6 files changed, 66 insertions, 147 deletions

diff --git a/lib/oeqa/runtime/cases/aide.py b/lib/oeqa/runtime/cases/aide.py
new file mode 100644
index 0000000..4c7633c
--- /dev/null
+++ b/lib/oeqa/runtime/cases/aide.py
@@ -0,0 +1,26 @@
+# Copyright (C) 2022 Armin Kuster <akuster808@gmail.com>
+#
+import re
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+
+
+class AideTest(OERuntimeTestCase):
+
+    @OEHasPackage(['aide'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_aide_help(self):
+        status, output = self.target.run('aide --help')
+        msg = ('Aide help command does not work as expected. '
+               'Status and output:%s and %s' % (status, output))
+        self.assertEqual(status, 0, msg = msg)
+
+    @OETestDepends(['aide.AideTest.test_aide_help'])
+    def test_aide_dbinit(self):
+        status, output = self.target.run('aide --init')
+        match = re.search('Number of entries:', output)
+        if not match:
+            msg = ('Aide db init failed: output is:\n%s' % output)
+            self.assertEqual(status, 0, msg = msg)
diff --git a/lib/oeqa/runtime/cases/checksec.py b/lib/oeqa/runtime/cases/checksec.py
index e46744c..53e6c1d 100644
--- a/lib/oeqa/runtime/cases/checksec.py
+++ b/lib/oeqa/runtime/cases/checksec.py
@@ -19,7 +19,7 @@ class CheckSecTest(OERuntimeTestCase):
 
     @OETestDepends(['checksec.CheckSecTest.test_checksec_help'])
     def test_checksec_xml(self):
-        status, output = self.target.run('checksec --format xml --proc-all')
+        status, output = self.target.run('checksec --format=xml --proc=1')
         msg = ('checksec xml failed. Output: %s' % output)
         self.assertEqual(status, 0, msg = msg)
 
diff --git a/lib/oeqa/runtime/cases/clamav.py b/lib/oeqa/runtime/cases/clamav.py
index cf83937..e0cad8f 100644
--- a/lib/oeqa/runtime/cases/clamav.py
+++ b/lib/oeqa/runtime/cases/clamav.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2019 Armin Kuster <akuster808@gmail.com>
+# Copyright (C) 2019 - 2022 Armin Kuster <akuster808@gmail.com>
 #
 import re
 from tempfile import mkstemp
@@ -48,21 +48,8 @@ class ClamavTest(OERuntimeTestCase):
         self.assertEqual(status, 0, msg = msg)
 
     @OETestDepends(['clamav.ClamavTest.test_ping_clamav_net'])
-    def test_freshclam_check_mirrors(self):
-        status, output = self.target.run('freshclam --list-mirrors')
-        match = re.search('Failures: 0', output)
-        if not match:
-            msg = ('freshclam --list-mirrors: failed. '
-               'Status and output:%s and %s' % (status, output))
-            self.assertEqual(status, 1, msg = msg)
-
-    @OETestDepends(['clamav.ClamavTest.test_freshclam_check_mirrors'])
     def test_freshclam_download(self):
         status, output = self.target.run('freshclam --show-progress')
-        match = re.search('Database updated', output)
-        #match = re.search('main.cvd is up to date', output)
-        if not match:
-            msg = ('freshclam : DB dowbload failed. '
-               'Status and output:%s and %s' % (status, output))
-            self.assertEqual(status, 1, msg = msg)
-
+        msg = ('freshclam : DB dowbload failed. '
+            'Status and output:%s and %s' % (status, output))
+        self.assertEqual(status, 0, msg = msg)
diff --git a/lib/oeqa/runtime/cases/firejail.py b/lib/oeqa/runtime/cases/firejail.py
new file mode 100644
index 0000000..88a8dda
--- /dev/null
+++ b/lib/oeqa/runtime/cases/firejail.py
@@ -0,0 +1,18 @@
+# Copyright (C) 2022 Armin Kuster <akuster808@gmail.com>
+#
+import re
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+
+class FirejailTest(OERuntimeTestCase):
+
+    @OEHasPackage(['firejail'])
+    @OEHasPackage(['libseccomp'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_firejail_basic(self):
+        status, output = self.target.run('firejail --help')
+        msg = ('Firejail --help command does not work as expected. '
+               'Status and output:%s and %s' % (status, output))
+        self.assertEqual(status, 0, msg = msg)
diff --git a/lib/oeqa/runtime/cases/smack.py b/lib/oeqa/runtime/cases/smack.py
index 35e87ef..6b87574 100644
--- a/lib/oeqa/runtime/cases/smack.py
+++ b/lib/oeqa/runtime/cases/smack.py
@@ -15,22 +15,19 @@ class SmackBasicTest(OERuntimeTestCase):
 
