mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-28 08:35:22 +00:00
7135cee755
The check-file-access.pl script is used to match access list generated by virtestmock against whitelisted rules stored in file_access_whitelist.txt. So far the rules are in form: $path: $progname: $testname This is not sufficient because the rule does not take into account 'action' that caused $path to appear in the list of accessed files. After this commit the rule can be in new form: $path: $action: $progname: $testname where $action is one from ("open", "fopen", "access", "stat", "lstat", "connect"). This way the white list can be fine tuned to allow say access() but not connect(). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
29 lines
904 B
Plaintext
29 lines
904 B
Plaintext
# This is a whitelist that allows accesses to files not in our
|
|
# build directory nor source directory. The records are in the
|
|
# following formats:
|
|
#
|
|
# $path: $progname: $testname
|
|
# $path: $action: $progname: $testname
|
|
#
|
|
# All these variables are evaluated as perl RE. So to allow
|
|
# /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
|
|
# /proc/$pid/status you can '/proc/\d+/status' and so on.
|
|
# Moreover, $action, $progname and $testname can be empty, in which
|
|
# which case $path is allowed for all tests. However, $action (if
|
|
# specified) must be one of "open", "fopen", "access", "stat",
|
|
# "lstat", "connect".
|
|
|
|
/bin/cat: sysinfotest
|
|
/bin/dirname: sysinfotest: x86 sysinfo
|
|
/bin/sleep: commandtest
|
|
/bin/true: commandtest
|
|
/dev/null
|
|
/dev/urandom
|
|
/etc/hosts
|
|
/proc/\d+/status
|
|
|
|
/etc/passwd: fopen
|
|
|
|
# This is just a dummy example, DO NOT USE IT LIKE THAT!
|
|
.*: nonexistent-test-touching-everything
|