Merge "catch SElinux alerts in permissive mode"
This commit is contained in:
commit
1cfd3cbb63
20
run_tests.sh
20
run_tests.sh
@ -96,6 +96,9 @@ elif is_fedora; then
|
||||
$SUDO rpm -ivh /tmp/puppet.rpm
|
||||
$SUDO yum install -y dstat ${PUPPET_PKG} setools setroubleshoot audit
|
||||
$SUDO service auditd start
|
||||
|
||||
# SElinux in permissive mode so later we can catch alerts
|
||||
$SUDO setenforce 0
|
||||
fi
|
||||
|
||||
PUPPET_ARGS="${PUPPET_ARGS} --detailed-exitcodes --color=false --test --trace"
|
||||
@ -110,6 +113,18 @@ function run_puppet() {
|
||||
return $res
|
||||
}
|
||||
|
||||
function catch_selinux_alerts() {
|
||||
if is_fedora; then
|
||||
$SUDO sealert -a /var/log/audit/audit.log
|
||||
if $SUDO grep -i 'type=AVC' /var/log/audit/audit.log >/dev/null; then
|
||||
echo "AVC detected in /var/log/audit/audit.log"
|
||||
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
|
||||
exit 1
|
||||
else
|
||||
echo 'No AVC detected in /var/log/audit/audit.log'
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# use dstat to monitor system activity during integration testing
|
||||
if type "dstat" 2>/dev/null; then
|
||||
@ -129,6 +144,7 @@ run_puppet $SCENARIO
|
||||
RESULT=$?
|
||||
set -e
|
||||
if [ $RESULT -ne 2 ]; then
|
||||
catch_selinux_alerts
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@ -138,6 +154,7 @@ run_puppet $SCENARIO
|
||||
RESULT=$?
|
||||
set -e
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
catch_selinux_alerts
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@ -176,4 +193,7 @@ RESULT=$?
|
||||
set -e
|
||||
testr last --subunit > /tmp/openstack/tempest/testrepository.subunit
|
||||
/tmp/openstack/tempest/.tox/all-plugin/bin/tempest list-plugins
|
||||
|
||||
catch_selinux_alerts
|
||||
|
||||
exit $RESULT
|
||||
|
Loading…
Reference in New Issue
Block a user