From: Linda K. <lin...@hp...> - 2011-06-06 23:00:25
|
rc...@li... wrote: > From: Ramon de Carvalho Valle <rc...@br...> > > Signed-off-by: Ramon de Carvalho Valle <rc...@br...> > --- > audit/kvm/test_selinux_trans_from_svirt.bash | 48 ++++++++++++++++++++++++++ > 1 files changed, 48 insertions(+), 0 deletions(-) > create mode 100755 audit/kvm/test_selinux_trans_from_svirt.bash > > diff --git a/audit/kvm/test_selinux_trans_from_svirt.bash b/audit/kvm/test_selinux_trans_from_svirt.bash > new file mode 100755 > index 0000000..04bf343 > --- /dev/null > +++ b/audit/kvm/test_selinux_trans_from_svirt.bash > @@ -0,0 +1,48 @@ > +#!/usr/bin/env bash > +# > +# Copyright 2010, 2011 International Business Machines Corp. > +# Copyright 2010, 2011 Ramon de Carvalho Valle > +# > +# This program is free software: you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation, either version 2 of the License, or > +# (at your option) any later version. > +# > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > +# > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see <http://www.gnu.org/licenses/>. > +# > + > +# test_selinux_trans_from_svirt.bash > +# > +# Assert processes executing with svirt_t SELinux type are allowed to > +# transition to ptchown_t and abrt_helper_t only. Same comment as for patch #22. > + > + > +source testcase.bash || exit 2 > + > +set -x > + > +allowed=$(sesearch -s svirt_t -c process -p transition --allow) > +allowed=$(echo "$allowed" | grep -E "^.*allow") > +allowed=$(echo "$allowed" | awk '{ print $3 }') > +allowed=$(echo "$allowed" | sed "/lspp_harness_t/d") > +allowed_count=$(echo "$allowed" | wc -l) > + > +if [[ $allowed_count -eq 0 ]]; then > + exit_fail > +fi > + > +for type in $allowed; do > + if [[ ! "$type" =~ ptchown_t|abrt_helper_t ]]; then > + exit_fail > + fi > +done > + > +exit_pass > + > +# vim: set noet sw=8 ts=8 tw=0: |