SELinux: Disable component tests because they edit the system

oamg/leapp#408

repos/system_upgrade/el7toel8/actors/selinux/selinuxapplycustom/actor.py

@@ -9,6 +9,7 @@
 
 WORKING_DIRECTORY = '/tmp/selinux/'
 
+
 class SELinuxApplyCustom(Actor):
     '''
     Re-apply SELinux customizations from RHEL-7 installation
@@ -52,13 +53,13 @@ def process(self):
                     continue
 
                 try:
-                    run([
-                        'semodule',
-                        '-X',
-                        str(module.priority),
-                        '-i',
-                        cil_filename]
-                    )
+                    run(['semodule',
+                         '-X',
+                         str(module.priority),
+                         '-i',
+                         cil_filename
+                         ]
+                        )
                 except CalledProcessError as e:
                     self.log.info("Error installing module: %s", str(e))
                     # TODO - save the failed module to /etc/selinux ?

repos/system_upgrade/el7toel8/actors/selinux/selinuxapplycustom/tests/component_test.py

@@ -1,5 +1,7 @@
 import os
 
+import pytest
+
 from leapp.snactor.fixture import current_actor_context
 from leapp.models import SELinuxModule, SELinuxModules, SELinuxCustom, SELinuxFacts, SELinuxRequestRPMs
 from leapp.libraries.stdlib import api, run, CalledProcessError
@@ -15,17 +17,19 @@
 ]
 
 semanage_commands = [
-['fcontext', '-t', 'ganesha_var_run_t', "'/ganesha(/.*)?'"],
-['fcontext', '-t', 'httpd_sys_content_t', "'/web(/.*)?'"],
-['port', '-t', 'http_port_t', '-p', 'udp', '81']
+    ['fcontext', '-t', 'ganesha_var_run_t', "'/ganesha(/.*)?'"],
+    ['fcontext', '-t', 'httpd_sys_content_t', "'/web(/.*)?'"],
+    ['port', '-t', 'http_port_t', '-p', 'udp', '81']
 ]
 
+
 def findModuleSemodule(semodule_lfull, name, priority):
     for line in semodule_lfull:
         if name in line and priority in line:
             return line
     return None
 
+
 def findSemanageRule(rules, rule):
     for r in rules:
         for word in rule:
@@ -35,11 +39,13 @@ def findSemanageRule(rules, rule):
             return r
     return None
 
+
+@pytest.mark.skip(reason='Test disabled because it would modify the system')
 def test_SELinuxApplyCustom(current_actor_context):
 
     semodule_list = [SELinuxModule(name=module, priority=int(prio),
                                    content="(allow domain proc_type (file (getattr open read)))", removed=[])
-                                   for (prio, module) in test_modules]
+                     for (prio, module) in test_modules]
 
     commands = [" ".join([c[0], "-a"] + c[1:]) for c in semanage_commands[1:]]
     semanage_removed = [" ".join([semanage_commands[0][0], "-a"] + semanage_commands[0][1:])]
@@ -68,7 +74,10 @@ def test_SELinuxApplyCustom(current_actor_context):
     for command in semanage_commands[1:-1]:
         assert findSemanageRule(semanage_export, command)
 
-def teardown():
+
+# Test disabled because it's setup and teardown would modify the system
+# Remove "_" before re-activation
+def teardown_():
     for priority, module in test_modules:
         try:
             run(["semodule", "-X", priority, "-r", module])

repos/system_upgrade/el7toel8/actors/selinux/selinuxcontentscanner/actor.py

@@ -1,7 +1,6 @@
 from leapp.actors import Actor
 from leapp.models import SELinuxModules, SELinuxCustom, SELinuxFacts, SELinuxRequestRPMs, RpmTransactionTasks
 from leapp.tags import FactsPhaseTag, IPUWorkflowTag
-from leapp.libraries.stdlib import run, CalledProcessError
 from leapp.libraries.actor import library
 
 

repos/system_upgrade/el7toel8/actors/selinux/selinuxcontentscanner/libraries/library.py

