Re: [PATCH ima-evm-utils v2 4/9] Add support for UML in functions.sh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2023-01-12 at 10:00 -0500, Stefan Berger wrote:
> On 1/12/23 07:24, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > 
> > Add the new functions _run_user_mode(), _exit_user_mode(),
> > _init_user_mode() and _cleanup_user_mode() to run the tests inside a system
> > booted with the UML kernel.
> > 
> > A typical structure of a script with tests is:
> > 
> > trap cleanup SIGINT SIGTERM SIGSEGV EXIT
> > 
> > _cleanup() {
> > 	<test cleanup>
> > }
> > 
> > cleanup() {
> > 	_cleanup_user_mode _cleanup
> > 	_report_exit_and_cleanup
> > }
> > 
> > <tests implementations>
> > 
> > _run_user_mode ../linux $PWD/$(basename $0) "env_var1=$env_var1 ..."
> > 
> > _exit_user_mode ../linux
> > 
> > _init_user_mode
> > 
> > <tests init>
> > 
> > <tests call>
> > 
> > If the UML_MODE environment variable is not set to 1, ignore the UML kernel
> > execution and initialization requests, and perform the cleanup in the
> > current environment. Ignore the same also if the script is already run in
> > the UML environment, to avoid loops. Instead, for cleanup, do it only in
> > the UML environment and skip it in the host environment.
> > 
> > Signal to the host environment failures of tests run in the UML environment
> > with an unclean shutdown of the UML kernel.
> > 
> > Add haveged and systemd as dependencies for the tests in ci/fedora.sh,
> > respectively for initializing the random number generator and for shutting
> > down the system in the environment created by the UML kernel.
> > 
> > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > ---
> >   ci/fedora.sh       |  4 ++-
> >   tests/functions.sh | 79 +++++++++++++++++++++++++++++++++++++++++++++-
> >   2 files changed, 81 insertions(+), 2 deletions(-)
> > 
> > diff --git a/ci/fedora.sh b/ci/fedora.sh
> > index e60de7981c60..198034a34e3c 100755
> > --- a/ci/fedora.sh
> > +++ b/ci/fedora.sh
> > @@ -45,7 +45,9 @@ yum -y install \
> >   	vim-common \
> >   	wget \
> >   	which \
> > -	zstd
> > +	zstd \
> > +	haveged \
> > +	systemd
> >   
> >   yum -y install docbook5-style-xsl || true
> >   yum -y install swtpm || true
> > diff --git a/tests/functions.sh b/tests/functions.sh
> > index 8f6f02dfcd95..98829d94fae1 100755
> > --- a/tests/functions.sh
> > +++ b/tests/functions.sh
> > @@ -267,6 +267,16 @@ _report_exit_and_cleanup() {
> >     [ $testsfail -gt 0 ] && echo -n "$RED" || echo -n "$NORM"
> >     echo " FAIL: $testsfail"
> >     echo "$NORM"
> > +  # Signal failure to UML caller with an unclean shutdown.
> > +  if [ -n "$UML_MODE" ] && [ "$UML_MODE" -eq 1 ] && [ $$ -eq 1 ]; then
> > +    if [ -z "$(which poweroff)" ]; then
> > +      echo "Warning: cannot properly shutdown system"
> > +    fi
> > +
> > +    if [ $testsfail -eq 0 ]; then
> > +      poweroff -f
> > +    fi
> > +  fi
> >     if [ $testsfail -gt 0 ]; then
> >       exit "$FAIL"
> >     elif [ $testspass -gt 0 ]; then
> > @@ -312,4 +322,71 @@ _softhsm_teardown() {
> >     rm -rf "${SOFTHSM_SETUP_CONFIGDIR}"
> >     unset SOFTHSM_SETUP_CONFIGDIR SOFTHSM2_CONF PKCS11_KEYURI \
> >       EVMCTL_ENGINE OPENSSL_ENGINE OPENSSL_KEYFORM
> > -}
> > \ No newline at end of file
> > +}
> > +
> > +# Syntax: _run_user_mode <UML binary> <init> <additional kernel parameters>
> > +_run_user_mode() {
> > +  if [ -z "$UML_MODE" ] || [ "$UML_MODE" -ne 1 ]; then
> > +    return
> > +  fi
> > +
> > +  if [ $$ -eq 1 ]; then
> > +    return
> > +  fi
> > +
> > +  expect_pass $1 rootfstype=hostfs rw init=$2 quiet mem=256M $3
> > +}
> > +
> > +# Syntax: _exit_user_mode <UML binary>
> > +_exit_user_mode() {
> > +  if [ -z "$UML_MODE" ] || [ "$UML_MODE" -ne 1 ]; then
> > +    return
> > +  fi
> > +
> > +  if [ $$ -eq 1 ]; then
> > +    return
> > +  fi
> > +
> > +  if [ -f "$1" ]; then
> > +    exit $OK
> > +  fi
> > +}
> > +
> > +# Syntax: _init_user_mode
> > +_init_user_mode() {
> > +  if [ -z "$UML_MODE" ] || [ "$UML_MODE" -ne 1 ]; then
> > +    return
> > +  fi
> > +
> > +  if [ $$ -ne 1 ]; then
> > +    return
> > +  fi
> > +
> > +  mount -t proc proc /proc
> > +  mount -t sysfs sysfs /sys
> > +  mount -t securityfs securityfs /sys/kernel/security
> > +
> > +  if [ -n "$(which haveged 2> /dev/null)" ]; then
> > +    $(which haveged) -w 1024 &> /dev/null
> > +  fi
> 
> What's different when it's missing?

The boot time is longer, if I remember correctly.

Thanks

Roberto

> > +
> > +  pushd $PWD > /dev/null
> > +}
> > +
> > +# Syntax: _cleanup_user_mode <cleanup function>
> > +_cleanup_user_mode() {
> > +  if [ -z "$UML_MODE" ] || [ "$UML_MODE" -ne 1 ]; then
> > +    $1
> > +    return
> > +  fi
> > +
> > +  if [ $$ -ne 1 ]; then
> > +    return
> > +  fi
> > +
> > +  $1
> > +
> > +  umount /sys/kernel/security
> > +  umount /sys
> > +  umount /proc
> > +}
> 
> Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux