mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-11 04:15:49 +00:00
03d89991f2
The AppArmor security driver adds only the path specified in the domain XML for character devices of type 'pipe'. It should be using <path>.in and <path>.out. We do this by creating a new vah_add_file_chardev() and use it for char devices instead of vah_add_file(). Also adjust valid_path() to accept S_FIFO (since qemu chardevs of type 'pipe' use fifos). This is https://launchpad.net/bugs/832507
327 lines
14 KiB
Bash
Executable File
327 lines
14 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# virt-aa-helper needs a working locale system. If testing this in a chroot
|
|
# system, need to make sure these are setup properly. On Debian-based systems
|
|
# this can be done with something like (as root):
|
|
# locale-gen en_US.UTF-8
|
|
|
|
set -e
|
|
|
|
test_hostdev="no"
|
|
if [ "$1" = "test_hostdev" ]; then
|
|
test_hostdev="yes"
|
|
shift
|
|
fi
|
|
|
|
output="/dev/null"
|
|
use_valgrind=""
|
|
ld_library_path="../src/.libs/"
|
|
if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
|
|
output="/dev/stdout"
|
|
shift
|
|
fi
|
|
|
|
exe="../src/virt-aa-helper"
|
|
if [ ! -z "$1" ]; then
|
|
if [ "$1" = "-v" ]; then
|
|
use_valgrind="yes"
|
|
shift
|
|
fi
|
|
if [ -n "$1" ]; then
|
|
exe="$1"
|
|
shift
|
|
fi
|
|
fi
|
|
|
|
if [ ! -x "$exe" ]; then
|
|
echo "Could not find '$exe'"
|
|
exit 1
|
|
fi
|
|
|
|
echo "testing `basename $exe`" >$output
|
|
if [ "$use_valgrind" = "yes" ]; then
|
|
exe="valgrind --error-exitcode=2 --track-origins=yes $exe"
|
|
fi
|
|
|
|
extra_args="--dryrun"
|
|
errors=0
|
|
|
|
tmpdir=`mktemp -d`
|
|
trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM
|
|
|
|
template_xml="$tmpdir/template.xml"
|
|
test_xml="$tmpdir/test.xml"
|
|
|
|
uuid="00000000-0000-0000-0000-0123456789ab"
|
|
disk1="$tmpdir/1.img"
|
|
disk2="$tmpdir/2.img"
|
|
relative_disk1="$tmpdir/./../`basename $tmpdir`//./1.img"
|
|
nonexistent="$tmpdir/nonexistant.img"
|
|
bad_disk="/etc/passwd"
|
|
valid_uuid="libvirt-$uuid"
|
|
nonexistent_uuid="libvirt-00000000-0000-0000-0000-000000000001"
|
|
|
|
cat > "$template_xml" <<EOM
|
|
<domain type='kvm'>
|
|
<name>virt-aa-helper-test</name>
|
|
<uuid>###UUID###</uuid>
|
|
<memory>524288</memory>
|
|
<currentMemory>524288</currentMemory>
|
|
<vcpu>1</vcpu>
|
|
<os>
|
|
<type arch='x86_64' machine='pc'>hvm</type>
|
|
<boot dev='hd'/>
|
|
</os>
|
|
<features>
|
|
<acpi/>
|
|
</features>
|
|
<clock offset='utc'/>
|
|
<on_poweroff>destroy</on_poweroff>
|
|
<on_reboot>restart</on_reboot>
|
|
<on_crash>destroy</on_crash>
|
|
<devices>
|
|
<emulator>/usr/bin/kvm</emulator>
|
|
<disk type='file' device='disk'>
|
|
<driver name='qemu' type='raw'/>
|
|
<source file='###DISK###'/>
|
|
<target dev='hda' bus='ide'/>
|
|
</disk>
|
|
<interface type='network'>
|
|
<mac address='52:54:00:50:4b:26'/>
|
|
<source network='default'/>
|
|
<model type='virtio'/>
|
|
</interface>
|
|
<input type='tablet' bus='usb'/>
|
|
<input type='mouse' bus='ps2'/>
|
|
<graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'/>
|
|
<video>
|
|
<model type='cirrus' vram='9216' heads='1'/>
|
|
</video>
|
|
</devices>
|
|
</domain>
|
|
EOM
|
|
|
|
touch "$disk1" "$disk2"
|
|
|
|
testme() {
|
|
expected="$1"
|
|
outstr="$2"
|
|
args="$3"
|
|
input=""
|
|
|
|
if [ -n "$4" ]; then
|
|
input="$4"
|
|
if [ ! -e "$input" ]; then
|
|
echo "FAIL: could not find $input" >$output
|
|
echo "FAIL: could not find $input"
|
|
echo " '$extra_args $args': "
|
|
errors=$(($errors + 1))
|
|
fi
|
|
fi
|
|
|
|
printf %s " $outstr: " >$output
|
|
printf %s " '$extra_args $args" >$output
|
|
if [ -n "$input" ]; then
|
|
printf %s " < $input" >$output
|
|
fi
|
|
echo "': " >$output
|
|
set +e
|
|
if [ -n "$input" ]; then
|
|
LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args < $input >$output 2>&1
|
|
else
|
|
LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args >$output 2>&1
|
|
fi
|
|
rc="$?"
