From 9d3d33b6a276a7c94159b4f20429956615362093 Mon Sep 17 00:00:00 2001 From: bcambl Date: Tue, 26 Jun 2018 00:09:30 -0600 Subject: [PATCH] add tests for selinux checking Signed-off-by: bcambl --- .gitignore | 1 + test/test_automated_install.py | 50 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/.gitignore b/.gitignore index 73f14ae3..91bb6aff 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ *.swp __pycache__ .cache +.pytest_cache # Created by https://www.gitignore.io/api/jetbrains+iml diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 2c65c660..684b7004 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -173,6 +173,56 @@ def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole): assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' in firewall_calls assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' in firewall_calls +def test_selinux_enforcing_default_exit(Pihole): + ''' confirms installer prompts to exit when SELinux is Enforcing by default ''' + # getenforce returns the running state of SELinux + mock_command('getenforce', {'*':('Enforcing', '0')}, Pihole) + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', {'*':('', '1')}, Pihole) + check_selinux = Pihole.run(''' + source /opt/pihole/basic-install.sh + checkSelinux + ''') + assert info_box + ' SELinux mode detected: Enforcing' in check_selinux.stdout + assert 'SELinux Enforcing detected, exiting installer' in check_selinux.stdout + assert check_selinux.rc == 1 + +def test_selinux_enforcing_continue(Pihole): + ''' confirms installer prompts to continue with custom policy warning ''' + # getenforce returns the running state of SELinux + mock_command('getenforce', {'*':('Enforcing', '0')}, Pihole) + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', {'*':('', '0')}, Pihole) + check_selinux = Pihole.run(''' + source /opt/pihole/basic-install.sh + checkSelinux + ''') + assert info_box + ' SELinux mode detected: Enforcing' in check_selinux.stdout + assert info_box + ' Continuing installation with SELinux Enforcing' in check_selinux.stdout + assert info_box + ' Please refer to official SELinux documentation to create a custom policy' in check_selinux.stdout + assert check_selinux.rc == 0 + +def test_selinux_permissive(Pihole): + ''' confirms installer continues when SELinux is Permissive ''' + # getenforce returns the running state of SELinux + mock_command('getenforce', {'*':('Permissive', '0')}, Pihole) + check_selinux = Pihole.run(''' + source /opt/pihole/basic-install.sh + checkSelinux + ''') + assert info_box + ' SELinux mode detected: Permissive' in check_selinux.stdout + assert check_selinux.rc == 0 + +def test_selinux_disabled(Pihole): + ''' confirms installer continues when SELinux is Disabled ''' + mock_command('getenforce', {'*':('Disabled', '0')}, Pihole) + check_selinux = Pihole.run(''' + source /opt/pihole/basic-install.sh + checkSelinux + ''') + assert info_box + ' SELinux mode detected: Disabled' in check_selinux.stdout + assert check_selinux.rc == 0 + def test_installPiholeWeb_fresh_install_no_errors(Pihole): ''' confirms all web page assets from Core repo are installed on a fresh build ''' installWeb = Pihole.run('''