@@ -1,6 +1,7 @@
 import os
 import re
 from shutil import rmtree
+
 from leapp.libraries.stdlib import api, run, CalledProcessError
 from leapp.models import SELinuxModule
 
@@ -28,6 +29,7 @@
 
 WORKING_DIRECTORY = '/tmp/selinux/'
 
+
 def checkModule(name):
     '''
     Check if given module contains one of removed types.
@@ -61,7 +63,7 @@ def listSELinuxModules():
         # "<priority> <module name>    <module type - pp/cil> "
         m = re.match(r'([0-9]+)\s+([\w-]+)\s+([\w-]+)\s*\Z', module)
         if not m:
-            #invalid output of "semodule -lfull"
+            # invalid output of "semodule -lfull"
             api.current_logger().info('Invalid output of "semodule -lfull": %s', module)
             continue
         modules.append((m.group(2), m.group(1)))
@@ -166,6 +168,7 @@ def getSELinuxModules():
 
     return (semodule_list, retain_rpms, install_rpms)
 
+
 def getSELinuxCustomizations():
     '''
     Extract local SELinux customizations introduced by semanage command

repos/system_upgrade/el7toel8/actors/selinux/selinuxcontentscanner/tests/component_test.py

@@ -1,5 +1,7 @@
 import os
 
+import pytest
+
 from leapp.snactor.fixture import current_actor_context
 from leapp.models import SELinuxModule, SELinuxModules, SELinuxCustom, SELinuxFacts, SELinuxRequestRPMs
 from leapp.libraries.stdlib import api, run, CalledProcessError
@@ -14,15 +16,18 @@
 ]
 
 semanage_commands = [
-['fcontext', '-t', 'httpd_sys_content_t', '"/web(/.*)?"'],
-['fcontext', '-t', 'ganesha_var_run_t', '"/ganesha(/.*)?"'],
-['port', '-t', 'http_port_t', '-p', 'udp', '81'],
-['permissive', 'abrt_t']
+    ['fcontext', '-t', 'httpd_sys_content_t', '"/web(/.*)?"'],
+    ['fcontext', '-t', 'ganesha_var_run_t', '"/ganesha(/.*)?"'],
+    ['port', '-t', 'http_port_t', '-p', 'udp', '81'],
+    ['permissive', 'abrt_t']
 ]
 
 testmoduledir = os.path.join(os.getcwd(), "tests/mock_modules/")
 
-def setup():
+
+# Test disabled because it's setup and teardown would modify the system
+# Remove "_" before re-activation
+def setup_():
     for priority, module in test_modules:
         try:
             semodule = run(["semodule", "-X", priority, "-i", os.path.join(testmoduledir, module + ".cil")])
@@ -39,12 +44,14 @@ def setup():
             api.current_logger().warning("Error applying selinux customizations %s", str(e.stderr))
             continue
 
+
 def findModule(selinuxmodules, name, priority):
     for module in selinuxmodules.modules:
         if module.name == name and module.priority == int(priority):
             return module
     return None
 
+
 def findSemanageRule(rules, rule):
     for r in rules:
         for word in rule:
@@ -54,6 +61,8 @@ def findSemanageRule(rules, rule):
             return r
     return None
 
+
+@pytest.mark.skip(reason="Test disabled because it's setup and teardown would modify the system")
 def test_SELinuxContentScanner(current_actor_context):
 
     expected_data = {'policy': 'targeted',
@@ -89,7 +98,9 @@ def test_SELinuxContentScanner(current_actor_context):
     assert findSemanageRule(custom.commands, semanage_commands[2])
 
 
-def teardown():
+# Test disabled because it's setup and teardown would modify the system
+# Remove "_" before re-activation
+def teardown_():
     for command in semanage_commands[:-1]:
         try:
             run(["semanage", command[0], "-d"] + command[1:])

repos/system_upgrade/el7toel8/actors/selinux/selinuxcontentscanner/tests/unit_test.py

@@ -1,6 +1,7 @@
 from leapp.libraries.stdlib import run, CalledProcessError
 from leapp.libraries.actor import library
 
