Use serial console on apparmor_profile tests

Some parts use script_run_interactive and send_key which can't run in serial console, thus console is switched on multiple places - use script output for comamnds with control characters to avoid timeout - add quotes on base apparmor test to fix Unquoted string "apparmortest" may clash with future reserved word at sle/tests/security/apparmor_profile/usr_sbin_smbd.pm line 23, <$fh> line 21. - add sleep times to make the fast execution stable
os-autoinst · Aug 16, 2024 · 1e542d5 · 1e542d5
1 parent 603cd90
commit 1e542d5
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 7 deletions.
diff --git a/lib/apparmortest.pm b/lib/apparmortest.pm
@@ -18,6 +18,7 @@ use utils;
 use version_utils qw(is_sle is_leap is_tumbleweed);
 use y2_module_guitest 'launch_yast2_module_x11';
 use x11utils 'turn_off_gnome_screensaver';
+use serial_terminal qw(select_serial_terminal);
 
 use base 'consoletest';
 
@@ -169,7 +170,7 @@ sub aa_status_stdout_check {
     my $total_line = script_output("aa-status | grep 'profiles are in' | grep $profile_mode | cut -d ' ' -f1");
     my $lines = $start_line + $total_line;
 
-    assert_script_run("aa-status | head -$lines | tail -$total_line | sed 's/[ \t]*//g' | grep -x $profile_name");
+    script_output("aa-status | head -$lines | tail -$total_line | sed 's/[ \t]*//g' | grep -x $profile_name");
 }
 
 =head2 ip_fetch
@@ -628,9 +629,11 @@ sub adminer_database_delete {
     send_key "tab";
     send_key "tab";
     send_key "ret";
+    wait_still_screen(2, 2);
     assert_and_click("adminer-save-passwd", timeout => 180);
     assert_screen("adminer-select-database");
     assert_and_click("adminer-click-database-test");
+    sleep 1;
     assert_and_click("adminer-click-drop-database-test");
     # Confirm drop
     send_key_until_needlematch("adminer-database-dropped", 'ret', 11, 1);
@@ -787,7 +790,7 @@ Restart auditd and apparmor in root-console
 sub pre_run_hook {
     my ($self) = @_;
 
-    select_console 'root-console';
+    select_serial_terminal;
     systemctl('restart auditd');
     systemctl('restart apparmor');
     $self->SUPER::pre_run_hook;
@@ -806,6 +809,7 @@ sub post_fail_hook {
 
     return if get_var('NOLOGS');
     # Exit x11 and turn to console in case
+    select_console('x11');
     send_key("alt-f4");
     select_console("root-console");
     if (script_run("! [[ -e $audit_log ]]")) {

diff --git a/tests/security/apparmor_profile/apache2_changehat.pm b/tests/security/apparmor_profile/apache2_changehat.pm
@@ -39,13 +39,14 @@
 # Tags: poo#48773, tc#1695946, poo#111036
 
 
-use base apparmortest;
+use base "apparmortest";
 use strict;
 use warnings;
 use testapi;
 use utils;
 use version_utils qw(is_sle is_leap is_tumbleweed);
 use registration qw(add_suseconnect_product register_product);
+use serial_terminal qw(select_serial_terminal);
 
 sub run {
     my ($self) = shift;
@@ -90,12 +91,16 @@ sub run {
     # Restart apparmor
     systemctl("restart apparmor");
 
+    select_console('root-console');
+
     # Install Mariadb and setup database test account
     $self->mariadb_setup();
+    select_serial_terminal;
 
     # Set up Web environment for running Adminer
     # Note that adminer_setup() also does a test run - at this stage, with Apache running unconfined
     $self->adminer_setup();
+    select_serial_terminal;
 
     # Stop unconfined Apache instance before loading the AppArmor profile for it.
     # This is needed to avoid that a confined Apache process ("restart" after loading the AppArmor profile)
@@ -145,6 +150,7 @@ sub run {
 
     # Do some operations on Adminer web, e.g., log in, select/delete a database
     $self->adminer_database_delete();
+    select_serial_terminal;
 