|
|
set -e
|
|
if [ "$rc" = "$expected" ]; then
|
|
echo "pass" >$output
|
|
else
|
|
echo "FAIL: exited with '$rc'" >$output
|
|
echo "FAIL: exited with '$rc'"
|
|
printf %s " $outstr: "
|
|
echo " '$extra_args $args': "
|
|
errors=$(($errors + 1))
|
|
#exit $rc
|
|
fi
|
|
}
|
|
|
|
# Expected failures
|
|
echo "Expected failures:" >$output
|
|
testme "1" "invalid arg" "-z"
|
|
testme "1" "invalid case" "-A"
|
|
testme "1" "not enough args" "-c"
|
|
testme "1" "not enough args" "-p"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
|
|
testme "1" "no -u with -c" "-c" "$test_xml"
|
|
testme "1" "bad uuid (bad digit)" "-c -u libvirt-00000000-0000-0000-0000-00000000000g" "$test_xml"
|
|
testme "1" "bad uuid (too long)" "-c -u ${valid_uuid}abcdef" "$test_xml"
|
|
testme "1" "bad uuid (too short)" "-c -u libvirt-00000000-0000-0000-0000-0123456789a" "$test_xml"
|
|
testme "1" "non-matching uuid" "-c -u libvirt-00000000-0000-0000-0000-00000000000a" "$test_xml"
|
|
testme "1" "missing uuid" "-c -u" "$test_xml"
|
|
testme "1" "no -u with -R" "-R"
|
|
testme "1" "non-existent uuid" "-R -u $nonexistent_uuid"
|
|
testme "1" "no -u with -r" "-r"
|
|
testme "1" "old '-n' option" "-c -n foo -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$bad_disk,g" "$template_xml" > "$test_xml"
|
|
testme "1" "bad disk" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$bad_disk,g" -e "s,</devices>,<disk type='file' device='disk'><driver name='qemu' type='raw'/><source file='$disk2'/><target dev='hda' bus='ide'/></disk></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "1" "bad disk2" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<devices>,g" "$template_xml" > "$test_xml"
|
|
testme "1" "malformed xml" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
initrd=`ls -1 /boot/initrd* | head -1`
|
|
if [ -z "$initrd" ]; then
|
|
echo "Skipping /boot/initrd* tests. Could not find /boot/initrd*"
|
|
else
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$initrd,g" "$template_xml" > "$test_xml"
|
|
testme "1" "disk in /boot without probing" "-p 0 -r -u $valid_uuid" "$test_xml"
|
|
testme "1" "disk in /boot with probing" "-p 1 -r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,/boot/initrd,g" "$template_xml" > "$test_xml"
|
|
testme "1" "-r with invalid -f with probing" "-p 1 -r -u $valid_uuid -f $bad_disk" "$test_xml"
|
|
testme "1" "-r with invalid -f without probing" "-p 0 -r -u $valid_uuid -f $bad_disk" "$test_xml"
|
|
testme "1" "-r with invalid -F with probing" "-p 1 -r -u $valid_uuid -F $bad_disk" "$test_xml"
|
|
testme "1" "-r with invalid -F without probing" "-p 0 -r -u $valid_uuid -F $bad_disk" "$test_xml"
|
|
fi
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1</disk>,g" "$template_xml" > "$test_xml"
|
|
testme "1" "-c with malformed xml" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<type arch='x86_64' machine='pc'>hvm</type>,,g" "$template_xml" > "$test_xml"
|
|
testme "1" "-c with no os.type" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<type arch='x86_64' machine='pc'>hvm</type>,<type>hvm</type>,g" "$template_xml" > "$test_xml"
|
|
testme "1" "-c with no architecture" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,hvm</type>,hvm_invalid</type>,g" "$template_xml" > "$test_xml"
|
|
testme "1" "-c with invalid hvm" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
|
|
echo "Expected pass:" >$output
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create (x86_64)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch='x86_64',arch='i686',g" "$template_xml" > "$test_xml"
|
|
testme "0" "create (i686)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch='x86_64',arch='ppc',g" "$template_xml" > "$test_xml"
|
|
testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</disk>,</disk><disk type='file' device='disk'><driver name='qemu' type='raw'/><source file='$disk2'/><target dev='hdb' bus='ide'/></disk>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###',${disk1}'/><readonly,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
if [ "$test_hostdev" = "yes" ]; then
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</disk>,</disk><hostdev mode='subsystem' type='usb'><source><address bus='002' device='004'/></source></hostdev>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create hostdev (USB)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</disk>,</disk><hostdev mode='subsystem' type='pci'><source><address bus='0x00' slot='0x19' function='0x0'/></source></hostdev>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create hostdev (PCI)" "-c -u $valid_uuid" "$test_xml"
