Re: [libvirt] [PATCH v3 2/3] check-file-access: Allow specifying action
On 07/27/2018 11:24 AM, Michal Privoznik wrote:
The check-file-access.pl script is used to match access list
generated by virtestmock against whitelisted rules stored in
file_access_whitelist.txt. So far the rules are in form:
$path: $progname: $testname
This is not sufficient because the rule does not take into
account 'action' that caused $path to appear in the list of
accessed files. After this commit the rule can be in new form:
$path: $action: $progname: $testname
where $action is one from ("open", "fopen", "access",
"stat",
"lstat", "connect"). This way the white list can be fine tuned to
allow say access() but not connect().
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tests/check-file-access.pl | 32 +++++++++++++++++++++++++++-----
tests/file_access_whitelist.txt | 15 ++++++++++-----
2 files changed, 37 insertions(+), 10 deletions(-)
I think based on the previous time through this and the explanation
provided afterwards I am comfortable with the changes. Still it would be
nice perhaps to alter the comments in file_access_whitelist.txt in order
to describe the various settings like you replied here:
https://www.redhat.com/archives/libvir-list/2018-July/msg01434.html
starting with "The idea is to have two sets of rules:" and copying
enough of that in order to provide an example in the comments so that
someone who really didn't have the desire or cycles to read the perl
script could actually write a reasonable rule.
Knowing "how" or "when" to use may be a good idea. After patch 1
there's
no longer an example in the qemuxml2argvtest output.
Consider it a weak because my perl scripting and regex knowledge isn't
the best...
Reviewed-by: John Ferlan <jferlan(a)redhat.com>
John