diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-09-25 13:46:56 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-09-27 10:43:39 +0200 |
commit | 256024db0a1cd2fb39445f9760bc8a49abb7f15c (patch) | |
tree | 7c33788a2b3322739bc59ae6c3325df8d367426c /tests | |
parent | c49bc80494938a41d2c34c7ac1cde1fe3a14ddd5 (diff) | |
download | freeipa.git-256024db0a1cd2fb39445f9760bc8a49abb7f15c.tar.gz freeipa.git-256024db0a1cd2fb39445f9760bc8a49abb7f15c.tar.xz freeipa.git-256024db0a1cd2fb39445f9760bc8a49abb7f15c.zip |
Validate SELinux users in config-mod
config-mod is capable of changing default SELinux user map order
and a default SELinux user. Validate the new config values to
prevent bogus default SELinux users to be assigned to IPA users.
https://fedorahosted.org/freeipa/ticket/2993
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_xmlrpc/test_config_plugin.py | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/tests/test_xmlrpc/test_config_plugin.py b/tests/test_xmlrpc/test_config_plugin.py index 6d83f047..3d9a31da 100644 --- a/tests/test_xmlrpc/test_config_plugin.py +++ b/tests/test_xmlrpc/test_config_plugin.py @@ -61,31 +61,61 @@ class test_config(Declarative): ), dict( - desc='Try to set invalid ipaselinuxusermapdefault', + desc='Try to set ipaselinuxusermapdefault not in selinux order list', command=('config_mod', [], dict(ipaselinuxusermapdefault=u'unknown_u:s0')), - expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='SELinux user map default user not in order list'), + expected=errors.ValidationError(name='ipaselinuxusermapdefault', + error='SELinux user map default user not in order list'), + ), + + dict( + desc='Try to set invalid ipaselinuxusermapdefault', + command=('config_mod', [], + dict(ipaselinuxusermapdefault=u'foo')), + expected=errors.ValidationError(name='ipaselinuxusermapdefault', + error='Invalid MLS value, must match s[0-15](-s[0-15])'), ), dict( desc='Try to set invalid ipaselinuxusermapdefault with setattr', command=('config_mod', [], dict(setattr=u'ipaselinuxusermapdefault=unknown_u:s0')), - expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='SELinux user map default user not in order list'), + expected=errors.ValidationError(name='ipaselinuxusermapdefault', + error='SELinux user map default user not in order list'), ), dict( - desc='Try to set invalid ipaselinuxusermaporder', + desc='Try to set ipaselinuxusermaporder without ipaselinuxusermapdefault out of it', command=('config_mod', [], dict(ipaselinuxusermaporder=u'notfound_u:s0')), - expected=errors.ValidationError(name='ipaselinuxusermaporder', error='SELinux user map default user not in order list'), + expected=errors.ValidationError(name='ipaselinuxusermaporder', + error='SELinux user map default user not in order list'), + ), + + dict( + desc='Try to set invalid ipaselinuxusermaporder', + command=('config_mod', [], + dict(ipaselinuxusermaporder=u'$')), + expected=errors.ValidationError(name='ipaselinuxusermaporder', + error='A list of SELinux users delimited by $ expected'), + ), + + dict( + desc='Try to set invalid selinux user in ipaselinuxusermaporder', + command=('config_mod', [], + dict(ipaselinuxusermaporder=u'unconfined_u:s0-s0:c0.c1023$baduser$guest_u:s0')), + expected=errors.ValidationError(name='ipaselinuxusermaporder', + error='SELinux user \'baduser\' is not valid: Invalid MLS ' + 'value, must match s[0-15](-s[0-15])'), ), dict( desc='Try to set new selinux order and invalid default user', command=('config_mod', [], - dict(ipaselinuxusermaporder=u'$xguest_u:s0$guest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023', ipaselinuxusermapdefault=u'unknown_u:s0')), - expected=errors.ValidationError(name='ipaselinuxusermapdefault', error='SELinux user map default user not in order list'), + dict(ipaselinuxusermaporder=u'xguest_u:s0$guest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023', + ipaselinuxusermapdefault=u'unknown_u:s0')), + expected=errors.ValidationError(name='ipaselinuxusermapdefault', + error='SELinux user map default user not in order list'), ), ] |