|
|
fi
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$relative_disk1,g" "$template_xml" > "$test_xml"
|
|
testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" "$template_xml" > "$test_xml"
|
|
testme "0" "replace" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_xml" > "$test_xml"
|
|
testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
|
|
testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
|
|
testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $nonexistent" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
|
|
testme "0" "replace (appending disk)" "-r -u $valid_uuid -F $disk2" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
|
|
testme "0" "replace (appending non-existent disk)" "-r -u $valid_uuid -F $nonexistent" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<disk type='block' device='cdrom'><target dev='hdc' bus='ide'/><readonly/></disk></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "disk (empty cdrom)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='file'><source path='$tmpdir/serial.log'/><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "serial" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='pty'><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "serial (pty)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='dev'><source path='/dev/ttyS0'/><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "serial (dev)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='pipe'><source path='$tmpdir/serial.pipe'/><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
|
|
mkfifo "$tmpdir/serial.pipe.in" "$tmpdir/serial.pipe.out"
|
|
testme "0" "serial (pipe)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<console type='file'><source path='$tmpdir/console.log'/><target port='0'/></console></devices>,g" "$template_xml" > "$test_xml"
|
|
touch "$tmpdir/console.log"
|
|
testme "0" "console" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<console type='pty'><target port='0'/></console></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "console (pty)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<console type='pipe'><source path='$tmpdir/console.pipe'/><target port='0'/></console></devices>,g" "$template_xml" > "$test_xml"
|
|
mkfifo "$tmpdir/console.pipe.in" "$tmpdir/console.pipe.out"
|
|
testme "0" "console (pipe)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<parallel type='pty'><source path='/dev/pts/0'/><target port='0'/></parallel></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<parallel type='pipe'><source path='$tmpdir/parallel.pipe'/><target port='0'/></parallel></devices>,g" "$template_xml" > "$test_xml"
|
|
mkfifo "$tmpdir/parallel.pipe.in" "$tmpdir/parallel.pipe.out"
|
|
testme "0" "parallel (pipe)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<channel type='unix'><source mode='bind' path='$tmpdir/guestfwd'/><target type='guestfwd' address='10.0.2.1' port='4600'/></channel></devices>,g" "$template_xml" > "$test_xml"
|
|
touch "$tmpdir/guestfwd"
|
|
testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<channel type='pty'><target type='virtio'/></channel></devices>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "channel (pty)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>$tmpdir/kernel</kernel></os>,g" "$template_xml" > "$test_xml"
|
|
touch "$tmpdir/kernel"
|
|
testme "0" "kernel" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>$tmpdir/initrd</initrd></os>,g" "$template_xml" > "$test_xml"
|
|
touch "$tmpdir/initrd"
|
|
testme "0" "initrd" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>/boot/kernel</kernel></os>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>/boot/initrd</initrd></os>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>/vmlinuz</kernel></os>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>/initrd/ramdisk</initrd></os>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>/initrd.img</initrd></os>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<graphics*,<graphics type='sdl' display=':0.0' xauth='/home/myself/.Xauthority'/>,g" "$template_xml" > "$test_xml"
|
|
testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
testme "0" "help" "-h"
|
|
|
|
echo "" >$output
|
|
if [ "$errors" != "0" ]; then
|
|
echo "FAIL: $errors error(s)" >$output
|
|
exit 1
|
|
fi
|
|
echo PASS >$output
|