mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 15:15:25 +00:00
bbaecd6a8f
* configure.in: look for AppArmor and devel * src/security/security_apparmor.[ch] src/security/security_driver.c src/Makefile.am: add and plug the new driver * src/security/virt-aa-helper.c: new binary which is used exclusively by the AppArmor security driver to manipulate AppArmor. * po/POTFILES.in: registers the new files * tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test: tests for virt-aa-helper and the security driver, secaatest.c is identical to seclabeltest.c except it initializes the 'apparmor' driver instead of 'selinux'
264 lines
10 KiB
Bash
264 lines
10 KiB
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
test_hostdev="no"
|
|
if [ "$1" = "test_hostdev" ]; then
|
|
test_hostdev="yes"
|
|
shift
|
|
fi
|
|
|
|
output="/dev/null"
|
|
use_valgrind=""
|
|
ld_library_path="../src/.libs/"
|
|
if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
|
|
output="/dev/stdout"
|
|
shift
|
|
fi
|
|
|
|
exe="../src/virt-aa-helper"
|
|
if [ ! -z "$1" ]; then
|
|
if [ "$1" = "-v" ]; then
|
|
use_valgrind="yes"
|
|
shift
|
|
fi
|
|
if [ -n "$1" ]; then
|
|
exe="$1"
|
|
shift
|
|
fi
|
|
fi
|
|
|
|
if [ ! -x "$exe" ]; then
|
|
echo "Could not find '$exe'"
|
|
exit 1
|
|
fi
|
|
|
|
echo "testing `basename $exe`" >$output
|
|
if [ "$use_valgrind" = "yes" ]; then
|
|
exe="valgrind --error-exitcode=2 --track-origins=yes $exe"
|
|
fi
|
|
|
|
extra_args="--dryrun"
|
|
errors=0
|
|
|
|
tmpdir=`mktemp -d`
|
|
trap "rm -rf $tmpdir" EXIT HUP INT QUIT TERM
|
|
|
|
template_xml="$tmpdir/template.xml"
|
|
test_xml="$tmpdir/test.xml"
|
|
|
|
uuid="00000000-0000-0000-0000-0123456789ab"
|
|
disk1="$tmpdir/1.img"
|
|
disk2="$tmpdir/2.img"
|
|
relative_disk1="$tmpdir/./../`basename $tmpdir`//./1.img"
|
|
nonexistent="$tmpdir/nonexistant.img"
|
|
bad_disk="/etc/passwd"
|
|
valid_uuid="libvirt-$uuid"
|
|
nonexistent_uuid="libvirt-00000000-0000-0000-0000-000000000001"
|
|
|
|
cat > "$template_xml" <<EOM
|
|
<domain type='kvm'>
|
|
<name>virt-aa-helper-test</name>
|
|
<uuid>###UUID###</uuid>
|
|
<memory>524288</memory>
|
|
<currentMemory>524288</currentMemory>
|
|
<vcpu>1</vcpu>
|
|
<os>
|
|
<type arch='x86_64' machine='pc'>hvm</type>
|
|
<boot dev='hd'/>
|
|
</os>
|
|
<features>
|
|
<acpi/>
|
|
</features>
|
|
<clock offset='utc'/>
|
|
<on_poweroff>destroy</on_poweroff>
|
|
<on_reboot>restart</on_reboot>
|
|
<on_crash>destroy</on_crash>
|
|
<devices>
|
|
<emulator>/usr/bin/kvm</emulator>
|
|
<disk type='file' device='disk'>
|
|
<source file='###DISK###'/>
|
|
<target dev='hda' bus='ide'/>
|
|
</disk>
|
|
<interface type='network'>
|
|
<mac address='52:54:00:50:4b:26'/>
|
|
<source network='default'/>
|
|
<model type='virtio'/>
|
|
</interface>
|
|
<input type='tablet' bus='usb'/>
|
|
<input type='mouse' bus='ps2'/>
|
|
<graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'/>
|
|
<video>
|
|
<model type='cirrus' vram='9216' heads='1'/>
|
|
</video>
|
|
</devices>
|
|
</domain>
|
|
EOM
|
|
|
|
touch "$disk1" "$disk2"
|
|
|
|
testme() {
|
|
expected="$1"
|
|
outstr="$2"
|
|
args="$3"
|
|
input=""
|
|
|
|
if [ -n "$4" ]; then
|
|
input="$4"
|
|
if [ ! -e "$input" ]; then
|
|
echo "FAIL: could not find $input" >$output
|
|
echo "FAIL: could not find $input"
|
|
echo " '$extra_args $args': "
|
|
errors=$(($errors + 1))
|
|
fi
|
|
fi
|
|
|
|
