2 ###############################################################################
3 # (c) Copyright Hewlett-Packard Development Company, L.P., 2006
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of version 2 the GNU General Public License as
7 # published by the Free Software Foundation.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 ###############################################################################
19 # Verify that with polyinstantiation enabled and configured for /tmp, users
20 # get separate /tmp directories for each level that they log in as.
22 # - Use semanage to configure the test user for s0-s2
23 # - Setup the PAM namespace configuration for /tmp
24 # - Cleanup any old /tmp files for the test user
25 # - Audit open syscalls by the test user
26 # - Log in as the test user at s0, create a file in /tmp, write the
27 # user's security context into it and log out.
28 # - Verify the information in the audit record from creating the file.
29 # The name should be relative to the namespace.
30 # - Log in as the test user at s2, create a file with the same name in /tmp,
31 # write the user's security context into it and log out.
32 # - Verify the information in the audit record from creating the file.
33 # The name should be relative to the namespace.
34 # - From the test harness, verify that the two files are found in
35 # the instance directories and are different.
37 source pam_functions.bash ||
exit 2
39 # if in LSPP mode, map the TEST_USER to staff_u and give it a range
40 if [[ $PPROFILE == "lspp" ]]; then
41 semanage login
-d $TEST_USER
42 semanage login
-a -s staff_u
-r s0-s2
$TEST_USER
43 # XXX should compute the context from the policy
44 s0_context
=staff_u
:sysadm_r
:sysadm_t
:SystemLow
45 s2_context
=staff_u
:sysadm_r
:sysadm_t
:Secret
46 s0_obj
=staff_u
:object_r
:sysadm_tmp_t
:s0
47 s2_obj
=staff_u
:object_r
:sysadm_tmp_t
:s2
48 auid
=$
(id
-u "$TEST_USER")
50 exit_error
"Not in lspp mode"
53 # calling login in this manner leaves an entry in /var/run/utmp
54 # use backup (and automatic restore) to work around this
57 # backup namespace.conf and configured it for the test case
58 backup
/etc
/security
/namespace.conf
59 echo "/tmp /tmp-inst/ level root,adm" > /etc
/security
/namespace.conf
62 tmpnewfile
=/tmp
/newfile
64 # cleanup old /tmp files
65 rm -rf $tmpinstdir/*_
$TEST_USER
67 # Force the audit log to rotate; add our rule.
68 rotate_audit_logs || exit_error
"log rotate failed"
69 prepend_cleanup
"auditctl -D"
70 auditctl
-a entry
,always
${MODE:+-F arch=b$MODE} -S open
-F uid
=$auid || \
71 exit_error
"audit rule failed"
73 # Login as s0 and write the user's context to a file in /tmp.
78 expect -nocase {login: $} {send "$env(TEST_USER)\r"}
79 expect -nocase {password: $} {send "$env(TEST_USER_PASSWD)\r"}
80 expect -nocase {level} {send "Y\r"}
81 expect -nocase {role:} {send "\r"}
82 expect -nocase {level:} {send "s0\r"}
84 expect {:::$} {send "id -Z > $env(tmpnewfile)\r"}
85 expect {:::$} {close; wait}'
87 # Check the path and context in the audit record.
88 augrok
type==SYSCALL \
89 subj
=$s0_context auid
=$auid success
=yes \
90 name
=$tmpnewfile obj
=$s0_obj\
91 || exit_fail
"missing audit record"
93 log_mark
=$
(stat
-c %s
$audit_log)
94 # Login at s2 and write the user's context to a file in /tmp
95 # Also write the user's context into localtmp.
100 expect -nocase {login: $} {send "$env(TEST_USER)\r"}
101 expect -nocase {password: $} {send "$env(TEST_USER_PASSWD)\r"}
102 expect -nocase {level} {send "Y\r"}
103 expect -nocase {role:} {send "\r"}
104 expect -nocase {level:} {send "s2\r"}
106 expect {:::$} {send "id -Z > $env(tmpnewfile)\r"}
107 expect {:::$} {close; wait}'
110 # Check the path and context in the audit record.
111 augrok
--seek=$log_mark type==SYSCALL \
112 subj
=$s2_context auid
=$auid success
=yes \
113 name
=$tmpnewfile obj
=$s2_obj\
114 || exit_fail
"missing audit record"
116 # verify that the files created by each login are different
117 diff $tmpinstdir/*s0_
$TEST_USER/newfile
$tmpinstdir/*s2_
$TEST_USER/newfile
118 [[ $?
== 0 ]] && exit_fail
"Files match unexpectedly"