External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-03 16:42:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
88bd1a644b
libvirt/tests/virt-aa-helper-test
Serge Hallyn 88bd1a644b add security hook for permitting hugetlbfs access 
When a qemu domain is backed by huge pages, apparmor needs to grant the domain
rw access to files under the hugetlbfs mount point.  Add a hook, called in
qemu_process.c, which ends up adding the read-write access through
virt-aa-helper.  Qemu will be creating a randomly named file under the
mountpoint and unlinking it as soon as it has mmap()d it, therefore we
cannot predict the full pathname, but for the same reason it is generally
safe to provide access to $path/**.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2012-12-11 14:27:20 -07:00

330 lines
15 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# virt-aa-helper needs a working locale system. If testing this in a chroot
# system, need to make sure these are setup properly. On Debian-based systems
# this can be done with something like (as root):
# locale-gen en_US.UTF-8
set -e
test_hostdev="no"
if [ "$1" = "test_hostdev" ]; then
test_hostdev="yes"
shift
fi
output="/dev/null"
use_valgrind=""
ld_library_path="../src/.libs/"
if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
output="/dev/stdout"
shift
fi
exe="../src/virt-aa-helper"
if [ ! -z "$1" ]; then
if [ "$1" = "-v" ]; then
use_valgrind="yes"
shift
fi
if [ -n "$1" ]; then
exe="$1"
shift
fi
fi
if [ ! -x "$exe" ]; then
echo "Could not find '$exe'"
exit 1
fi
echo "testing `basename $exe`" >$output
if [ "$use_valgrind" = "yes" ]; then
exe="valgrind --error-exitcode=2 --track-origins=yes $exe"
fi
extra_args="--dryrun"
errors=0
tmpdir=`mktemp -d`
trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM
template_xml="$tmpdir/template.xml"
test_xml="$tmpdir/test.xml"
uuid="00000000-0000-0000-0000-0123456789ab"
disk1="$tmpdir/1.img"
disk2="$tmpdir/2.img"
relative_disk1="$tmpdir/./../`basename $tmpdir`//./1.img"
nonexistent="$tmpdir/nonexistant.img"
bad_disk="/etc/passwd"
valid_uuid="libvirt-$uuid"
nonexistent_uuid="libvirt-00000000-0000-0000-0000-000000000001"
cat > "$template_xml" <<EOM
<domain type='kvm'>
<name>virt-aa-helper-test</name>
<uuid>###UUID###</uuid>
<memory>524288</memory>
<currentMemory>524288</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='###DISK###'/>
<target dev='hda' bus='ide'/>
</disk>
<interface type='network'>
<mac address='52:54:00:50:4b:26'/>
<source network='default'/>
<model type='virtio'/>
</interface>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
</video>
</devices>
</domain>
EOM
touch "$disk1" "$disk2"
testme() {
expected="$1"
outstr="$2"
args="$3"
input=""
if [ -n "$4" ]; then
input="$4"
if [ ! -e "$input" ]; then
echo "FAIL: could not find $input" >$output
echo "FAIL: could not find $input"
echo " '$extra_args $args': "
errors=$(($errors + 1))
fi
fi
printf %s " $outstr: " >$output
printf %s " '$extra_args $args" >$output
if [ -n "$input" ]; then
printf %s " < $input" >$output
fi
echo "': " >$output
set +e
if [ -n "$input" ]; then
LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args < $input >$output 2>&1
else
LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args >$output 2>&1
fi
rc="$?"
