/var/lib/pcp/testsuite/940 is in pcp-testsuite 4.0.1-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | #!/bin/sh
# PCP QA Test No. 940
# selinux container context checks
#
# Copyright (c) 2017 Red Hat Inc. All Rights Reserved.
#
seq=`basename $0`
echo "QA output created by $seq"
# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check
policy_name="pcpupstream-container"
policy_file="$PCP_VAR_DIR/selinux/$policy_name.pp"
which sedismod >/dev/null 2>&1 || _notrun "sedismod tool not installed (module disassembly)"
which semodule >/dev/null 2>&1 || _notrun "semodule tool not installed"
which seinfo >/dev/null 2>&1 || _notrun "seinfo tool not installed"
[ -f "$policy_file" ] || _notrun "upstream container policy package not installed"
$sudo semodule -l 2>&1 | grep -q "$policy_name" || _notrun "upstream container policy package not loaded"
_cleanup()
{
cd $here
$sudo rm -rf $tmp $tmp.*
}
_filter_semodule()
{
awk '{ print $1 }'
}
_filter_sedismod()
{
sed -n '/--- begin avrule block ---/,$p'
}
_filter_sedismod1()
{
sed -e '/^Command/d'
}
_filter_outfile()
{
awk -v container_t="$conatienr_runtime_t" \
'{
if (container_t == "" && /container_runtime_t/)
!/container_runtime_t/ ;
else
print;
}'
}
status=1 # failure is the default!
$sudo rm -rf $tmp $tmp.* $seq.full
trap "_cleanup; exit \$status" 0 1 2 3 15
echo "full policy modules list on the system"
$sudo semodule -l >> $seq.full
echo "Checking that pcpupstream policy module has been properly installed"
grep "pcpupstream-container" $seq.full | _filter_semodule
echo "Checking policies."
printf '1\nq\n' | sedismod $policy_file | _filter_sedismod | _filter_sedismod1
# success, all done
status=0
exit
|