+
 class run_mocked(object):
     def __init__(self):
         self.args = []
@@ -12,28 +13,29 @@ def __call__(self, args, split=True):
 
         if self.args == ['semodule', '-lfull']:
             stdout = ["400 permissive_abrt_t cil",
-                     "400   zebra       cil",
-                     "300 zebra       cil",
-                     "100 vpn               pp  ",
-                     "099 zebra             cil     ",
-                     "100   minissdpd         pp"]
+                      "400   zebra       cil",
+                      "300 zebra       cil",
+                      "100 vpn               pp  ",
+                      "099 zebra             cil     ",
+                      "100   minissdpd         pp"]
 
         elif self.args == ['semanage', 'export']:
             stdout = ["boolean -D",
-                     "login -D",
-                     "interface -D",
-                     "user -D",
-                     "port -D",
-                     "node -D",
-                     "fcontext -D",
-                     "module -D",
-                     "boolean -m -1 cron_can_relabel",
-                     "port -a -t http_port_t -p udp 81",
-                     "fcontext -a -f a -t httpd_sys_content_t '/web(/.*)?'",
-                     "fcontext -a -f a -t ganesha_var_run_t '/ganesha(/.*)?'"]
+                      "login -D",
+                      "interface -D",
+                      "user -D",
+                      "port -D",
+                      "node -D",
+                      "fcontext -D",
+                      "module -D",
+                      "boolean -m -1 cron_can_relabel",
+                      "port -a -t http_port_t -p udp 81",
+                      "fcontext -a -f a -t httpd_sys_content_t '/web(/.*)?'",
+                      "fcontext -a -f a -t ganesha_var_run_t '/ganesha(/.*)?'"]
 
         return {'stdout': stdout}
 
+
 class run_mocked_fail(object):
     def __init__(self):
         self.called = 0
@@ -56,6 +58,7 @@ def test_listSELinuxModules(monkeypatch):
 
     assert library.listSELinuxModules() == []
 
+
 def test_getSELinuxCustomizations(monkeypatch):
     monkeypatch.setattr(library, "run", run_mocked())
 

repos/system_upgrade/el7toel8/actors/selinux/selinuxprepare/actor.py

@@ -1,9 +1,9 @@
 from leapp.actors import Actor
 from leapp.models import SELinuxModules, SELinuxCustom
 from leapp.tags import PreparationPhaseTag, IPUWorkflowTag
-from leapp.libraries.stdlib import run, CalledProcessError
 from leapp.libraries.actor import library
 
+
 class SELinuxPrepare(Actor):
     '''
     Remove selinux policy customizations before updating selinux-policy* packages

repos/system_upgrade/el7toel8/actors/selinux/selinuxprepare/libraries/library.py

@@ -1,5 +1,6 @@
 from leapp.libraries.stdlib import api, run, CalledProcessError
-from leapp.models import SELinuxModules, SELinuxCustom
+from leapp.models import SELinuxModules
+
 
 def removeSemanageCustomizations():
     # remove SELinux customizations done by semanage -- to be reintroduced after the upgrade
@@ -14,20 +15,20 @@ def removeSemanageCustomizations():
         except CalledProcessError:
             continue
 
+
 def removeCustomModules():
     # remove custom SElinux modules - to be reinstalled after the upgrade
     for semodules in api.consume(SELinuxModules):
         api.current_logger().info("Removing custom SELinux policy modules. Count: %d", len(semodules.modules))
         for module in semodules.modules:
             api.current_logger().info("Removing %s on priority %d.", module.name, module.priority)
             try:
-                run([
-                    'semodule',
-                    '-X',
-                    str(module.priority),
-                    '-r',
-                    module.name]
-                )
+                run(['semodule',
+                     '-X',
+                     str(module.priority),
+                     '-r',
+                     module.name]
+                    )
             except CalledProcessError as e:
                 api.current_logger().info("Failed to remove module %s on priority %d: %s",
                                           module.name, module.priority, str(e))