On Tue, Sep 08, 2009 at 04:22:14PM -0500, Jamie Strandboge wrote: > On Tue, 08 Sep 2009, Jamie Strandboge wrote: > > > > [PATCH 4] > > > patch_4_tests.patch: > > > Adds tests for virt-aa-helper and the security driver. secaatest.c is > > > identical to seclabeltest.c except it initializes the 'apparmor' driver > > > instead of 'selinux'. These tests are integrated into 'make check' and > > > pass. > > > > > -- > Jamie Strandboge | http://www.canonical.com > diff -Nurp ./libvirt.orig/tests/Makefile.am ./libvirt/tests/Makefile.am > --- ./libvirt.orig/tests/Makefile.am 2009-08-17 11:00:40.000000000 -0500 > +++ ./libvirt/tests/Makefile.am 2009-09-08 15:32:22.000000000 -0500 > @@ -77,6 +77,10 @@ if WITH_SECDRIVER_SELINUX > noinst_PROGRAMS += seclabeltest > endif > > +if WITH_SECDRIVER_APPARMOR > +noinst_PROGRAMS += secaatest > +endif > + > if WITH_CIL > noinst_PROGRAMS += object-locking > endif > @@ -112,6 +116,9 @@ test_scripts += \ > virsh-synopsis > endif > > +if WITH_SECDRIVER_APPARMOR > +test_scripts += virt-aa-helper-test > +endif > EXTRA_DIST += $(test_scripts) > > TESTS = virshtest \ > @@ -138,6 +145,10 @@ if WITH_SECDRIVER_SELINUX > TESTS += seclabeltest > endif > > +if WITH_SECDRIVER_APPARMOR > +TESTS += secaatest > +endif > + > if WITH_LIBVIRTD > noinst_PROGRAMS += eventtest > TESTS += eventtest > @@ -255,6 +266,14 @@ else > EXTRA_DIST += seclabeltest.c > endif > > +if WITH_SECDRIVER_APPARMOR > +secaatest_SOURCES = \ > + secaatest.c > +secaatest_LDADD = ../src/libvirt_driver_security.la $(LDADDS) > +else > +EXTRA_DIST += secaatest.c > +endif > + > qparamtest_SOURCES = \ > qparamtest.c testutils.h testutils.c > qparamtest_LDADD = $(LDADDS) > diff -Nurp ./libvirt.orig/tests/secaatest.c ./libvirt/tests/secaatest.c > --- ./libvirt.orig/tests/secaatest.c 1969-12-31 18:00:00.000000000 -0600 > +++ ./libvirt/tests/secaatest.c 2009-09-08 15:32:22.000000000 -0500 > @@ -0,0 +1,45 @@ > +#include <config.h> > + > +#include <unistd.h> > +#include <stdlib.h> > +#include <stdio.h> > +#include <string.h> > +#include <errno.h> > +#include "security.h" > + > +int > +main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) > +{ > + int ret; > + > + const char *doi, *model; > + virSecurityDriverPtr security_drv; > + > + ret = virSecurityDriverStartup (&security_drv, "apparmor"); > + if (ret == -1) > + { > + fprintf (stderr, "Failed to start security driver"); > + exit (-1); > + } > + /* No security driver wanted to be enabled: just return */ > + if (ret == -2) > + return 0; > + > + model = virSecurityDriverGetModel (security_drv); > + if (!model) > + { > + fprintf (stderr, "Failed to copy secModel model: %s", > + strerror (errno)); > + exit (-1); > + } > + > + doi = virSecurityDriverGetDOI (security_drv); > + if (!doi) > + { > + fprintf (stderr, "Failed to copy secModel DOI: %s", > + strerror (errno)); > + exit (-1); > + } > + > + return 0; > +} > diff -Nurp ./libvirt.orig/tests/virt-aa-helper-test ./libvirt/tests/virt-aa-helper-test > --- ./libvirt.orig/tests/virt-aa-helper-test 1969-12-31 18:00:00.000000000 -0600 > +++ ./libvirt/tests/virt-aa-helper-test 2009-09-08 15:32:22.000000000 -0500 > @@ -0,0 +1,100 @@ > +#!