_version(current_actor_context):
    current_actor_context.feed(create_osrelease(id='rhel', version_id='7.5'))
    current_actor_context.run()
    assert current_actor_context.consume(Report)
    assert current_actor_context.consume(
        Report)[0].title == 'Unsupported OS version'
    assert 'inhibitor' in current_actor_context.consume(Report)[0].flags
def test_SELinuxContentScanner(current_actor_context, destructive_selinux_env):

    expected_data = {
        'policy': 'targeted',
        'mls_enabled': True,
        'enabled': True,
        'runtime_mode': 'enforcing',
        'static_mode': 'enforcing'
    }

    current_actor_context.feed(SELinuxFacts(**expected_data))
    current_actor_context.run()

    modules = current_actor_context.consume(SELinuxModules)[0]
    api.current_logger().warning("Modules: %s", str(modules))
    assert modules
    # check that all modules installed during test setup where reported
    for priority, name in TEST_MODULES:
        if priority not in ('100', '200'):
            assert find_module(modules, name, priority)

    rpms = current_actor_context.consume(SELinuxRequestRPMs)[0]
    assert rpms
    # modules with priority 200 should only originate in "<module_name>-selinux" rpms
    assert "mock1-selinux" in rpms.to_keep
    # mock1 contains container related type
    assert "container-selinux" in rpms.to_install

    custom = current_actor_context.consume(SELinuxCustom)[0]
    assert custom
    # the second command contains removed type and should be discarded
    assert find_semanage_rule(custom.removed, SEMANAGE_COMMANDS[1])
    # the rest of the commands should be reported (except for the last which will show up in modules)
    assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[0])
    assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[2])
def test_has_package(current_actor_context):
    installed_rpm = [
        RPM(name='sample01',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'
            ),
        RPM(name='sample02',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
    ]

    current_actor_context.feed(InstalledRPM(items=installed_rpm))
    current_actor_context.run(config_model=mock_configs.CONFIG)
    assert rpms.has_package(InstalledRedHatSignedRPM,
                            'sample01',
                            context=current_actor_context)
    assert not rpms.has_package(InstalledRedHatSignedRPM,
                                'nosuchpackage',
                                context=current_actor_context)
    assert rpms.has_package(InstalledUnsignedRPM,
                            'sample02',
                            context=current_actor_context)
    assert not rpms.has_package(
        InstalledUnsignedRPM, 'nosuchpackage', context=current_actor_context)
예제 #4
0
def test_actor_execution_with_signed_unsigned_data(current_actor_context):
    installed_rpm = [
        RPM(name='sample01', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'),
        RPM(name='sample02', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample03', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 5326810137017186'),
        RPM(name='sample04', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample05', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 938a80caf21541eb'),
        RPM(name='sample06', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample07', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID fd372689897da07a'),
        RPM(name='sample08', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample09', version='0.1', release='1.sm01', epoch='1', packager=RH_PACKAGER, arch='noarch',
            pgpsig='RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 45689c882fa658e0')]

    current_actor_context.feed(InstalledRPM(items=installed_rpm))
    current_actor_context.run()
    assert current_actor_context.consume(InstalledRedHatSignedRPM)
    assert len(current_actor_context.consume(InstalledRedHatSignedRPM)[0].items) == 5
    assert current_actor_context.consume(InstalledUnsignedRPM)
    assert len(current_actor_context.consume(InstalledUnsignedRPM)[0].items) == 4
예제 #5
0
def test_actor_without_acpid_package(current_actor_context):
    without_acpid = [
        RPM(name='powertop',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'
            ),
        RPM(name='sed',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'
            )
    ]

