diff options
author | sergey.galtsev <sergey.galtsev@mongodb.com> | 2021-09-28 22:43:09 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-09-28 23:11:18 +0000 |
commit | e5d32fc7b6811a659ac36f519bf697d776df4849 (patch) | |
tree | 6c2675bad0d3c64daf6c1dea26a738ea242b4921 /evergreen/selinux_test_setup.sh | |
parent | 9569a71e456821fe24030f59810f384d4a9b8b02 (diff) | |
download | mongo-e5d32fc7b6811a659ac36f519bf697d776df4849.tar.gz |
SERVER-56180 SELinux policy tests
Diffstat (limited to 'evergreen/selinux_test_setup.sh')
-rwxr-xr-x | evergreen/selinux_test_setup.sh | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/evergreen/selinux_test_setup.sh b/evergreen/selinux_test_setup.sh new file mode 100755 index 00000000000..ef2e70df2a9 --- /dev/null +++ b/evergreen/selinux_test_setup.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# This script is loaded on the target machine, which is running tests +# Purpose: install mongod and shell from packages + +set -o xtrace +set -o errexit + +function apply_selinux_policy() { + echo "==== Applying SELinux policy now" + rm -rf mongodb-selinux + git clone https://github.com/mongodb/mongodb-selinux + cd mongodb-selinux + make + sudo make install +} + +# on evergreen images /tmp is usually linked to /data/tmp, which interferes +# with selinux, as it does not recognize it as tmp_t domain +if [ -L /tmp ]; then + sudo --non-interactive rm /tmp + sudo --non-interactive mkdir /tmp + sudo --non-interactive systemctl start tmp.mount +fi + +# selinux policy should work both when applied before and after install +# we will randomly apply it before or after installation is completed +SEORDER="$(($RANDOM % 2))" +if [ "$SEORDER" == "0" ]; then + apply_selinux_policy +fi + +# install shell using yum, so that dependencies are pulled +pkg="$(find "$HOME"/repo -name 'mongodb-*-shell-*.x86_64.rpm' | tee /dev/stderr)" +sudo --non-interactive yum install --assumeyes "$pkg" \ + || if [ "$?" -gt "1" ]; then exit 1; fi # exit code 1 is OK + +pkg="$(find "$HOME"/repo -name 'mongodb-*-server-*.x86_64.rpm' | tee /dev/stderr)" +sudo --non-interactive rpm --install --verbose --verbose --hash --nodeps "$pkg" \ + || if [ "$?" -gt "1" ]; then exit 1; fi # exit code 1 is OK + +if [ "$SEORDER" == "1" ]; then + apply_selinux_policy +fi |