mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-03 20:01:16 +00:00
7135cee755
The check-file-access.pl script is used to match access list
generated by virtestmock against whitelisted rules stored in
file_access_whitelist.txt. So far the rules are in form:
$path: $progname: $testname
This is not sufficient because the rule does not take into
account 'action' that caused $path to appear in the list of
accessed files. After this commit the rule can be in new form:
$path: $action: $progname: $testname
where $action is one from ("open", "fopen", "access", "stat",
"lstat", "connect"). This way the white list can be fine tuned to
allow say access() but not connect().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
29 lines
904 B
Plaintext
29 lines
904 B
Plaintext
# This is a whitelist that allows accesses to files not in our
|
|
# build directory nor source directory. The records are in the
|
|
# following formats:
|
|
#
|
|
# $path: $progname: $testname
|
|
# $path: $action: $progname: $testname
|
|
#
|
|
# All these variables are evaluated as perl RE. So to allow
|
|
# /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
|
|
# /proc/$pid/status you can '/proc/\d+/status' and so on.
|
|
# Moreover, $action, $progname and $testname can be empty, in which
|
|
# which case $path is allowed for all tests. However, $action (if
|
|
# specified) must be one of "open", "fopen", "access", "stat",
|
|
# "lstat", "connect".
|
|
|
|
/bin/cat: sysinfotest
|
|
/bin/dirname: sysinfotest: x86 sysinfo
|
|
/bin/sleep: commandtest
|
|
/bin/true: commandtest
|
|
/dev/null
|
|
/dev/urandom
|
|
/etc/hosts
|
|
/proc/\d+/status
|
|
|
|
/etc/passwd: fopen
|
|
|
|
# This is just a dummy example, DO NOT USE IT LIKE THAT!
|
|
.*: nonexistent-test-touching-everything
|