subject:"\[PATCH 4\/4\] virt\-aa\-helper\: test\: add test for new option \-P"

Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P

2021-10-21 Thread Andrea Bolognani

On Mon, Oct 11, 2021 at 07:59:47AM +0200, Christian Ehrhardt wrote:
> On Thu, Oct 7, 2021 at 7:25 PM Ioanna Alifieraki
> > +# For the next test to run apparmor needs to be installed and enabled.
> > +# In some environments (e.g. containers) even though apparmor is
> > +# installed, it is not enabled because securityfs is not mounted.
> > +# In those environments this test cannot run so skip it.
> > +# This test also needs to be run as root.
> > +if [ `eval id -u` = 0 ] && [ -x "$(command -v aa-enabled)" ] && [ `eval 
> > aa-enabled` = "Yes" ]; then
>
> This is great to be checked before causing a failure, but a question
> to the libvirt-CI experts,
> how doable (or not) would it be to get apparmor installed on those
> distro testbeds that support it?

Assuming the necessary packages are included in the container image,
what else is needed to have apparmor running? Does apparmor need to
be running in the host OS as well for it to work in containers? Does
the "securityfs" thing mentioned in the comment above need to be
passed through from the host OS?

Our CI pipeline uses containers running on the GitLab infrastructure.
I'm not sure what they're using as host OS, but if it's something
like Fedora for example I would expect that running apparmor would be
a problem. If special filesystems need to be passed to the container,
that's probably going to pose a challenge too.

> Are there any good pointers one would start to look at adapting those 
> testbeds?

The container images are generated from the Dockerfiles in
ci/containers, which in turn are generated using the lcitool utility
that's being developed as part of

  https://gitlab.com/libvirt/libvirt-ci/

If you want to include more packages, you should start by defining a
mapping for it in

  guests/lcitool/lcitool/ansible/vars/mappings.yml

and then adding it to

  guests/lcitool/lcitool/ansible/vars/projects/libvirt.yml

That's the short version. If you're looking for more information,
just let me know and I'll be happy to help :)

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P

2021-10-11 Thread Christian Ehrhardt

On Thu, Oct 7, 2021 at 7:25 PM Ioanna Alifieraki
 wrote:
>
> Create a corrupt profile and expect to be removed after the test is run.
>
> Signed-off-by: Ioanna Alifieraki 
> ---
>  tests/meson.build |  1 +
>  tests/virt-aa-helper-test | 29 +
>  2 files changed, 30 insertions(+)
>
> diff --git a/tests/meson.build b/tests/meson.build
> index dfbc2c01e2..991cfc402d 100644
> --- a/tests/meson.build
> +++ b/tests/meson.build
> @@ -40,6 +40,7 @@ tests_env = [
>'LC_ALL=C',
>'LIBVIRT_AUTOSTART=0',
>'G_DEBUG=fatal-warnings',
> +  'sysconfdir=@0@'.format(get_option('prefix') / get_option('sysconfdir')),
>  ]
>
>  if use_expensive_tests
> diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
> index 83f53acef6..135c4968b5 100755
> --- a/tests/virt-aa-helper-test
> +++ b/tests/virt-aa-helper-test
> @@ -16,6 +16,7 @@ fi
>  output="/dev/null"
>  use_valgrind=""
>  ld_library_path="$abs_top_builddir/src/"
> +profile_path="$sysconfdir/apparmor.d/libvirt/"
>  if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
>  output="/dev/stdout"
>  shift
> @@ -399,6 +400,34 @@ testme "0" "shmem doorbell" "-r -u $valid_uuid" 
> "$test_xml" "\"/var/lib/libvirt/
>  sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e 
> "s,, type='ivshmem-doorbell'/> path='/var/lib/libvirt/ivshmem_socket'/>,g" "$template_xml" 
> > "$test_xml"
>  testme "0" "shmem doorbell serverpath" "-r -u $valid_uuid" "$test_xml" 
> "\"/var/lib/libvirt/ivshmem_socket\"\s*rw,$"
>
> +# For the next test to run apparmor needs to be installed and enabled.
> +# In some environments (e.g. containers) even though apparmor is
> +# installed, it is not enabled because securityfs is not mounted.
> +# In those environments this test cannot run so skip it.
> +# This test also needs to be run as root.
> +if [ `eval id -u` = 0 ] && [ -x "$(command -v aa-enabled)" ] && [ `eval 
> aa-enabled` = "Yes" ]; then

This is great to be checked before causing a failure, but a question
to the libvirt-CI experts,
how doable (or not) would it be to get apparmor installed on those
distro testbeds that support it?

Are there any good pointers one would start to look at adapting those testbeds?

