mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 06:48:07 +00:00
update tests for SELinux changes
Signed-off-by: bcambl <blayne@blaynecampbell.com>
This commit is contained in:
parent
81ca78e7f4
commit
cd9b1fcb8c
@ -254,73 +254,16 @@ def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
|
||||
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 2
|
||||
|
||||
|
||||
def test_selinux_enforcing_default_exit(Pihole):
|
||||
def test_selinux_not_detected(Pihole):
|
||||
'''
|
||||
confirms installer prompts to exit when SELinux is Enforcing by default
|
||||
confirms installer continues when SELinux configuration file does not exist
|
||||
'''
|
||||
# getenforce returns the running state of SELinux
|
||||
mock_command('getenforce', {'*': ('Enforcing', '0')}, Pihole)
|
||||
# Whiptail dialog returns Cancel for user prompt
|
||||
mock_command('whiptail', {'*': ('', '1')}, Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
rm -f /etc/selinux/config
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = info_box + ' SELinux mode detected: Enforcing'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
expected_stdout = 'SELinux Enforcing detected, exiting installer'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 1
|
||||
|
||||
|
||||
def test_selinux_enforcing_continue(Pihole):
|
||||
'''
|
||||
confirms installer prompts to continue with custom policy warning
|
||||
'''
|
||||
# getenforce returns the running state of SELinux
|
||||
mock_command('getenforce', {'*': ('Enforcing', '0')}, Pihole)
|
||||
# Whiptail dialog returns Continue for user prompt
|
||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = info_box + ' SELinux mode detected: Enforcing'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
expected_stdout = info_box + (' Continuing installation with SELinux '
|
||||
'Enforcing')
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
expected_stdout = info_box + (' Please refer to official SELinux '
|
||||
'documentation to create a custom policy')
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 0
|
||||
|
||||
|
||||
def test_selinux_permissive(Pihole):
|
||||
'''
|
||||
confirms installer continues when SELinux is Permissive
|
||||
'''
|
||||
# getenforce returns the running state of SELinux
|
||||
mock_command('getenforce', {'*': ('Permissive', '0')}, Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = info_box + ' SELinux mode detected: Permissive'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 0
|
||||
|
||||
|
||||
def test_selinux_disabled(Pihole):
|
||||
'''
|
||||
confirms installer continues when SELinux is Disabled
|
||||
'''
|
||||
mock_command('getenforce', {'*': ('Disabled', '0')}, Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = info_box + ' SELinux mode detected: Disabled'
|
||||
expected_stdout = info_box + ' SELinux not detected'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 0
|
||||
|
||||
|
@ -7,6 +7,68 @@ from conftest import (
|
||||
mock_command_2,
|
||||
)
|
||||
|
||||
def mock_selinux_config(state, Pihole):
|
||||
'''
|
||||
Creates a mock SELinux config file with expected content
|
||||
'''
|
||||
# validate state string
|
||||
valid_states = ['enforcing', 'permissive', 'disabled']
|
||||
assert state in valid_states
|
||||
# getenforce returns the running state of SELinux
|
||||
mock_command('getenforce', {'*': (state.capitalize(), '0')}, Pihole)
|
||||
# create mock configuration with desired content
|
||||
Pihole.run('''
|
||||
mkdir /etc/selinux
|
||||
echo "SELINUX={state}" > /etc/selinux/config
|
||||
'''.format(state=state.lower()))
|
||||
|
||||
|
||||
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
|
||||
def test_selinux_enforcing_exit(Pihole):
|
||||
'''
|
||||
confirms installer prompts to exit when SELinux is Enforcing by default
|
||||
'''
|
||||
mock_selinux_config("enforcing", Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = cross_box + ' Current SELinux: Enforcing'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
expected_stdout = 'SELinux Enforcing detected, exiting installer'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 1
|
||||
|
||||
|
||||
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
|
||||
def test_selinux_permissive(Pihole):
|
||||
'''
|
||||
confirms installer continues when SELinux is Permissive
|
||||
'''
|
||||
mock_selinux_config("permissive", Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = tick_box + ' Current SELinux: Permissive'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 0
|
||||
|
||||
|
||||
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
|
||||
def test_selinux_disabled(Pihole):
|
||||
'''
|
||||
confirms installer continues when SELinux is Disabled
|
||||
'''
|
||||
mock_selinux_config("disabled", Pihole)
|
||||
check_selinux = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
checkSelinux
|
||||
''')
|
||||
expected_stdout = tick_box + ' Current SELinux: Disabled'
|
||||
assert expected_stdout in check_selinux.stdout
|
||||
assert check_selinux.rc == 0
|
||||
|
||||
|
||||
@pytest.mark.parametrize("tag", [('fedora'), ])
|
||||
def test_epel_and_remi_not_installed_fedora(Pihole):
|
||||
|
Loading…
Reference in New Issue
Block a user