    current_actor_context.feed(
        create_modulesfacts(installed_rpm=without_acpid))
    current_actor_context.run()
    assert not current_actor_context.consume(Report)
예제 #6
0
def test_repositoriesblacklist_disabled_optional(current_actor_context):
    repo_facts = get_repo_facts(['rhel-7-server-optional-rpms'], False)
    current_actor_context.feed(repo_facts)
    current_actor_context.run()
    assert current_actor_context.consume(RepositoriesBlacklisted)
    repoids = current_actor_context.consume(RepositoriesBlacklisted)[0].repoids
    assert 'codeready-builder-for-rhel-8-x86_64-rpms' in repoids
예제 #7
0
def test_actor_execution_with_sample_data(current_actor_context):
    installed_rpm = [
        RPM(name='sample01',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_PGP_SIG'),
        RPM(name='sample02',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_PGP_SIG')
    ]
    current_actor_context.feed(InstalledRedHatSignedRPM(items=installed_rpm))
    current_actor_context.feed(
        RpmTransactionTasks(to_remove=[rpm.name for rpm in installed_rpm],
                            to_keep=[installed_rpm[0].name]))
    current_actor_context.run()
    result = current_actor_context.consume(FilteredRpmTransactionTasks)
    assert len(result) == 1
    assert result[0].to_keep == [installed_rpm[0].name]
    assert result[0].to_remove == [installed_rpm[1].name]
예제 #8
0
def test_actor_with_fstab_entry(current_actor_context):
    with_fstab_entry = [
        FstabEntry(
            fs_spec="//10.20.30.42/share1",
            fs_file="/mnt/win_share1",
            fs_vfstype="cifs",
            fs_mntops=
            "credentials=/etc/win-credentials,file_mode=0755,dir_mode=0755",
            fs_freq="0",
            fs_passno="0"),
        FstabEntry(
            fs_spec="//10.20.30.42/share2",
            fs_file="/mnt/win_share2",
            fs_vfstype="cifs",
            fs_mntops=
            "credentials=/etc/win-credentials,file_mode=0755,dir_mode=0755",
            fs_freq="0",
            fs_passno="0"),
        FstabEntry(fs_spec="/dev/mapper/fedora-home",
                   fs_file="/home",
                   fs_vfstype="ext4",
                   fs_mntops="defaults,x-systemd.device-timeout=0",
                   fs_freq="1",
                   fs_passno="2")
    ]
    current_actor_context.feed(StorageInfo(fstab=with_fstab_entry))
    current_actor_context.run()
    report_fields = current_actor_context.consume(Report)[0].report
    assert 'inhibitor' in report_fields['flags']
    assert report_fields['severity'] == 'high'
    assert report_fields[
        'title'] == "Use of CIFS detected. Upgrade can't proceed"
예제 #9
0
def test_actor_with_grep_package(current_actor_context):
    rpms = [
        RPM(name='wireshark',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'
            ),
        RPM(name='powertop',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'
            )
    ]

    current_actor_context.feed(InstalledRedHatSignedRPM(items=rpms))
    current_actor_context.run()
    assert current_actor_context.consume(Report)
예제 #10
0
def test_actor_selinux_disabled(current_actor_context):
    disabled = create_selinuxfacts(enabled=False, static_mode='disabled')

    current_actor_context.feed(disabled)
    current_actor_context.run()
    assert not current_actor_context.consume(SelinuxRelabelDecision)
    assert not current_actor_context.consume(SelinuxPermissiveDecision)
def test_actor_execution_with_unsigned_data(current_actor_context):
    installed_rpm = [
        RPM(name='sample02',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample04',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample06',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_OTHER_SIG_X'),
        RPM(name='sample08',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig='SOME_OTHER_SIG_X')
    ]

    current_actor_context.feed(InstalledUnsignedRPM(items=installed_rpm))
    current_actor_context.run()
    assert current_actor_context.consume(CheckResult)
예제 #12
0
def test_wrong_symlink_inhibitor(current_actor_context, modified,
                                 expected_report):
    subdirs = {
        'bin': 'usr/bin',
        'boot': '',
        'dev': '',
        'etc': '',
        'home': '',
        'lib': 'usr/lib',
        'lib64': 'usr/lib64',
        'media': '',
        'mnt': '',
        'opt': '',
        'proc': '',
        'root': '',
        'run': '',
        'sbin': 'usr/sbin',
        'srv': '',
        'sys': '',
        'tmp': '',
        'usr': '',
        'var': ''
    }
    subdirs.update(modified)
    items = [
        RootSubdirectory(name=name, target=target)
        for name, target in subdirs.items()
    ]
    current_actor_context.feed(RootDirectory(items=items))
    current_actor_context.run()
    if expected_report:
        assert current_actor_context.consume(Report)
    else:
        assert not current_actor_context.consume(Report)
예제 #13
0
def test_actor_set_permissive(current_actor_context):
    relabel = create_selinuxfacts(static_mode='enforcing', enabled=True)