> +   sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" 
> "$template_xml" > "$test_xml"
> +# Running the tests does not require libvirt to be installed. As a
> +# result the appropriate directories have not been created. Create 
> them
> +# now to run the test.
> +mkdir -p "$profile_path"
> +   # create a corrupted profile
> +   touch "$profile_path/$valid_uuid"
> +   testme "0" "purge" "-r -u $valid_uuid" "$test_xml"
> +   # All the tests are run with the --dry-run option this test is
> +   # never going to fail because the profile is not going to be loaded.
> +   # However, since we touch the profile if it's still here after the 
> test
> +   # it means that something went wrong, so make the test fail.
> +   if [ -f "$profile_path/$valid_uuid" ]; then
> +   echo "FAIL: failed to purge corrupted profile" >$output
> +   echo " '$extra_args $args': "
> +   errors=$(($errors + 1))
> +   # remove corrupted profile anyways not to interfere with
> +   # subsequent runs of the tests.
> +   rm "$profile_path/$valid_uuid"
> +   fi
> +fi
> +
>  testme "0" "help" "-h"
>
>  echo "" >$output
> --
> 2.17.1
>


-- 
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd

Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P

2021-10-07 Thread Ján Tomko


On a Thursday in 2021, Ioanna Alifieraki wrote:

Create a corrupt profile and expect to be removed after the test is run.

Signed-off-by: Ioanna Alifieraki 
---
tests/meson.build |  1 +
tests/virt-aa-helper-test | 29 +
2 files changed, 30 insertions(+)



Reviewed-by: Ján Tomko 

Jano


signature.asc
Description: PGP signature

[PATCH 4/4] virt-aa-helper: test: add test for new option -P

2021-10-07 Thread Ioanna Alifieraki

Create a corrupt profile and expect to be removed after the test is run.

Signed-off-by: Ioanna Alifieraki 
---
 tests/meson.build |  1 +
 tests/virt-aa-helper-test | 29 +
 2 files changed, 30 insertions(+)

diff --git a/tests/meson.build b/tests/meson.build
index dfbc2c01e2..991cfc402d 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -40,6 +40,7 @@ tests_env = [
   'LC_ALL=C',
   'LIBVIRT_AUTOSTART=0',
   'G_DEBUG=fatal-warnings',
+  'sysconfdir=@0@'.format(get_option('prefix') / get_option('sysconfdir')),
 ]
 
 if use_expensive_tests
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 83f53acef6..135c4968b5 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -16,6 +16,7 @@ fi
 output="/dev/null"
 use_valgrind=""
 ld_library_path="$abs_top_builddir/src/"
+profile_path="$sysconfdir/apparmor.d/libvirt/"
 if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
 output="/dev/stdout"
 shift
@@ -399,6 +400,34 @@ testme "0" "shmem doorbell" "-r -u $valid_uuid" 
"$test_xml" "\"/var/lib/libvirt/
 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e 
"s,,,g" "$template_xml" > 
"$test_xml"
 testme "0" "shmem doorbell serverpath" "-r -u $valid_uuid" "$test_xml" 
"\"/var/lib/libvirt/ivshmem_socket\"\s*rw,$"
 
+# For the next test to run apparmor needs to be installed and enabled.
+# In some environments (e.g. containers) even though apparmor is
+# installed, it is not enabled because securityfs is not mounted.
+# In those environments this test cannot run so skip it.
+# This test also needs to be run as root.
+if [ `eval id -u` = 0 ] && [ -x "$(command -v aa-enabled)" ] && [ `eval 
aa-enabled` = "Yes" ]; then
+   sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" 
"$template_xml" > "$test_xml"
+# Running the tests does not require libvirt to be installed. As a
+# result the appropriate directories have not been created. Create them
+# now to run the test.
+mkdir -p "$profile_path"
+   # create a corrupted profile
+   touch "$profile_path/$valid_uuid"
+   testme "0" "purge" "-r -u $valid_uuid" "$test_xml"
+   # All the tests are run with the --dry-run option this test is
+   # never going to fail because the profile is not going to be loaded.
+   # However, since we touch the profile if it's still here after the test
+   # it means that something went wrong, so make the test fail.
+   if [ -f "$profile_path/$valid_uuid" ]; then
+   echo "FAIL: failed to purge corrupted profile" >$output
+   echo " '$extra_args $args': "
+   errors=$(($errors + 1))
+   # remove corrupted profile anyways not to interfere with
+   # subsequent runs of the tests.
+   rm "$profile_path/$valid_uuid"
+   fi
+fi
+
 testme "0" "help" "-h"
 
 echo "" >$output
-- 
2.17.1

Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P

Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P

Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P

[PATCH 4/4] virt-aa-helper: test: add test for new option -P

4 matches

Site Navigation

Mail list logo

Footer information