/bin/sh > +set -e > + > +output="/dev/null" > +use_valgrind="" > +ld_library_path="" > +if [ ! -z "$1" ] && [ "$1" = "-d" ]; then > + output="/dev/stdout" > + shift > +fi > + > +exe="../src/virt-aa-helper" > +if [ ! -z "$1" ]; then > + if [ "$1" = "-v" ]; then > + use_valgrind="yes" > + exe="./src/.libs/virt-aa-helper" > + ld_library_path="./src/.libs" > + else > + exe="$1" > + fi > + shift > +fi > + > +if [ ! -x "$exe" ]; then > + echo "Could not find '$exe'" > + exit 1 > +fi > + > +echo "testing `basename $exe`" >$output > +if [ "$use_valgrind" = "yes" ]; then > + exe="valgrind --error-exitcode=2 --track-origins=yes $exe" > +fi > + > +extra_args="--dryrun" > +errors=0 > + > +tmpdir=`mktemp -d` > +trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM > + > +disk1="$tmpdir/1.img" > +disk2="$tmpdir/2.img" > +relative_disk1="$tmpdir/./../`basename $tmpdir`//./1.img" > +nonexistent="$tmpdir/nonexistant.img" > +bad_disk="/etc/passwd" > +valid_uuid="libvirt-00000000-0000-0000-0000-0123456789ab" > +valid_name="foo" > +nonexistent_uuid="libvirt-00000000-0000-0000-0000-000000000001" > +touch "$disk1" "$disk2" > + > +testme() { > + expected="$1" > + outstr="$2" > + args="$3" > + echo -n " $outstr: " >$output > + echo " '$extra_args $args': " >$output > + set +e > + LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args >$output 2>&1 > + rc="$?" > + set -e > + if [ "$rc" = "$expected" ]; then > + echo "pass" >$output > + else > + echo "FAIL: exited with '$rc'" >$output > + errors=$(($errors + 1)) > + fi > +} > + > +# Expected failures > +echo "Expected failures:" >$output > +testme "1" "invalid arg" "-z" > +testme "1" "invalid case" "-A" > +testme "1" "not enough args" "-c" > +testme "1" "missing name" "-c -n -u $valid_uuid $disk1" > +testme "1" "bad name" "-c -n foo[a-z] -u $valid_uuid $disk1" > +testme "1" "no -u with -c" "-c -n $valid_name $disk1" > +testme "1" "bad uuid (bad digit)" "-c -n $valid_name -u libvirt-00000000-0000-0000-0000-00000000000g $disk1" > +testme "1" "bad uuid (too long)" "-c -n $valid_name -u ${valid_uuid}abcdef $disk1" > +testme "1" "bad uuid (too short)" "-c -n $valid_name -u libvirt-00000000-0000-0000-0000-0123456789a $disk1" > +testme "1" "missing uuid" "-c -n $valid_name -u $disk1" > +testme "1" "no -u with -R" "-R" > +testme "1" "non-existent uuid" "-R -u $nonexistent_uuid" > +testme "1" "no -u with -r" "-r" > +testme "1" "no name with -r" "-r -u $valid_uuid $disk1" > +testme "1" "bad disk" "-c -n $valid_name -u $valid_uuid $bad_disk" > +testme "1" "bad disk2" "-c -n $valid_name -u $valid_uuid $disk1 $bad_disk $disk2" > + > +echo "Expected pass:" >$output > +testme "0" "create" "-c -n foo -u $valid_uuid $disk1" > +testme "0" "create (non-existent disk)" "-c -n foo -u $valid_uuid $nonexistent" > +testme "0" "create (relative path)" "-c -n foo -u $valid_uuid $relative_disk1" > +testme "0" "replace" "-r -n foo -u $valid_uuid $disk2" > +testme "0" "replace (non-existent disk)" "-r -n foo -u $valid_uuid $nonexistent" > +testme "0" "help" "-h" > + > +echo "" >$output > +if [ "$errors" != "0" ]; then > + echo "FAIL: $errors error(s)" >$output > + exit 1 > +fi > +echo PASS >$output ACK Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list