    current_actor_context.feed(relabel)
    current_actor_context.run()
    assert current_actor_context.consume(Report)
    assert current_actor_context.consume(SelinuxPermissiveDecision)[0].set_permissive
예제 #14
0
def test_actor_ethX_and_not_ethX(current_actor_context):
    pci1 = PCIAddress(domain="0000",
                      bus="3e",
                      function="00",
                      device="PCI bridge")
    pci2 = PCIAddress(domain="0000",
                      bus="3d",
                      function="00",
                      device="Serial controller")
    interface = [
        Interface(name="virbr0",
                  mac="52:54:00:0b:4a:6d",
                  vendor="redhat",
                  driver="pcieport",
                  pci_info=pci1,
                  devpath="/devices/platform/usb/cdc-wdm0"),
        Interface(name="eth0",
                  mac="52:54:00:0b:4a:6a",
                  vendor="redhat",
                  driver="serial",
                  pci_info=pci2,
                  devpath="/devices/hidraw/hidraw0")
    ]
    current_actor_context.feed(PersistentNetNamesFacts(interfaces=interface))
    current_actor_context.run()
    assert current_actor_context.consume(Report)
    assert 'inhibitor' in current_actor_context.consume(
        Report)[0].report['flags']
def test_schedule_relabel(current_actor_context):
    current_actor_context.feed(SelinuxRelabelDecision(set_relabel=True))
    current_actor_context.run()
    assert os.path.isfile('/.autorelabel')

    # lets cleanup so we possibly not affect further testing
    os.unlink('/.autorelabel')
def test_SELinuxContentScanner(current_actor_context, destructive_selinux_env):

    expected_data = {
        'policy': 'targeted',
        'mls_enabled': True,
        'enabled': True,
        'runtime_mode': 'enforcing',
        'static_mode': 'enforcing'
    }

    current_actor_context.feed(SELinuxFacts(**expected_data))
    current_actor_context.run(config_model=mock_configs.CONFIG)

    modules = current_actor_context.consume(SELinuxModules)[0]
    assert modules
    # check that all modules installed during test setup where reported
    for priority, name in TEST_MODULES:
        if priority not in ('100', '200'):
            assert find_module(modules, name, priority)
    # check that udica template was reported
    assert find_template(modules, TEST_MODULES[-1][1], TEST_MODULES[-1][0])

    rpms = current_actor_context.consume(SELinuxRequestRPMs)[0]
    assert rpms

    # mock1 contains container related type
    assert "container-selinux" in rpms.to_install

    custom = current_actor_context.consume(SELinuxCustom)[0]
    assert custom
    # The second command contains removed type and should be discarded (in either upgrade path)
    assert find_semanage_rule(custom.removed, SEMANAGE_COMMANDS[1])
    # the rest of the commands should be reported (except for the last which will show up in modules)
    assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[0])
    assert find_semanage_rule(custom.commands, SEMANAGE_COMMANDS[2])
예제 #17
0
def test_SELinuxPrepare(current_actor_context, semodule_lfull_initial,
                        semanage_export_initial, destructive_selinux_env):
    before_test = []
    for cmd in (["semodule", "-lfull"], ["semanage", "export"]):
        res = _run_cmd(cmd, "Error listing SELinux customizations")
        before_test.append(res)
        # XXX still not sure about logging in tests
        api.current_logger().info("Before test:%s", res)
    # Make sure that initial semodule/semanage commands don't match before tests ones
    assert before_test != [semodule_lfull_initial, semanage_export_initial]