     # Verify audit log contains no "DENIED" "adminer" change hat opertions.
     # NOTE: There may have some "DENIED" records but we only interest in

diff --git a/tests/security/apparmor_profile/mailserver_setup.pm b/tests/security/apparmor_profile/mailserver_setup.pm
@@ -28,6 +28,7 @@ sub run {
     zypper_call("--no-refresh in telnet");
 
     unless (is_sle('<=12-sp2')) {
+        select_console('root-console');
 
         # Create a testing mail with telnet smtp
         $self->send_mail_smtp();

diff --git a/tests/security/apparmor_profile/usr_lib_dovecot_imap.pm b/tests/security/apparmor_profile/usr_lib_dovecot_imap.pm
@@ -20,6 +20,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
+use serial_terminal qw(select_serial_terminal);
 
 sub run {
     my ($self) = shift;
@@ -33,6 +34,7 @@ sub run {
 
     # Start apparmor
     systemctl("start apparmor");
+    sleep 1;
 
     # Set the AppArmor security profile to enforce mode
     $profile_name = "usr.sbin.dovecot";
@@ -49,6 +51,7 @@ sub run {
 
     # Restart Dovecot
     systemctl("restart dovecot");
+    sleep 3;
 
     # cleanup audit log
     assert_script_run("echo > $audit_log");
@@ -58,7 +61,9 @@ sub run {
     assert_script_run("echo > $mail_info_log");
 
     # Retrieve email with a IMAP account
+    select_console('root-console');
     $self->retrieve_mail_imap();
+    select_serial_terminal;
 
     # Verify audit log contains no related error
     my $script_output = script_output "cat $audit_log";

diff --git a/tests/security/apparmor_profile/usr_lib_dovecot_pop3.pm b/tests/security/apparmor_profile/usr_lib_dovecot_pop3.pm
@@ -19,6 +19,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
+use serial_terminal qw(select_serial_terminal);
 
 sub run {
     my ($self) = shift;
@@ -48,6 +49,7 @@ sub run {
 
     # Restart Dovecot
     systemctl("restart dovecot");
+    sleep 3;
 
     # cleanup audit log
     assert_script_run("echo > $audit_log");
@@ -57,7 +59,9 @@ sub run {
     assert_script_run("echo > $mail_info_log");
 
     # Retrieve email with a POP3 account
+    select_console('root-console');
     $self->retrieve_mail_pop3();
+    select_serial_terminal;
 
     # Verify audit log contains no related error
     my $script_output = script_output "cat $audit_log";

diff --git a/tests/security/apparmor_profile/usr_sbin_dovecot.pm b/tests/security/apparmor_profile/usr_sbin_dovecot.pm
@@ -32,8 +32,11 @@ sub run {
 
     # verify "dovecot" service
     assert_script_run("systemctl stop dovecot.service");
+    sleep 1;
     assert_script_run("systemctl start dovecot.service");
+    sleep 1;
     assert_script_run("systemctl restart dovecot.service");
+    sleep 1;
     assert_script_run("systemctl status --no-pager dovecot.service", sub { m/Active: active (running)./ });
 
     # verify audit log contains no related error

diff --git a/tests/security/apparmor_profile/usr_sbin_smbd.pm b/tests/security/apparmor_profile/usr_sbin_smbd.pm
@@ -20,7 +20,7 @@
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#48776, poo#134780
 
-use base apparmortest;
+use base "apparmortest";
 use strict;
 use warnings;
 use testapi;
@@ -41,7 +41,7 @@ sub samba_server_setup {
         path = /home/testdir
         read only = No
 EOF
-    assert_script_run("echo '$smb_config' >> /etc/samba/smb.conf");
+    script_output("echo '$smb_config' >> /etc/samba/smb.conf");
     assert_script_run("mkdir /home/$apparmortest::testdir");
     systemctl("restart smb");
 }
@@ -79,8 +79,6 @@ sub run {
     my $pw = $apparmortest::pw;
     my $ip = "";
 
-    select_serial_terminal;
-
     # Set up samba server
     $self->samba_server_setup();