diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-06-20 22:46:13 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-06-20 22:46:18 +0200 |
| commit | fc65dabdb5e7357555d117d7aef950f4dd000a5b (patch) | |
| tree | 22f14469be621055c52a8df20d230b743d2b18e0 | |
| parent | 57ab451e856fc9a5722499b499ac988e4988577a (diff) | |
| download | systemd-fc65dabdb5e7357555d117d7aef950f4dd000a5b.tar.gz | |
test-condition: extend tests to all ConditionSecurity= values
Also print out what we detect, for manual verification.
| -rw-r--r-- | src/test/test-condition.c | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/src/test/test-condition.c b/src/test/test-condition.c index 59f8629dba..7ce6ee80ea 100644 --- a/src/test/test-condition.c +++ b/src/test/test-condition.c @@ -13,6 +13,7 @@ #include "audit-util.h" #include "cgroup-util.h" #include "condition.h" +#include "efivars.h" #include "hostname-util.h" #include "id128-util.h" #include "ima-util.h" @@ -23,6 +24,7 @@ #include "smack-util.h" #include "string-util.h" #include "strv.h" +#include "tomoyo-util.h" #include "user-util.h" #include "util.h" #include "virt.h" @@ -429,14 +431,19 @@ static void test_condition_test_security(void) { assert_se(condition_test(condition) != mac_selinux_use()); condition_free(condition); - condition = condition_new(CONDITION_SECURITY, "ima", false, false); + condition = condition_new(CONDITION_SECURITY, "apparmor", false, false); assert_se(condition); - assert_se(condition_test(condition) == use_ima()); + assert_se(condition_test(condition) == mac_apparmor_use()); condition_free(condition); - condition = condition_new(CONDITION_SECURITY, "apparmor", false, false); + condition = condition_new(CONDITION_SECURITY, "tomoyo", false, false); assert_se(condition); - assert_se(condition_test(condition) == mac_apparmor_use()); + assert_se(condition_test(condition) == mac_tomoyo_use()); + condition_free(condition); + + condition = condition_new(CONDITION_SECURITY, "ima", false, false); + assert_se(condition); + assert_se(condition_test(condition) == use_ima()); condition_free(condition); condition = condition_new(CONDITION_SECURITY, "smack", false, false); @@ -448,6 +455,23 @@ static void test_condition_test_security(void) { assert_se(condition); assert_se(condition_test(condition) == use_audit()); condition_free(condition); + + condition = condition_new(CONDITION_SECURITY, "uefi-secureboot", false, false); + assert_se(condition); + assert_se(condition_test(condition) == is_efi_secure_boot()); + condition_free(condition); +} + +static void print_securities(void) { + log_info("------ enabled security technologies ------"); + log_info("SELinux: %s", yes_no(mac_selinux_use())); + log_info("AppArmor: %s", yes_no(mac_apparmor_use())); + log_info("Tomoyo: %s", yes_no(mac_tomoyo_use())); + log_info("IMA: %s", yes_no(use_ima())); + log_info("SMACK: %s", yes_no(mac_smack_use())); + log_info("Audit: %s", yes_no(use_audit())); + log_info("UEFI secure boot: %s", yes_no(is_efi_secure_boot())); + log_info("-------------------------------------------"); } static void test_condition_test_virtualization(void) { @@ -663,6 +687,7 @@ int main(int argc, char *argv[]) { test_condition_test_kernel_version(); test_condition_test_null(); test_condition_test_security(); + print_securities(); test_condition_test_virtualization(); test_condition_test_user(); test_condition_test_group(); |