Run the following tests as root and a non-root user. Note: If you are using the default OpenPegasus file permission settings, the non-root user will need to be a member of the pegasus group.

• Test Setup
  • Verify the non-root user is a member of the pegasus group.
    • grep `whoami` /etc/group
      
• Run Tests
  • The following tests should run successfully.
    • Test Script 1 - connectLocal Test.
    • Test Script 2 - connect Test over HTTPS to localhost.

Run the following tests as "root".

• Run Tests
  • The tests following tests should run successfully.
    • Test Script 3 - Create a new namespace.
    • Test Script 4 - Stop the cimserver daemon.

Run the following tests as a non-root, pegasus group, user.

• Run Tests
  • The tests following tests should run successfully.
    • Test Script 3 - Create a new namespace.

      Potentially Incorrect Behavior:  This tests succeeds. Need to determine if this is the desired behavior.

      Inconsistent Behavior:  Permissions on the created directories and files are inconsistent with the permissions on the packaged repository directories and files. Also, directories created by non-root members of the pegasus group are not accessible to them.

      drwxr-x--- 5 root pegasus 4096 Jun 1 20:30 root
      drwxr-x--- 5 root pegasus 4096 Jun 1 20:30 root#cimv2
      drwxr-x--- 5 root pegasus 4096 Jun 1 20:30 root#PG_Internal
      drwxr-x--- 5 root pegasus 4096 Jun 1 20:30 root#PG_InterOp
      drwx------ 5 root root 4096 Jun 1 20:31 root#test1
      
    • Test Script 4 - Stop the cimserver daemon.

      This test should fail.

• Test Setup
  • /etc/init.d/tog-pegasus stop
  • cimconfig -s forceProviderProcesses=true -p
  • /etc/init.d/tog-pegasus start
• Run Tests
  • The tests following tests should run successfully as both root and non-root. In addition, the test should run successfully with the OpenPegasus SELinux policies enabled and disabled.
    • Test Script 1 - connectLocal Test.
    • Test Script 2 - connect Test over HTTPS to localhost.

• Test Setup
  • cimprovider -r -m OperatingSystemModule

  • Modify the PG_Provider Module instance definition in /usr/share/Pegasus/mof/Pegasus/PG_OperatingSystem20R.mof as follows:

    • Change the InterfaceVersion from "2.1.0" to "2.5.0".
    • Add the new property
      UserContext = 2;
  • cimmof -n root/PG_InterOp /usr/share/Pegasus/mof/Pegasus/PG_OperatingSystem20R.mof
• Run Tests
  • The tests following tests should run successfully as both root and non-root. In addition, the test should run successfully with the OpenPegasus SELinux policies enabled and disabled.
    • osinfo

      FAILURE: Test is failing when run by a non-root user.

      [guest@katmai CIM29]$ osinfo osinfo error: CIM_ERR_FAILED: A general error occurred that is not covered by a more specific error code: "Failed to communicate with cimprovagt "OperatingSystemModule"."

      cimserver.trc Output

      06/01/2006-20:55:17: OsAbstraction [3810:1115699552:SystemUnix.cpp:1139]: setgid failed: Operation not permitted
      06/01/2006-20:55:17: DiscardedData [3810:1115699552]: System::changeUserContext() failed. userName = guest.
      06/01/2006-20:55:17: OsAbstraction [3765:1115699552]: Failed to read buffer from pipe: connection closed
      

• Test Setup
  • Verify the OpenPegasus SELinux policies are disabled.
    # getsebool pegasus_disable_trans
    pegasus_disable_trans --> active
    
    • Run Tests
      • The tests following tests should run successfully as root with the OpenPegasus SELinux policies enabled and disabled.
        # getsebool pegasus_disable_trans
        
        • Test 1
          # /etc/init.d/tog-pegasus start
          # ps -ef | grep cim
          # /etc/init.d/tog-pegasus stop
          # ps -ef | grep cim
          
        • Test 2
          # cimserver
          # ps -ef | grep cim
          # cimserver -s
          # ps -ef | grep cim
          
        • Test 3
          # /etc/init.d/tog-pegasus start
          # ps -ef | grep cimserver
          # cimserver -s
          # ps -ef | grep cim FAILURE with policies DISABLED
• Test 6 (Enable/Disable Policy Tests)
  • Run Tests
    • The tests following tests should run successfully as root.
      • Test 1
        # chcon -u root -r object_r -t usr_t /usr/lib/Pegasus/providers/libOSProvider.so.1
        # setsebool pegasus_disable_trans true
        # cimserver
        # osinfo FAILURE: OpenPegasus SELinux Policy testing is still enabled
        # cimserver -s
        # chcon -u system_u -r object_r -t shlib_t /usr/lib/Pegasus/providers/libOSProvider.so.1
      • Test 2
        # chcon -u root -r object_r -t usr_t /usr/lib/Pegasus/providers/libOSProvider.so.1
        # setsebool pegasus_disable_trans true
        # /etc/init.d/tog-pegasus start
        # osinfo
        # /etc/init.d/tog-pegasus stop
        # chcon -u system_u -r object_r -t shlib_t /usr/lib/Pegasus/providers/libOSProvider.so.1
• Test 7 (Run SDK Tests)
  • Run Tests
    • The tests following tests should run successfully as root. In addition, the test should run successfully with the OpenPegasus SELinux policies enabled and disabled.
      • Sample tests
        # cd /usr/share/Pegasus/samples
        # gmake
        # gmake setupSDK
        # gmake tests FAILURE: The test fails when OpenPegasus selinux policy is enabled.
        
• Test 8 (Run-As-Requestor - Trace Test)
  • Test Setup
    • Configure OS Provider to Run-As-Requestor.
    • Enable tracing.
      # cimconfig -s traceLevel=4
      # cimconfig -s traceComponents=ALL
      
  • Run Tests
    • The tests following tests should run successfully as both root and non-root. In addition, the test should run successfully with the OpenPegasus SELinux policies enabled and disabled.
      • • osinfo
        • Verify the appropriate trace files have been created in the directory /var/lib/Pegasus/trace. FAILURE: Failure attempting to create trace file when running as non-root.