Exemplo n.º 1
0
class SELinuxRoleTest(ProvyTestCase):
    def setUp(self):
        self.role = SELinuxRole(prov=None, context={'cleanup': []})

    @istest
    def provisions_correctly(self):
        with self.mock_role_methods('install_packages', 'activate'):
            self.role.provision()

            self.role.install_packages.assert_called_with()
            self.role.activate.assert_called_with()

    @istest
    def installs_packages_in_debian(self):
        with self.using_stub(AptitudeRole) as aptitude, self.provisioning_to('debian'):
            self.role.install_packages()

            expected_packages = [
                call('selinux-basics'),
                call('selinux-policy-default'),
                call('selinux-utils'),
                call('auditd'),
                call('audispd-plugins'),
            ]
            self.assertEqual(aptitude.ensure_package_installed.mock_calls, expected_packages)

    @istest
    def installs_packages_in_ubuntu(self):
        with self.using_stub(AptitudeRole) as aptitude, self.provisioning_to('ubuntu'):
            self.role.install_packages()

            expected_packages = [
                call('selinux'),
                call('selinux-utils'),
                call('auditd'),
                call('audispd-plugins'),
            ]
            self.assertEqual(aptitude.ensure_package_installed.mock_calls, expected_packages)

    @istest
    def activates_on_debian(self):
        with self.execute_mock() as execute, self.provisioning_to('debian'), patch.object(self.role, 'enforce'):
            self.role.activate()

            expected_calls = [
                call('selinux-activate', stdout=False, sudo=True),
                call("semanage login -m -s 'user_u' -r s0 __default__", stdout=False, sudo=True),
            ]
            self.assertEqual(execute.mock_calls, expected_calls)
            self.role.enforce.assert_called_with()

    @istest
    def activates_on_ubuntu(self):
        with self.execute_mock() as execute, self.provisioning_to('ubuntu'), patch.object(self.role, 'enforce'):
            self.role.activate()

            expected_calls = [
                call("semanage login -m -s 'user_u' -r s0 __default__", stdout=False, sudo=True),
            ]
            self.assertEqual(execute.mock_calls, expected_calls)
            self.role.enforce.assert_called_with()

    @istest
    def puts_environment_in_enforce_mode(self):
        with self.execute_mock(), self.mock_role_method('ensure_line'), self.warn_only():
            self.role.enforce()

            self.role.execute.assert_called_with('setenforce 1', stdout=False, sudo=True)
            self.role.ensure_line.assert_called_with('SELINUX=enforcing', '/etc/selinux/config', sudo=True)

    @istest
    def ensures_that_a_login_mapping_exists(self):
        with self.execute_mock() as execute, self.warn_only():
            self.role.ensure_login_mapping('foo')

            execute.assert_called_with('semanage login -a foo', stdout=False, sudo=True)

    @istest
    def maps_a_login_user_to_an_selinux_user(self):
        with self.execute_mock() as execute, patch.object(self.role, 'ensure_login_mapping'):
            self.role.map_login('foo', 'staff_u')

            self.role.ensure_login_mapping.assert_called_with('foo')
            execute.assert_called_with('semanage login -m -s staff_u foo', stdout=False, sudo=True)

    @istest
    def maps_a_login_user_to_selinux_roles(self):
        with self.execute_mock() as execute, patch.object(self.role, 'ensure_login_mapping'):
            self.role.map_role('foo', ['staff_r', 'sysadm_r'])

            self.role.ensure_login_mapping.assert_called_with('foo')
            execute.assert_called_with("semanage user -m -R 'staff_r sysadm_r' foo", stdout=False, sudo=True)
Exemplo n.º 2
0
class SELinuxRoleTest(ProvyTestCase):
    def setUp(self):
        super(SELinuxRoleTest, self).setUp()
        self.role = SELinuxRole(prov=None, context={'cleanup': []})

    @istest
    def provisions_correctly(self):
        with self.mock_role_methods('install_packages', 'activate'):
            self.role.provision()

            self.role.install_packages.assert_called_with()
            self.role.activate.assert_called_with()

    @istest
    def installs_packages_in_debian(self):
        with self.using_stub(AptitudeRole) as aptitude, self.provisioning_to('debian'):
            self.role.install_packages()

            expected_packages = [
                call('selinux-basics'),
                call('selinux-policy-default'),
                call('selinux-utils'),
                call('auditd'),
                call('audispd-plugins'),
            ]
            self.assertEqual(aptitude.ensure_package_installed.mock_calls, expected_packages)

    @istest
    def installs_packages_in_ubuntu(self):
        with self.using_stub(AptitudeRole) as aptitude, self.provisioning_to('ubuntu'):
            self.role.install_packages()

            expected_packages = [
                call('selinux'),
                call('selinux-utils'),
                call('auditd'),
                call('audispd-plugins'),
            ]
            self.assertEqual(aptitude.ensure_package_installed.mock_calls, expected_packages)

    @istest
    def activates_on_debian(self):
        with self.execute_mock() as execute, self.provisioning_to('debian'), patch.object(self.role, 'enforce'):
            self.role.activate()

            expected_calls = [
                call('selinux-activate', stdout=False, sudo=True),
                call("semanage login -m -s 'user_u' -r s0 __default__", stdout=False, sudo=True),
            ]
            self.assertEqual(execute.mock_calls, expected_calls)
            self.role.enforce.assert_called_with()

    @istest
    def activates_on_ubuntu(self):
        with self.execute_mock() as execute, self.provisioning_to('ubuntu'), patch.object(self.role, 'enforce'):
            self.role.activate()

            expected_calls = [
                call("semanage login -m -s 'user_u' -r s0 __default__", stdout=False, sudo=True),
            ]
            self.assertEqual(execute.mock_calls, expected_calls)
            self.role.enforce.assert_called_with()

    @istest
    def puts_environment_in_enforce_mode(self):
        with self.execute_mock(), self.mock_role_method('ensure_line'), self.warn_only():
            self.role.enforce()

            self.role.execute.assert_called_with('setenforce 1', stdout=False, sudo=True)
            self.role.ensure_line.assert_called_with('SELINUX=enforcing', '/etc/selinux/config', sudo=True)

    @istest
    def ensures_that_a_login_mapping_exists(self):
        with self.execute_mock() as execute, self.warn_only():
            self.role.ensure_login_mapping('foo')

            execute.assert_called_with('semanage login -a foo', stdout=False, sudo=True)

    @istest
    def maps_a_login_user_to_an_selinux_user(self):
        with self.execute_mock() as execute, patch.object(self.role, 'ensure_login_mapping'):
            self.role.map_login('foo', 'staff_u')

            self.role.ensure_login_mapping.assert_called_with('foo')
            execute.assert_called_with('semanage login -m -s staff_u foo', stdout=False, sudo=True)

    @istest
    def maps_a_login_user_to_selinux_roles(self):
        with self.execute_mock() as execute, patch.object(self.role, 'ensure_login_mapping'):
            self.role.map_role('foo', ['staff_r', 'sysadm_r'])

            self.role.ensure_login_mapping.assert_called_with('foo')
            execute.assert_called_with("semanage user -m -R 'staff_r sysadm_r' foo", stdout=False, sudo=True)