From patchwork Thu Sep 15 14:39:27 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Lautrbach X-Patchwork-Id: 9333821 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 044436077A for ; Thu, 15 Sep 2016 14:42:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC7C4298C1 for ; Thu, 15 Sep 2016 14:42:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E0CAF298C5; Thu, 15 Sep 2016 14:42:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6E841298C1 for ; Thu, 15 Sep 2016 14:42:28 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,339,1470700800"; d="scan'208";a="17619026" IronPort-PHdr: =?us-ascii?q?9a23=3ABXkSnhVB73Zpl7lGr3qfEanN8wTV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhODt8tkgFKBZ4jH8fUM07OQ6PG5HzNdqsnd+DBaKdoXBkdD0Z?= =?us-ascii?q?1X1yUbQ+e9QXXhK/DrayFoVO9jb3RCu0+BDE5OBczlbEfTqHDhpRQbGxH4KBYn?= =?us-ascii?q?br+tQt2asc272qiI9oHJZE0Q3XzmMOo0c0j98lmZ9pFPx9AzcuBpklqBi0ALUt?= =?us-ascii?q?we/XlvK1OXkkS0zeaL17knzR5tvek8/dVLS6TwcvdwZ7VZCDM7LzJ9v5Wz5lH+?= =?us-ascii?q?Vw/H2l8wGiVTy0IJUED560ThU5PwtDbqnvZs0ymde8vtRPY7Xirxwb1sTUrQhT?= =?us-ascii?q?sdfxow7X3NgMV7jOoPuBaougBlyYf8eoyZNPNiOKjaeIVJFiJ6Qs9NWnkZUcuH?= =?us-ascii?q?ZIwVAr9EZL5V?= X-IPAS-Result: =?us-ascii?q?A2GZEADZstpX/wHyM5BcHQEFAQsBGQYMgw8BAQEBAR5XfKY?= =?us-ascii?q?9AZQZIAOBeIVnTAEBAQEBAQEBAgECWyeCMgQDEwV5W0QCNxQgDgMJAhcpCAgDA?= =?us-ascii?q?S0VHwsFGASIKcIDJYYxiGEQAgGFdwWIMpE2hiWJNAKBbIgMDIVfkFlUgn0bgVF?= =?us-ascii?q?uhVqBJwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 15 Sep 2016 14:42:13 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8FEgBPG022531; Thu, 15 Sep 2016 10:42:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8FEdqPM251120 for ; Thu, 15 Sep 2016 10:39:52 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8FEdqKD022025 for ; Thu, 15 Sep 2016 10:39:52 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DpAAD1sdpXhxy3hNFcHQEFAQsBgzoBAQEBAXV8pROCBQGPM4QSFAiGAoFdTAECAQEBAQECEwEBAQoLCQkZhhCBUYhKwieGMYhyAQGFdwWIMpE2hiWJNAKBbIgYhV+QWYMCAQtDEQqBUTo0hGKCHwEBAQ X-IPAS-Result: A1DpAAD1sdpXhxy3hNFcHQEFAQsBgzoBAQEBAXV8pROCBQGPM4QSFAiGAoFdTAECAQEBAQECEwEBAQoLCQkZhhCBUYhKwieGMYhyAQGFdwWIMpE2hiWJNAKBbIgYhV+QWYMCAQtDEQqBUTo0hGKCHwEBAQ X-IronPort-AV: E=Sophos;i="5.30,339,1470715200"; d="scan'208";a="5707727" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 15 Sep 2016 10:39:51 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AiaqFAx3+g+4jaWQZsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segTI/ad9pjvdHbS+e9qxAeQG96KsrQb1qGJ7+igATVGusfZ9ihaMdRlbFwssY?= =?us-ascii?q?0uhQsuAcqIWwXQDcXBSGgEJvlET0Jv5HqhMEJYS47UblzWpWCuv3ZJQk2sfTR8?= =?us-ascii?q?Kum9IIPOlcP/j7n0oMyKJVoVz2XhKfMqdVPt/F2X7pFXyaJZaY8JgiPTpXVJf+?= =?us-ascii?q?kEjUhJHnm02yjG28Gr4ZR4+D5Rsf9yv+RJUKH9YrhqBecAVGduYCgJ45jwuB3C?= =?us-ascii?q?SxafzmcNWWUR1BxTCk7K6w+pcI32t37Cu/ZnkA2TINHsR7k/WXz296NiVQPygi?= =?us-ascii?q?4vLTM18GjLzMd3ifQI81qauxVjztuMM8muP/1kc/aFcA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FoAwCksdpXhxy3hNFcHQEFAQsBGQYMg?= =?us-ascii?q?w8BAQEBAXV8pROBK1oBjzOEEhQIgXiECoFdTAEBAQEBAQEBAgECEAEBAQoLCQk?= =?us-ascii?q?ZL4IyGIEAW4E8gVGISsIohjGIcgEBhXcFiDKRNoYliTQCgWyIGIVfkFmDDkMRC?= =?us-ascii?q?oFROjSEYoIfAQEB?= X-IPAS-Result: =?us-ascii?q?A0FoAwCksdpXhxy3hNFcHQEFAQsBGQYMgw8BAQEBAXV8pRO?= =?us-ascii?q?BK1oBjzOEEhQIgXiECoFdTAEBAQEBAQEBAgECEAEBAQoLCQkZL4IyGIEAW4E8g?