     @classmethod
     def setUpClass(cls):
-        cls.smack_path = ""
         cls.current_label  = ""
         cls.uid = 1000
+        status, output = cls.tc.target.run("grep smack /proc/mounts | awk '{print $2}'")
+        cls.smack_path = output
 
     @skipIfNotFeature('smack',
         'Test requires smack to be in DISTRO_FEATURES')
     @OEHasPackage(['smack-test'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_smack_basic(self):
-        status, output = self.target.run("grep smack /proc/mounts | awk '{print $2}'")
-        self.smack_path = output
         status,output = self.target.run("cat /proc/self/attr/current")
         self.current_label = output.strip()
 
-class SmackAccessLabel(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_add_access_label(self):
         ''' Test if chsmack can correctly set a SMACK label '''
@@ -43,19 +40,17 @@ class SmackAccessLabel(SmackBasicTest):
             "Status and output: %d %s" %(status, output))
         status, output = self.target.run("chsmack %s" %filename)
         self.target.run("rm %s" %filename)
-        m = re.search('(?<=access=")\S+(?=")', output)
+        m = re.search('(access=")\S+(?=")', output)
         if m is None:
             self.fail("Did not find access attribute")
         else:
-            label_retrieved = m .group(0)
+            label_retrieved = re.split("access=\"", output)[1][:-1]
             self.assertEqual(
                 LABEL, label_retrieved,
                 "label not set correctly. expected and gotten: "
                 "%s %s" %(LABEL,label_retrieved))
 
 
-class SmackExecLabel(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_add_exec_label(self):
         '''Test if chsmack can correctly set a SMACK Exec label'''
@@ -68,19 +63,17 @@ class SmackExecLabel(SmackBasicTest):
             "Status and output: %d %s" %(status, output))
         status, output = self.target.run("chsmack %s" %filename)
         self.target.run("rm %s" %filename)
-        m= re.search('(?<=execute=")\S+(?=")', output)
+        m= re.search('(execute=")\S+(?=")', output)
         if m is None:
             self.fail("Did not find execute attribute")
         else:
-            label_retrieved = m.group(0)
+            label_retrieved = re.split("execute=\"", output)[1][:-1]
             self.assertEqual(
                 LABEL, label_retrieved,
                 "label not set correctly. expected and gotten: " +
                 "%s %s" %(LABEL,label_retrieved))
 
 
-class SmackMmapLabel(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_add_mmap_label(self):
         '''Test if chsmack can correctly set a SMACK mmap label'''
@@ -93,19 +86,17 @@ class SmackMmapLabel(SmackBasicTest):
             "Status and output: %d %s" %(status, output))
         status, output = self.target.run("chsmack %s" %filename)
         self.target.run("rm %s" %filename)
-        m = re.search('(?<=mmap=")\S+(?=")', output)
+        m = re.search('(mmap=")\S+(?=")', output)
         if m is None:
             self.fail("Did not find mmap attribute")
         else:
-            label_retrieved = m.group(0)
+            label_retrieved = re.split("mmap=\"", output)[1][:-1]
             self.assertEqual(
                 LABEL, label_retrieved,
                 "label not set correctly. expected and gotten: " +
                 "%s %s" %(LABEL,label_retrieved))
 
