[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Resubmission: [PATCH 4/6] sVirt AppArmor security driver



On Tue, 08 Sep 2009, Jamie Strandboge wrote:

> > [PATCH 4]
> > patch_4_tests.patch:
> > Adds tests for virt-aa-helper and the security driver. secaatest.c is
> > identical to seclabeltest.c except it initializes the 'apparmor' driver
> > instead of 'selinux'. These tests are integrated into 'make check' and
> > pass.
> > 

-- 
Jamie Strandboge             | http://www.canonical.com
diff -Nurp ./libvirt.orig/tests/Makefile.am ./libvirt/tests/Makefile.am
--- ./libvirt.orig/tests/Makefile.am	2009-08-17 11:00:40.000000000 -0500
+++ ./libvirt/tests/Makefile.am	2009-09-08 15:32:22.000000000 -0500
@@ -77,6 +77,10 @@ if WITH_SECDRIVER_SELINUX
 noinst_PROGRAMS += seclabeltest
 endif
 
+if WITH_SECDRIVER_APPARMOR
+noinst_PROGRAMS += secaatest
+endif
+
 if WITH_CIL
 noinst_PROGRAMS += object-locking
 endif
@@ -112,6 +116,9 @@ test_scripts +=				\
 	virsh-synopsis
 endif
 
+if WITH_SECDRIVER_APPARMOR
+test_scripts += virt-aa-helper-test
+endif
 EXTRA_DIST += $(test_scripts)
 
 TESTS = virshtest \
@@ -138,6 +145,10 @@ if WITH_SECDRIVER_SELINUX
 TESTS += seclabeltest
 endif
 
+if WITH_SECDRIVER_APPARMOR
+TESTS += secaatest
+endif
+
 if WITH_LIBVIRTD
 noinst_PROGRAMS += eventtest
 TESTS += eventtest
@@ -255,6 +266,14 @@ else
 EXTRA_DIST += seclabeltest.c
 endif
 