echo -n " $outstr: " >$output
|
|
echo -n " '$extra_args $args" >$output
|
|
if [ -n "$input" ]; then
|
|
echo -n " < $input" >$output
|
|
fi
|
|
echo "': " >$output
|
|
set +e
|
|
if [ -n "$input" ]; then
|
|
LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args < $input >$output 2>&1
|
|
else
|
|
LD_LIBRARY_PATH="$ld_library_path" $exe $extra_args $args >$output 2>&1
|
|
fi
|
|
rc="$?"
|
|
set -e
|
|
if [ "$rc" = "$expected" ]; then
|
|
echo "pass" >$output
|
|
else
|
|
echo "FAIL: exited with '$rc'" >$output
|
|
echo "FAIL: exited with '$rc'"
|
|
echo -n " $outstr: "
|
|
echo " '$extra_args $args': "
|
|
errors=$(($errors + 1))
|
|
#exit $rc
|
|
fi
|
|
}
|
|
|
|
# Expected failures
|
|
echo "Expected failures:" >$output
|
|
testme "1" "invalid arg" "-z"
|
|
testme "1" "invalid case" "-A"
|
|
testme "1" "not enough args" "-c"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" > "$test_xml"
|
|
testme "1" "no -u with -c" "-c" "$test_xml"
|
|
testme "1" "bad uuid (bad digit)" "-c -u libvirt-00000000-0000-0000-0000-00000000000g" "$test_xml"
|
|
testme "1" "bad uuid (too long)" "-c -u ${valid_uuid}abcdef" "$test_xml"
|
|
testme "1" "bad uuid (too short)" "-c -u libvirt-00000000-0000-0000-0000-0123456789a" "$test_xml"
|
|
testme "1" "non-matching uuid" "-c -u libvirt-00000000-0000-0000-0000-00000000000a" "$test_xml"
|
|
testme "1" "missing uuid" "-c -u" "$test_xml"
|
|
testme "1" "no -u with -R" "-R"
|
|
testme "1" "non-existent uuid" "-R -u $nonexistent_uuid"
|
|
testme "1" "no -u with -r" "-r"
|
|
testme "1" "old '-n' option" "-c -n foo -u $valid_uuid" "$test_xml"
|
|
testme "1" "invalid bits" "-c -b 15 -u $valid_uuid" "$test_xml"
|
|
testme "1" "invalid bits2" "-c -b a -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$bad_disk,g" > "$test_xml"
|
|
testme "1" "bad disk" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$bad_disk,g" | sed "s,</devices>,<disk type='file' device='disk'><source file='$disk2'<target dev='hda' bus='ide'/></disk></devices>,g" > "$test_xml"
|
|
testme "1" "bad disk2" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</devices>,<devices>,g" > "$test_xml"
|
|
testme "1" "malformed xml" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,/boot/initrd,g" > "$test_xml"
|
|
testme "1" "disk in /boot" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,/boot/initrd,g" > "$test_xml"
|
|
testme "1" "-r with invalid -f" "-r -u $valid_uuid -f $bad_disk" "$test_xml"
|
|
|
|
|
|
echo "Expected pass:" >$output
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" > "$test_xml"
|
|
testme "0" "create" "-c -u $valid_uuid" "$test_xml"
|
|
testme "0" "create with bits (32)" "-c -b 32 -u $valid_uuid" "$test_xml"
|
|
testme "0" "create with bits (64)" "-c -b 64 -u $valid_uuid" "$test_xml"
|
|
testme "0" "create with hvm" "-c -H hvm -u $valid_uuid" "$test_xml"
|
|
testme "0" "create with hvm and bits" "-c -H hvm --bits 32 -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</disk>,</disk><disk type='file' device='disk'><source file='$disk2'/><target dev='hdb' bus='ide'/></disk>,g" > "$test_xml"
|
|
testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###',${disk1}'/><readonly,g" > "$test_xml"
|
|
testme "0" "create (readonly)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
if [ "$test_hostdev" = "yes" ]; then
