Menu
▾
▴
[Audit-test-developer] [PATCH 08/27] Add test_libvirt_access.bash
|
From: <rc...@li...> - 2011-06-06 13:17:16
|
From: Ramon de Carvalho Valle <rc...@br...> Signed-off-by: Ramon de Carvalho Valle <rc...@br...> --- audit/kvm/test_libvirt_access.bash | 103 ++++++++++++++++++++++++++++++++++++ 1 files changed, 103 insertions(+), 0 deletions(-) create mode 100755 audit/kvm/test_libvirt_access.bash diff --git a/audit/kvm/test_libvirt_access.bash b/audit/kvm/test_libvirt_access.bash new file mode 100755 index 0000000..cc90b7d --- /dev/null +++ b/audit/kvm/test_libvirt_access.bash @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +# +# Copyright 2010, 2011 International Business Machines Corp. +# Copyright 2010, 2011 Ramon de Carvalho Valle +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# test_libvirt_access.bash +# +# Assert only superuser and non privileged users in libvirt group are +# allowed to access the libvirt daemon and configure virtual machine +# parameters. + + +source testcase.bash || exit 2 + +set -x + +userdel -fr testuser1 +groupdel testuser1 +useradd testuser1 -G libvirt + +if [[ $? -ne 0 ]]; then + exit_error +fi + +userdel -fr testuser2 +groupdel testuser2 +useradd testuser2 + +if [[ $? -ne 0 ]]; then + exit_error +fi + +virsh connect qemu:///system + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +/bin/su - testuser1 -c "virsh connect qemu:///system" + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +/bin/su - testuser1 -c "virsh connect qemu:///system --readonly" + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +/bin/su - testuser1 -c "virsh connect qemu:///session" + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +/bin/su - testuser1 -c "virsh connect qemu:///session --readonly" + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +/bin/su - testuser2 -c "virsh connect qemu:///system" + +if [[ $? -eq 0 ]]; then + exit_fail +fi + +/bin/su - testuser2 -c "virsh connect qemu:///system --readonly" + +if [[ $? -eq 0 ]]; then + exit_fail +fi + +/bin/su - testuser2 -c "virsh connect qemu:///session" + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +/bin/su - testuser2 -c "virsh connect qemu:///session --readonly" + +if [[ $? -ne 0 ]]; then + exit_fail +fi + +exit_pass + +# vim: set noet sw=8 ts=8 tw=0: -- 1.7.1 |