    # XXX FIXME test_modules.reverse() returns None and changes underlying list which should not happen
    # to global vars. Removing that reversing as it is broken anyway
    semodule_list = [
        SELinuxModule(name=module, priority=int(prio), content="", removed=[])
        for (prio, module) in TEST_MODULES + [["400", "permissive_abrt_t"]]
    ]

    current_actor_context.feed(SELinuxModules(modules=semodule_list))
    current_actor_context.run()

    # check if all given modules and local customizations where removed
    semodule_res = _run_cmd(["semodule", "-lfull"],
                            "Error listing SELinux modules")
    assert semodule_lfull_initial == semodule_res
    semanage_res = _run_cmd(["semanage", "export"],
                            "Error listing SELinux customizations")
    assert semanage_export_initial == semanage_res
예제 #18
0
def test_not_supported_id(current_actor_context):
    current_actor_context.feed(create_osrelease(id='not_supported_id'))
    current_actor_context.run()
    assert current_actor_context.consume(Report)
    assert current_actor_context.consume(
        Report)[0].title == 'Unsupported OS id'
    assert 'inhibitor' in current_actor_context.consume(Report)[0].flags
def test_gpg_pubkey_pkg(current_actor_context):
    installed_rpm = [
        RPM(name='gpg-pubkey',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager=RH_PACKAGER,
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID aa17105e03152d37'
            ),
        RPM(name='gpg-pubkey',
            version='0.1',
            release='1.sm01',
            epoch='1',
            packager='Tester',
            arch='noarch',
            pgpsig=
            'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 9ea903b1361e896b'
            ),
    ]

    current_actor_context.feed(InstalledRPM(items=installed_rpm))
    current_actor_context.run()
    assert current_actor_context.consume(InstalledRedHatSignedRPM)
    assert len(
        current_actor_context.consume(InstalledRedHatSignedRPM)[0].items) == 1
    assert current_actor_context.consume(InstalledUnsignedRPM)
    assert len(
        current_actor_context.consume(InstalledUnsignedRPM)[0].items) == 1
def test_KDE_present(current_actor_context):
    current_actor_context.feed(InstalledRPM(items=[
        KDE_RPM,
    ]))
    current_actor_context.run()
    message = current_actor_context.consume(InstalledDesktopsFacts)[0]
    assert message.kde_installed
예제 #21
0
def test_SELinuxApplyCustom(current_actor_context,
                            destructive_selinux_teardown):

    semodule_list = [
        SELinuxModule(
            name=module,
            priority=int(prio),
            content="(allow domain proc_type (file (getattr open read)))",
            removed=[]) for (prio, module) in TEST_MODULES
    ]

    commands = [" ".join([c[0], "-a"] + c[1:]) for c in SEMANAGE_COMMANDS[1:]]
    semanage_removed = [
        " ".join([SEMANAGE_COMMANDS[0][0], "-a"] + SEMANAGE_COMMANDS[0][1:])
    ]

    current_actor_context.feed(SELinuxModules(modules=semodule_list))
    current_actor_context.feed(
        SELinuxCustom(commands=commands, removed=semanage_removed))
    current_actor_context.run()

    semodule_lfull = _run_cmd(["semodule", "-lfull"],
                              "Error listing selinux modules")
    semanage_export = _run_cmd(["semanage", "export"],
                               "Error listing selinux customizations")

    # check that all reported modules where introduced to the system
    for priority, name in TEST_MODULES:
        if priority not in ('100', '200'):
            assert find_module_semodule(semodule_lfull, name, priority)
    # check that all valid commands where introduced to the system
    for command in SEMANAGE_COMMANDS[1:-1]:
        assert find_semanage_rule(semanage_export, command)
예제 #22
0
def test_SELinuxPrepare(current_actor_context, semodule_lfull_initial,
                        semanage_export_initial, destructive_selinux_env):
    before_test = []
    for cmd in (['semodule', '-lfull'], ['semanage', 'export']):
        res = _run_cmd(cmd, 'Error listing SELinux customizations')
        before_test.append(res)
        # XXX still not sure about logging in tests
        api.current_logger().info('Before test: {}'.format(res))
    # Make sure that initial semodule/semanage commands don't match before tests ones
    assert before_test != [semodule_lfull_initial, semanage_export_initial]