= =?us-ascii?q?VGISsIohjGIcgEBhXcFiDKRNoYliTQCgWyIGIVfkFmDDkMRCoFROjSEYoIfAQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.30,339,1470700800"; d="scan'208";a="17618779" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Sep 2016 14:39:50 +0000 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 382408B13E for ; Thu, 15 Sep 2016 14:39:49 +0000 (UTC) Received: from rhel-at-redhat.localdomain.com ([10.40.2.167]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u8FEdmJJ003247; Thu, 15 Sep 2016 10:39:48 -0400 From: Petr Lautrbach To: selinux@tycho.nsa.gov Subject: [PATCH 1/3] sandbox: tests - use sandbox from cwd Date: Thu, 15 Sep 2016 16:39:27 +0200 Message-Id: <1473950369-2547-1-git-send-email-plautrba@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 15 Sep 2016 14:39:49 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP The tests executed sandbox from $PATH while they should test sandbox in cwd. At the same time, tests should be run using the same python as is used by make to run them. Signed-off-by: Petr Lautrbach --- policycoreutils/sandbox/test_sandbox.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/policycoreutils/sandbox/test_sandbox.py b/policycoreutils/sandbox/test_sandbox.py index 6f54d0c..d5368c2 100644 --- a/policycoreutils/sandbox/test_sandbox.py +++ b/policycoreutils/sandbox/test_sandbox.py @@ -1,6 +1,7 @@ import unittest import os import shutil +import sys from tempfile import mkdtemp from subprocess import Popen, PIPE @@ -26,63 +27,63 @@ class SandboxTests(unittest.TestCase): def test_simple_success(self): "Verify that we can read file descriptors handed to sandbox" p1 = Popen(['cat', '/etc/passwd'], stdout=PIPE) - p2 = Popen(['sandbox', 'grep', 'root'], stdin=p1.stdout, stdout=PIPE) + p2 = Popen([sys.executable, 'sandbox', 'grep', 'root'], stdin=p1.stdout, stdout=PIPE) out, err = p2.communicate() self.assertTrue(b'root' in out) def test_cant_kill(self): "Verify that we cannot send kill signal in the sandbox" pid = os.getpid() - p = Popen(['sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertDenied(err) def test_cant_ping(self): "Verify that we can't ping within the sandbox" - p = Popen(['sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertDenied(err) def test_cant_mkdir(self): "Verify that we can't mkdir within the sandbox" - p = Popen(['sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertFailure(p.returncode) def test_cant_list_homedir(self): "Verify that we can't list homedir within the sandbox" - p = Popen(['sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertFailure(p.returncode) def test_cant_send_mail(self): "Verify that we can't send mail within the sandbox" - p = Popen(['sandbox', 'mail'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', 'mail'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertDenied(err) def test_cant_sudo(self): "Verify that we can't run sudo within the sandbox" - p = Popen(['sandbox', 'sudo'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', 'sudo'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertFailure(p.returncode) def test_mount(self): "Verify that we mount a file system" - p = Popen(['sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertSuccess(p.returncode, err) def test_set_level(self): "Verify that we set level a file system" - p = Popen(['sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() self.assertSuccess(p.returncode, err) def test_homedir(self): "Verify that we set homedir a file system" homedir = mkdtemp(dir=".", prefix=".sandbox_test") - p = Popen(['sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() shutil.rmtree(homedir) self.assertSuccess(p.returncode, err) @@ -90,7 +91,7 @@ class SandboxTests(unittest.TestCase): def test_tmpdir(self): "Verify that we set tmpdir a file system" tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_test") - p = Popen(['sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE) + p = Popen([sys.executable, 'sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE) out, err = p.communicate() shutil.rmtree(tmpdir) self.assertSuccess(p.returncode, err)