+if WITH_SECDRIVER_APPARMOR
+secaatest_SOURCES = \
+	secaatest.c
+secaatest_LDADD = ../src/libvirt_driver_security.la $(LDADDS)
+else
+EXTRA_DIST += secaatest.c
+endif
+
 qparamtest_SOURCES = \
 	qparamtest.c testutils.h testutils.c
 qparamtest_LDADD = $(LDADDS)
diff -Nurp ./libvirt.orig/tests/secaatest.c ./libvirt/tests/secaatest.c
--- ./libvirt.orig/tests/secaatest.c	1969-12-31 18:00:00.000000000 -0600
+++ ./libvirt/tests/secaatest.c	2009-09-08 15:32:22.000000000 -0500
@@ -0,0 +1,45 @@
+#include <config.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "security.h"
+
+int
+main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
+{
+    int ret;
+
+    const char *doi, *model;
+    virSecurityDriverPtr security_drv;
+
+    ret = virSecurityDriverStartup (&security_drv, "apparmor");
+    if (ret == -1)
+    {
+        fprintf (stderr, "Failed to start security driver");
+        exit (-1);
+    }
+    /* No security driver wanted to be enabled: just return */
+    if (ret == -2)
+        return 0;
+
+    model = virSecurityDriverGetModel (security_drv);
+    if (!model)
+    {
+        fprintf (stderr, "Failed to copy secModel model: %s",
+                 strerror (errno));
+        exit (-1);
+    }
+
+    doi = virSecurityDriverGetDOI (security_drv);
+    if (!doi)
+    {
+        fprintf (stderr, "Failed to copy secModel DOI: %s",
+                 strerror (errno));
+        exit (-1);
+    }
+
+    return 0;
+}
diff -Nurp ./libvirt.orig/tests/virt-aa-helper-test ./libvirt/tests/virt-aa-helper-test
--- ./libvirt.orig/tests/virt-aa-helper-test	1969-12-31 18:00:00.000000000 -0600
+++ ./libvirt/tests/virt-aa-helper-test	2009-09-08 15:32:22.000000000 -0500
@@ -0,0 +1,100 @@
+#!/bin/sh
+set -e
+
+output="/dev/null"
+use_valgrind=""
+ld_library_path=""
+if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
+    output="/dev/stdout"
+    shift
+fi
+
+exe="../src/virt-aa-helper"
+if [ ! -z "$1" ]; then
+    if [ "$1" = "-v" ]; then
+        use_valgrind="yes"
+        exe="./src/.libs/virt-aa-helper"
+        ld_library_path="./src/.libs"
+    else
+        exe="$1"
+    fi
+    shift
+fi
+
+if [ ! -x "$exe" ]; then
+    echo "Could not find '$exe'"
+    exit 1
+fi
+
+echo "testing `basename $exe`" >$output
+if [ "$use_valgrind" = "yes" ]; then
+    exe="valgrind --error-exitcode=2 --track-origins=yes $exe"
+fi
+
+extra_args="--dryrun"
+errors=0
+
+tmpdir=`mktemp -d`
+trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM
+
+disk1="$tmpdir/1.img"
+disk2="$tmpdir/2.img"
+relative_disk1="$tmpdir/./../`basename $tmpdir`//./1.img"
+nonexistent="$tmpdir/nonexistant.img"
+bad_disk="/etc/passwd"
+valid_uuid="libvirt-00000000-0000-0000-0000-0123456789ab"
+valid_name="foo"
+nonexistent_uuid="libvirt-00000000-0000-0000-0000-000000000001"
+touch "$disk1" "$disk2"
+
+testme() {
+    expected="$1"
+    outstr="$2"
+    args="$3"
+    echo -n "  $outstr: " >$output
+    echo " '$extra_args $args': " >$output
+    set +e
+    LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args >$output 2>&1
+    rc="$?"
+    set -e
+    if [ "$rc" = "$expected" ]; then
+        echo "pass" >$output
+    else
+        echo "FAIL: exited with '$rc'" >$output
+        errors=$(($errors + 1))
+    fi
+}
+
+# Expected failures
+echo "Expected failures:" >$output
+testme "1" "invalid arg" "-z"
+testme "1" "invalid case" "-A"
+testme "1" "not enough args" "-c"
+testme "1" "missing name" "-c -n -u $valid_uuid $disk1"
+testme "1" "bad name" "-c -n foo[a-z] -u $valid_uuid $disk1"
+testme "1" "no -u with -c" "-c -n $valid_name $disk1"
+testme "1" "bad uuid (bad digit)" "-c -n $valid_name -u libvirt-00000000-0000-0000-0000-00000000000g $disk1"
+testme "1" "bad uuid (too long)" "-c -n $valid_name -u ${valid_uuid}abcdef $disk1"
+testme "1" "bad uuid (too short)" "-c -n $valid_name -u libvirt-00000000-0000-0000-0000-0123456789a $disk1"
+testme "1" "missing uuid" "-c -n $valid_name -u $disk1"
+testme "1" "no -u with -R" "-R"
+testme "1" "non-existent uuid" "-R -u $nonexistent_uuid"
+testme "1" "no -u with -r" "-r"
+testme "1" "no name with -r" "-r -u $valid_uuid $disk1"
+testme "1" "bad disk" "-c -n $valid_name -u $valid_uuid $bad_disk"
+testme "1" "bad disk2" "-c -n $valid_name -u $valid_uuid $disk1 $bad_disk $disk2"
+
+echo "Expected pass:" >$output
+testme "0" "create" "-c -n foo -u $valid_uuid $disk1"
+testme "0" "create (non-existent disk)" "-c -n foo -u $valid_uuid $nonexistent"
+testme "0" "create (relative path)" "-c -n foo -u $valid_uuid $relative_disk1"
+testme "0" "replace" "-r -n foo -u $valid_uuid $disk2"
+testme "0" "replace (non-existent disk)" "-r -n foo -u $valid_uuid $nonexistent"
+testme "0" "help" "-h"
+
+echo "" >$output
+if [ "$errors" != "0" ]; then
+    echo "FAIL: $errors error(s)" >$output
+    exit 1
+fi
+echo PASS >$output

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]