 
-class SmackTransmutable(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_add_transmutable(self):
         '''Test if chsmack can correctly set a SMACK transmutable mode'''
@@ -117,19 +108,17 @@ class SmackTransmutable(SmackBasicTest):
                         "Status and output: %d %s" %(status, output))
         status, output = self.target.run("chsmack %s" %directory)
         self.target.run("rmdir %s" %directory)
-        m = re.search('(?<=transmute=")\S+(?=")', output)
+        m = re.search('(transmute=")\S+(?=")', output)
         if m is None:
             self.fail("Did not find transmute attribute")
         else:
-            label_retrieved = m.group(0)
+            label_retrieved = re.split("transmute=\"", output)[1][:-1]
             self.assertEqual(
                 "TRUE", label_retrieved,
                 "label not set correctly. expected and gotten: " +
                 "%s %s" %(LABEL,label_retrieved))
 
 
-class SmackChangeSelfLabelPrivilege(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_privileged_change_self_label(self):
         '''Test if privileged process (with CAP_MAC_ADMIN privilege)
@@ -137,16 +126,14 @@ class SmackChangeSelfLabelPrivilege(SmackBasicTest):
         '''
 
         labelf = "/proc/self/attr/current"
-        command = "/bin/sh -c 'echo PRIVILEGED >%s; cat %s'" %(labelf, labelf)
+        command = "/bin/sh -c 'echo PRIVILEGED >%s'; cat %s" %(labelf, labelf)
 
         status, output = self.target.run(
-            "notroot.py 0 %s %s" %(self.current_label, command))
+            "/usr/sbin/notroot.py 0 %s %s" %(self.current_label, command))
 
         self.assertIn("PRIVILEGED", output,
                     "Privilege process did not change label.Output: %s" %output)
 
-class SmackChangeSelfLabelUnprivilege(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_unprivileged_change_self_label(self):
         '''Test if unprivileged process (without CAP_MAC_ADMIN privilege)
@@ -154,7 +141,7 @@ class SmackChangeSelfLabelUnprivilege(SmackBasicTest):
 
         command = "/bin/sh -c 'echo %s >/proc/self/attr/current'" %LABEL
         status, output = self.target.run(
-            "notroot.py %d %s %s"
+            "/usr/sbin/notroot.py %d %s %s"
             %(self.uid, self.current_label, command) +
             " 2>&1 | grep 'Operation not permitted'" )
 
@@ -163,8 +150,6 @@ class SmackChangeSelfLabelUnprivilege(SmackBasicTest):
             "Unprivileged process should not be able to change its label")
 
 
-class SmackChangeFileLabelPrivilege(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_unprivileged_change_file_label(self):
         '''Test if unprivileged process cannot change file labels'''
@@ -174,17 +159,15 @@ class SmackChangeFileLabelPrivilege(SmackBasicTest):
         filename = "/tmp/test_unprivileged_change_file_label"
 
         self.target.run("touch %s" % filename)
-        self.target.run("notroot.py %d %s" %(self.uid, self.current_label))
+        self.target.run("/usr/sbin/notroot.py %d %s" %(self.uid, self.current_label))
         status, output = self.target.run(
-            "notroot.py " +
+            "/usr/sbin/notroot.py " +
             "%d unprivileged %s -a %s %s 2>&1 " %(self.uid, chsmack, LABEL, filename) +
             "| grep 'Operation not permitted'"  )
 
         self.target.run("rm %s" % filename)
         self.assertEqual( status, 0, "Unprivileged process changed label for %s" %filename)
 
-class SmackLoadRule(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_load_smack_rule(self):
         '''Test if new smack access rules can be loaded'''
@@ -211,8 +194,6 @@ class SmackLoadRule(SmackBasicTest):
         self.target.run('echo -n "%s" > %s/load' %(clean, self.smack_path))
 