    semodule_list = [
        SELinuxModule(name=module, priority=int(prio), content='', removed=[])
        for (prio, module) in TEST_MODULES +
        [['400', 'permissive_abrt_t'], ['100', 'compat']]
    ]

    template_list = [
        SELinuxModule(name=module, priority=int(prio), content='', removed=[])
        for (prio, module) in TEST_TEMPLATES
    ]

    current_actor_context.feed(
        SELinuxModules(modules=semodule_list, templates=template_list))

    current_actor_context.run()

    # check if all given modules and local customizations where removed
    semodule_res = _run_cmd(['semodule', '-lfull'],
                            'Error listing SELinux modules')
    assert semodule_lfull_initial == semodule_res
    semanage_res = _run_cmd(['semanage', 'export'],
                            'Error listing SELinux customizations')
    assert semanage_export_initial == semanage_res
예제 #23
0
def test_ciphers(current_actor_context, ciphers, expected_report):
    current_actor_context.feed(
        OpenSshConfig(permit_root_login=[osprl], ciphers=ciphers))
    current_actor_context.run()
    if expected_report:
        assert current_actor_context.consume(Report)
    else:
        assert not current_actor_context.consume(Report)
예제 #24
0
def test_actor_without_btrfs_module(current_actor_context):
    without_btrfs = [
        ActiveKernelModule(filename='kvm_intel', parameters=[]),
        ActiveKernelModule(filename='kvm', parameters=[])]

    current_actor_context.feed(create_sysfacts(kernel_modules=without_btrfs))
    current_actor_context.run()
    assert not current_actor_context.consume(CheckResult)
def test_actor_without_luks(current_actor_context):
    without_luks = [LsblkEntry(name='sda1', maj_min='8:0', rm='0',
                               size='10G', ro='0', tp='part', mountpoint='/boot'
                               )]

    current_actor_context.feed(StorageInfo(lsblk=without_luks))
    current_actor_context.run()
    assert not current_actor_context.consume(Inhibitor)
def test_actor_with_luks(current_actor_context):
    with_luks = [LsblkEntry(name='luks-132', maj_min='253:0', rm='0',
                            size='10G', ro='0', tp='crypt', mountpoint=''
                            )]

    current_actor_context.feed(StorageInfo(lsblk=with_luks))
    current_actor_context.run()
    assert current_actor_context.consume(Inhibitor)
예제 #27
0
def test_gnome_desktop_no_apps(current_actor_context):
    """
    No action expected.
    """
    current_actor_context.feed(gnome_desktop_env)
    current_actor_context.feed(no_KDE_apps)
    current_actor_context.run()
    assert not current_actor_context.consume(Report)
예제 #28
0
def test_repositoriesblacklist_optional_multiple_repo_files(
        current_actor_context):
    repo_facts = get_repo_facts(
        ['test', 'rhel-7-server-optional-rpms', 'rhel-7-server-rpms'], True,
        True)
    current_actor_context.feed(repo_facts)
    current_actor_context.run()
    assert not current_actor_context.consume(RepositoriesBlacklisted)
def test_check_fips(current_actor_context, parameters, expected_report):
    cmdline = KernelCmdline(parameters=ballast1 + parameters + ballast2)
    current_actor_context.feed(cmdline)
    current_actor_context.run()
    if expected_report:
        assert current_actor_context.consume(Report)
    else:
        assert not current_actor_context.consume(Report)
예제 #30
0
def test_protocol(current_actor_context, protocol):
    current_actor_context.feed(
        OpenSshConfig(permit_root_login=[osprl], protocol=protocol))
    current_actor_context.run()
    if protocol:
        assert current_actor_context.consume(Report)
    else:
        assert not current_actor_context.consume(Report)