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</disk>,</disk><hostdev mode='subsystem' type='usb'><source><address bus='002' device='004'/></source></hostdev>,g" > "$test_xml"
|
|
testme "0" "create hostdev (USB)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</disk>,</disk><hostdev mode='subsystem' type='pci'><source><address bus='0x00' slot='0x00' function='0x0'/></source></hostdev>,g" > "$test_xml"
|
|
testme "0" "create hostdev (PCI)" "-c -u $valid_uuid" "$test_xml"
|
|
fi
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$nonexistent,g" > "$test_xml"
|
|
testme "0" "create (non-existent disk)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$relative_disk1,g" > "$test_xml"
|
|
testme "0" "create (relative path)" "-c -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk2,g" > "$test_xml"
|
|
testme "0" "replace" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$nonexistent,g" > "$test_xml"
|
|
testme "0" "replace (non-existent disk)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" > "$test_xml"
|
|
testme "0" "replace (adding disk)" "-r -u $valid_uuid -f $disk2" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" > "$test_xml"
|
|
testme "0" "replace (adding non-existent disk)" "-r -u $valid_uuid -f $nonexistent" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</devices>,<disk type='block' device='cdrom'><target dev='hdc' bus='ide'/><readonly/></disk></devices>,g" > "$test_xml"
|
|
testme "0" "disk (empty cdrom)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</devices>,<serial type='file'><source path='$tmpdir/serial.log'/><target port='0'/></serial></devices>,g" > "$test_xml"
|
|
testme "0" "serial" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</devices>,<serial type='pty'><target port='0'/></serial></devices>,g" > "$test_xml"
|
|
testme "0" "serial (pty)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</devices>,<console type='file'><source path='$tmpdir/console.log'/><target port='0'/></console></devices>,g" > "$test_xml"
|
|
touch "$tmpdir/console.log"
|
|
testme "0" "console" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</devices>,<console type='pty'><target port='0'/></console></devices>,g" > "$test_xml"
|
|
testme "0" "console (pty)" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<kernel>$tmpdir/kernel</kernel></os>,g" > "$test_xml"
|
|
touch "$tmpdir/kernel"
|
|
testme "0" "kernel" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<initrd>$tmpdir/initrd</initrd></os>,g" > "$test_xml"
|
|
touch "$tmpdir/initrd"
|
|
testme "0" "initrd" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<kernel>/boot/kernel</kernel></os>,g" > "$test_xml"
|
|
testme "0" "kernel in /boot" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<initrd>/boot/initrd</initrd></os>,g" > "$test_xml"
|
|
testme "0" "initrd in /boot" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<kernel>/vmlinuz</kernel></os>,g" > "$test_xml"
|
|
testme "0" "kernel is /vmlinuz" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<initrd>/initrd/ramdisk</initrd></os>,g" > "$test_xml"
|
|
testme "0" "initrd is /initrd/ramdisk" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,</os>,<initrd>/initrd.img</initrd></os>,g" > "$test_xml"
|
|
testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml"
|
|
|
|
testme "0" "help" "-h"
|
|
|
|
echo "" >$output
|
|
if [ "$errors" != "0" ]; then
|
|
echo "FAIL: $errors error(s)" >$output
|
|
exit 1
|
|
fi
|
|
echo PASS >$output
|