 
-class SmackOnlycap(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_onlycap(self):
         '''Test if smack onlycap label can be set
@@ -223,7 +204,6 @@ class SmackOnlycap(SmackBasicTest):
         status, output = self.target.run("sh /usr/sbin/test_smack_onlycap.sh")
         self.assertEqual(status, 0, output)
 
-class SmackNetlabel(SmackBasicTest):
 
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_netlabel(self):
@@ -246,7 +226,6 @@ class SmackNetlabel(SmackBasicTest):
             test_label, output,
             "Did not find expected label in output: %s" %output)
 
-class SmackCipso(SmackBasicTest):
 
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_cipso(self):
@@ -287,7 +266,6 @@ class SmackCipso(SmackBasicTest):
         self.assertEqual(status, 0, "Cipso rule C was not set")
         self.assertIn("/17,33", output, "Rule C was not set correctly")
 
-class SmackDirect(SmackBasicTest):
 
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_direct(self):
@@ -308,8 +286,6 @@ class SmackDirect(SmackBasicTest):
             "Smack direct label does not match.")
 
 
-class SmackAmbient(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_ambient(self):
         test_ambient = "test_ambient"
@@ -330,8 +306,6 @@ class SmackAmbient(SmackBasicTest):
             "Ambient label does not match")
 
 
-class SmackloadBinary(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smackload(self):
         '''Test if smackload command works'''
@@ -345,8 +319,6 @@ class SmackloadBinary(SmackBasicTest):
         self.assertEqual(status, 0, "Smackload rule was loaded correctly")
 
 
-class SmackcipsoBinary(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smackcipso(self):
         '''Test if smackcipso command works'''
@@ -362,8 +334,6 @@ class SmackcipsoBinary(SmackBasicTest):
         self.assertIn( "2/2", output, "Rule was not set correctly. Got: %s" %output)
 
 
-class SmackEnforceFileAccess(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_enforce_file_access(self):
         '''Test if smack file access is enforced (rwx)
@@ -375,82 +345,6 @@ class SmackEnforceFileAccess(SmackBasicTest):
         self.assertEqual(status, 0, output)
 