set -e
if [ "$rc" = "$expected" ]; then
echo "pass" >$output
else
echo "FAIL: exited with '$rc'" >$output
echo "FAIL: exited with '$rc'"
printf %s " $outstr: "
echo " '$extra_args $args': "
errors=$(($errors + 1))
#exit $rc
fi
}
# Expected failures
echo "Expected failures:" >$output
testme "1" "invalid arg" "-z"
testme "1" "invalid case" "-A"
testme "1" "not enough args" "-c"
testme "1" "not enough args" "-p"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "1" "no -u with -c" "-c" "$test_xml"
testme "1" "bad uuid (bad digit)" "-c -u libvirt-00000000-0000-0000-0000-00000000000g" "$test_xml"
testme "1" "bad uuid (too long)" "-c -u ${valid_uuid}abcdef" "$test_xml"
testme "1" "bad uuid (too short)" "-c -u libvirt-00000000-0000-0000-0000-0123456789a" "$test_xml"
testme "1" "non-matching uuid" "-c -u libvirt-00000000-0000-0000-0000-00000000000a" "$test_xml"
testme "1" "missing uuid" "-c -u" "$test_xml"
testme "1" "no -u with -R" "-R"
testme "1" "non-existent uuid" "-R -u $nonexistent_uuid"
testme "1" "no -u with -r" "-r"
testme "1" "old '-n' option" "-c -n foo -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$bad_disk,g" "$template_xml" > "$test_xml"
testme "1" "bad disk" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$bad_disk,g" -e "s,</devices>,<disk type='file' device='disk'><driver name='qemu' type='raw'/><source file='$disk2'/><target dev='hda' bus='ide'/></disk></devices>,g" "$template_xml" > "$test_xml"
testme "1" "bad disk2" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<devices>,g" "$template_xml" > "$test_xml"
testme "1" "malformed xml" "-c -u $valid_uuid" "$test_xml"
initrd=`ls -1 /boot/initrd* | head -1`
if [ -z "$initrd" ]; then
echo "Skipping /boot/initrd* tests. Could not find /boot/initrd*"
else
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$initrd,g" "$template_xml" > "$test_xml"
testme "1" "disk in /boot without probing" "-p 0 -r -u $valid_uuid" "$test_xml"
testme "1" "disk in /boot with probing" "-p 1 -r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,/boot/initrd,g" "$template_xml" > "$test_xml"
testme "1" "-r with invalid -f with probing" "-p 1 -r -u $valid_uuid -f $bad_disk" "$test_xml"
testme "1" "-r with invalid -f without probing" "-p 0 -r -u $valid_uuid -f $bad_disk" "$test_xml"
testme "1" "-r with invalid -F with probing" "-p 1 -r -u $valid_uuid -F $bad_disk" "$test_xml"
testme "1" "-r with invalid -F without probing" "-p 0 -r -u $valid_uuid -F $bad_disk" "$test_xml"
fi
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1</disk>,g" "$template_xml" > "$test_xml"
testme "1" "-c with malformed xml" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<type arch='x86_64' machine='pc'>hvm</type>,,g" "$template_xml" > "$test_xml"
testme "1" "-c with no os.type" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<type arch='x86_64' machine='pc'>hvm</type>,<type>hvm</type>,g" "$template_xml" > "$test_xml"
testme "1" "-c with no architecture" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,hvm</type>,hvm_invalid</type>,g" "$template_xml" > "$test_xml"
testme "1" "-c with invalid hvm" "-c -u $valid_uuid" "$test_xml"
echo "Expected pass:" >$output
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "0" "create (x86_64)" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch='x86_64',arch='i686',g" "$template_xml" > "$test_xml"
testme "0" "create (i686)" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,arch='x86_64',arch='ppc',g" "$template_xml" > "$test_xml"
testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</disk>,</disk><disk type='file' device='disk'><driver name='qemu' type='raw'/><source file='$disk2'/><target dev='hdb' bus='ide'/></disk>,g" "$template_xml" > "$test_xml"
testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###',${disk1}'/><readonly,g" "$template_xml" > "$test_xml"
testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml"
if [ "$test_hostdev" = "yes" ]; then
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</disk>,</disk><hostdev mode='subsystem' type='usb'><source><address bus='002' device='004'/></source></hostdev>,g" "$template_xml" > "$test_xml"
testme "0" "create hostdev (USB)" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</disk>,</disk><hostdev mode='subsystem' type='pci'><source><address bus='0x00' slot='0x19' function='0x0'/></source></hostdev>,g" "$template_xml" > "$test_xml"
testme "0" "create hostdev (PCI)" "-c -u $valid_uuid" "$test_xml"
fi
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_xml" > "$test_xml"
testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$relative_disk1,g" "$template_xml" > "$test_xml"
testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" "$template_xml" > "$test_xml"
testme "0" "replace" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$nonexistent,g" "$template_xml" > "$test_xml"
testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $nonexistent" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "0" "replace (appending disk)" "-r -u $valid_uuid -F $disk2" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "0" "replace (appending non-existent disk)" "-r -u $valid_uuid -F $nonexistent" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<disk type='block' device='cdrom'><target dev='hdc' bus='ide'/><readonly/></disk></devices>,g" "$template_xml" > "$test_xml"
testme "0" "disk (empty cdrom)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='file'><source path='$tmpdir/serial.log'/><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
testme "0" "serial" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='pty'><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
testme "0" "serial (pty)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='dev'><source path='/dev/ttyS0'/><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
testme "0" "serial (dev)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<serial type='pipe'><source path='$tmpdir/serial.pipe'/><target port='0'/></serial></devices>,g" "$template_xml" > "$test_xml"
mkfifo "$tmpdir/serial.pipe.in" "$tmpdir/serial.pipe.out"
testme "0" "serial (pipe)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<console type='file'><source path='$tmpdir/console.log'/><target port='0'/></console></devices>,g" "$template_xml" > "$test_xml"
touch "$tmpdir/console.log"
testme "0" "console" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<console type='pty'><target port='0'/></console></devices>,g" "$template_xml" > "$test_xml"
testme "0" "console (pty)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<console type='pipe'><source path='$tmpdir/console.pipe'/><target port='0'/></console></devices>,g" "$template_xml" > "$test_xml"
mkfifo "$tmpdir/console.pipe.in" "$tmpdir/console.pipe.out"
testme "0" "console (pipe)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<parallel type='pty'><source path='/dev/pts/0'/><target port='0'/></parallel></devices>,g" "$template_xml" > "$test_xml"
testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<parallel type='pipe'><source path='$tmpdir/parallel.pipe'/><target port='0'/></parallel></devices>,g" "$template_xml" > "$test_xml"
mkfifo "$tmpdir/parallel.pipe.in" "$tmpdir/parallel.pipe.out"
testme "0" "parallel (pipe)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<channel type='unix'><source mode='bind' path='$tmpdir/guestfwd'/><target type='guestfwd' address='10.0.2.1' port='4600'/></channel></devices>,g" "$template_xml" > "$test_xml"
touch "$tmpdir/guestfwd"
testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<channel type='pty'><target type='virtio'/></channel></devices>,g" "$template_xml" > "$test_xml"
testme "0" "channel (pty)" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>$tmpdir/kernel</kernel></os>,g" "$template_xml" > "$test_xml"
touch "$tmpdir/kernel"
testme "0" "kernel" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>$tmpdir/initrd</initrd></os>,g" "$template_xml" > "$test_xml"
touch "$tmpdir/initrd"
testme "0" "initrd" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>/boot/kernel</kernel></os>,g" "$template_xml" > "$test_xml"
testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>/boot/initrd</initrd></os>,g" "$template_xml" > "$test_xml"
testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>/vmlinuz</kernel></os>,g" "$template_xml" > "$test_xml"
testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>/initrd/ramdisk</initrd></os>,g" "$template_xml" > "$test_xml"
testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>/initrd.img</initrd></os>,g" "$template_xml" > "$test_xml"
testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<graphics*,<graphics type='sdl' display=':0.0' xauth='/home/myself/.Xauthority'/>,g" "$template_xml" > "$test_xml"
testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml"
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$test_xml"
testme "0" "help" "-h"
echo "" >$output
if [ "$errors" != "0" ]; then
echo "FAIL: $errors error(s)" >$output
exit 1
fi
echo PASS >$output
Reference in New Issue View Git Blame Copy Permalink