 
-class SmackEnforceMmap(SmackBasicTest):
-
-    @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
-    def test_smack_mmap_enforced(self):
-        '''Test if smack mmap access is enforced'''
-        raise unittest.SkipTest("Depends on mmap_test, which was removed from the layer while investigating its license.")
-
-        #      12345678901234567890123456789012345678901234567890123456
-        delr1="mmap_label              mmap_test_label1        -----"
-        delr2="mmap_label              mmap_test_label2        -----"
-        delr3="mmap_file_label         mmap_test_label1        -----"
-        delr4="mmap_file_label         mmap_test_label2        -----"
-
-        RuleA="mmap_label              mmap_test_label1        rw---"
-        RuleB="mmap_label              mmap_test_label2        r--at"
-        RuleC="mmap_file_label         mmap_test_label1        rw---"
-        RuleD="mmap_file_label         mmap_test_label2        rwxat"
-
-        mmap_label="mmap_label"
-        file_label="mmap_file_label"
-        test_file = "/usr/sbin/smack_test_mmap"
-        mmap_exe = "/tmp/mmap_test"
-        status, echo = self.target.run("which echo")
-        status, output = self.target.run(
-            "notroot.py %d %s %s 'test' > %s" \
-            %(self.uid, self.current_label, echo, test_file))
-        status, output = self.target.run("ls %s" %test_file)
-        self.assertEqual(status, 0, "Could not create mmap test file")
-        self.target.run("chsmack -m %s %s" %(file_label, test_file))
-        self.target.run("chsmack -e %s %s" %(mmap_label, mmap_exe))
-
-        # test with no rules with mmap label or exec label as subject
-        # access should be granted
-        self.target.run('echo -n "%s" > %s/load' %(delr1, self.smack_path))
-        self.target.run('echo -n "%s" > %s/load' %(delr2, self.smack_path))
-        self.target.run('echo -n "%s" > %s/load' %(delr3, self.smack_path))
-        self.target.run('echo -n "%s" > %s/load' %(delr4, self.smack_path))
-        status, output = self.target.run("%s %s 0 2" % (mmap_exe, test_file))
-        self.assertEqual(
-            status, 0,
-            "Should have mmap access without rules. Output: %s" %output)
-
-        # add rules that do not match access required
-        self.target.run('echo -n "%s" > %s/load' %(RuleA, self.smack_path))
-        self.target.run('echo -n "%s" > %s/load' %(RuleB, self.smack_path))
-        status, output = self.target.run("%s %s 0 2" % (mmap_exe, test_file))
-        self.assertNotEqual(
-            status, 0,
-            "Should not have mmap access with unmatching rules. " +
-            "Output: %s" %output)
-        self.assertIn(
-            "Permission denied", output,
-            "Mmap access should be denied with unmatching rules")
-
-        # add rule to match only partially (one way)
-        self.target.run('echo -n "%s" > %s/load' %(RuleC, self.smack_path))
-        status, output = self.target.run("%s %s 0 2" %(mmap_exe, test_file))
-        self.assertNotEqual(
-            status, 0,
-            "Should not have mmap access with partial matching rules. " +
-            "Output: %s" %output)
-        self.assertIn(
-            "Permission denied", output,
-            "Mmap access should be denied with partial matching rules")
-
-        # add rule to match fully
-        self.target.run('echo -n "%s" > %s/load' %(RuleD, self.smack_path))
-        status, output = self.target.run("%s %s 0 2" %(mmap_exe, test_file))
-        self.assertEqual(
-            status, 0,
-            "Should have mmap access with full matching rules." +
-            "Output: %s" %output)
-
-
-class SmackEnforceTransmutable(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_transmute_dir(self):
         '''Test if smack transmute attribute works
@@ -473,8 +367,6 @@ class SmackEnforceTransmutable(SmackBasicTest):
             "Did not get expected label. Output: %s" % output)
 
 
-class SmackTcpSockets(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_tcp_sockets(self):
         '''Test if smack is enforced on tcp sockets
@@ -485,8 +377,6 @@ class SmackTcpSockets(SmackBasicTest):
         self.assertEqual(status, 0, output)
 
 
-class SmackUdpSockets(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_udp_sockets(self):
         '''Test if smack is enforced on udp sockets
@@ -497,8 +387,6 @@ class SmackUdpSockets(SmackBasicTest):
         self.assertEqual(status, 0, output)
 
 
-class SmackFileLabels(SmackBasicTest):
-
     @OETestDepends(['smack.SmackBasicTest.test_smack_basic'])
     def test_smack_labels(self):
         '''Check for correct Smack labels.'''
diff --git a/lib/oeqa/runtime/cases/sssd.py b/lib/oeqa/runtime/cases/sssd.py
index 4644836..1dfdb94 100644
--- a/lib/oeqa/runtime/cases/sssd.py
+++ b/lib/oeqa/runtime/cases/sssd.py
@@ -28,10 +28,10 @@ class SSSDTest(OERuntimeTestCase):
 
     @OETestDepends(['sssd.SSSDTest.test_sssd_sssctl_conf_perms_chk'])
     def test_sssd_sssctl_deamon(self):
-        status, output = self.target.run('sssctl domain-status')
+        status, output = self.target.run('sssctl domain-list')
         match = re.search('No domains configured, fatal error!', output)
         if match:
-            msg = ('sssctl domain-status failed, sssd.conf not setup correctly. '
+            msg = ('sssctl domain-list failed, sssd.conf not setup correctly. '
                'Status and output:%s and %s' % (status, output))
             self.assertEqual(status, 0, msg = msg)